You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I admit that it's an edge case, but with the current implementation, the uniqueness of an API token can't be guaranteed.
There are two scenarios where this could be a potential problem:
The portion of the hash that's being used as the API token gets generated twice (very unlikely, but still possible)
A user modifies his user-object to have a different API-Token. In theory this is possible, if the user has some way to update user-data (since the user has a login, he has permission to change his "Member" entry).
I'll send a pull request that will fix the issue.
The text was updated successfully, but these errors were encountered:
ADD colymba#44: Implement API method to refresh token.
- Reverted to non-unique indexes on `RESTfulAPI_TokenAuthExtension` since there's an issue with MsSQL DBs.
- Implemented token refresh methods.
- Updated documentation.
- Added test for "refreshToken".
- Updated token uniqueness test.
I admit that it's an edge case, but with the current implementation, the uniqueness of an API token can't be guaranteed.
There are two scenarios where this could be a potential problem:
I'll send a pull request that will fix the issue.
The text was updated successfully, but these errors were encountered: