Closed kytrinyx closed 11 years ago
I expect the POST /sessions?identity_id=<some-id>&session=<a-god-session> to do the following:
POST /sessions?identity_id=<some-id>&session=<a-god-session>
This is what is happening:
./bin/checkpoint session create -r apdm -s zeus -g
curl -XGET "http://checkpoint.dev/api/checkpoint/v1/identities/me?session=zeus"
{"identity":{"id":2801155,"god":true,"created_at":"2012-12-11T09:15:43+01:00","realm":"apdm","provisional":true,"fingerprints":[]},"accounts":[]}
./bin/checkpoint session create -r apdm -s odysseus
curl -XGET "http://checkpoint.dev/api/checkpoint/v1/identities/me?session=odysseus"
{"identity":{"id":2801156,"god":false,"created_at":"2012-12-11T09:20:12+01:00","realm":"apdm","provisional":true,"fingerprints":[]},"accounts":[]}
So to create a new user session for our user:
curl -XPOST "http://checkpoint.dev/api/checkpoint/v1/sessions?identity_id=2801156&session=zeus"
{"session":{"identity_id":2801156,"id":"zeus"}}
Notice that we have the user identity with the god session. I would have expected a completely new, randomly generated session.
Now what do we know about our god:
The god session has been given to the non-god user.
He still has his old session, too.
It's not open until it's in master.
I expect the
POST /sessions?identity_id=<some-id>&session=<a-god-session>
to do the following:This is what is happening:
./bin/checkpoint session create -r apdm -s zeus -g
curl -XGET "http://checkpoint.dev/api/checkpoint/v1/identities/me?session=zeus"
./bin/checkpoint session create -r apdm -s odysseus
curl -XGET "http://checkpoint.dev/api/checkpoint/v1/identities/me?session=odysseus"
So to create a new user session for our user:
curl -XPOST "http://checkpoint.dev/api/checkpoint/v1/sessions?identity_id=2801156&session=zeus"
Notice that we have the user identity with the god session. I would have expected a completely new, randomly generated session.
Now what do we know about our god:
curl -XGET "http://checkpoint.dev/api/checkpoint/v1/identities/me?session=zeus"
The god session has been given to the non-god user.
He still has his old session, too.
curl -XGET "http://checkpoint.dev/api/checkpoint/v1/identities/me?session=odysseus"