search

data-govt-nz / ckanext-security

A CKAN extension to hold various security improvements for CKAN
GNU Affero General Public License v3.0
25 stars 31 forks source link

Fix auth implementation to return super result #59

Closed markstuart closed 1 year ago

markstuart commented 1 year ago

Base CKAN authenticate function used to return a username, but was changed in 2.9.6 to return a comma separated "user_id,1"

We should not have been assuming the return value of the super.authenticate, we now return the super value after doing our throttle and totp checks.

ThrawnCA commented 1 year ago

So, the critical change is line 112, and the rest is just renaming to make it clearer?

markstuart commented 1 year ago

So, the critical change is line 112, and the rest is just renaming to make it clearer?

Both changes are critical, please see comments inline. Also, Merry Christmas :santa: