View Issue Details

IDProjectCategoryView StatusLast Update
0006633libeufinnexuspublic2021-05-27 10:47
ReporterMS Assigned ToFlorian Dold  
PriorityurgentSeverityminorReproducibilityhave not tried
Status assignedResolutionopen 
Target Version0.1 
Summary0006633: Not all the requests get authenticated!
DescriptionMake sure that all the requests check the Authorization-header.
TagsNo tags attached.

Activities

MS

2021-05-27 10:35

manager   ~0017911

Last edited: 2021-05-27 10:36

It seems that some Taler facade API calls do not check any authorization.

Beside that, all the "direct" EBICS operations (like /send-ini, for example) do not check the authorization neither.

MS

2021-05-27 10:47

manager   ~0017912

Errata: Taler does check for authorization, just "later" in the flow, in the context of checking the permissions over the resources being offered.

Issue History

Date Modified Username Field Change
2020-10-29 22:10 MS New Issue
2020-11-10 11:47 MS Target Version => 0.1
2021-01-14 00:27 Florian Dold Assigned To => Florian Dold
2021-01-14 00:27 Florian Dold Status new => assigned
2021-01-14 00:27 Florian Dold Priority normal => urgent
2021-05-27 10:35 MS Note Added: 0017911
2021-05-27 10:36 MS Note Edited: 0017911
2021-05-27 10:47 MS Note Added: 0017912