Closed whc2001 closed 2 weeks ago
I dont think there is an easy fix for this, as we need the session, and the symfony authentication mechanism resets the session every time when a new authentication occurs. (And sending an API request with the API token is such a authentication).
But I am not really sure if that it is really a problem. If you want to try out the API endpoints using the web ui, you do not need the API token authentications. They will respond just fine, even without the token set, as they use your existing authentication.
And in API applications, where you need the API token for authentication, you have a seperate session context, where using the API token authentication is not affecting the WebUI in the browser.
Ahh sorry and nevermind, seems like it's the interactive documentation causing the problem. I have tried again with curl
and seems like the problem went away.
Describe the bug When using the WebUI and the API token from the same user at the same time, the request with API token will invalidate the WebUI's current login state.
To Reproduce Steps to reproduce the behavior:
/api/parts
)Access denied! Please log in to continue.
Expected behavior WebUI and API token access should be simultaneous without mutual exclusion.
Screenshots![image](https://github.com/Part-DB/Part-DB-server/assets/16266909/840eec84-915d-499f-bd02-22ef9564550c)
Server Side
Desktop (please complete the following information):
Additional context This could be circumvented by creating another user, create an API token there then set an unreasonably long password so that it's basically unloginable manually (
User disabled (no login possible)
cannot be used since it will also disable API token access). However I still think this might be a bug.