Closed mamartel closed 7 years ago
Hi @mamartel,
It's should be fixed on master.
I'll update all DSM packages version and release a new version soon.
Thanks again for your investigation.
Hi @mamartel, i just released 2.1.0
version on NPM.
This issue should be fixed.
Regards,
The following applies to DSM 6.0.2-8451 Update 4, I don't have any other versions to test.
The authentication API returns
{"error":{"code":402},"success":false}
for non-administrator accounts.To authenticate a non-administrator account, the
session
parameter must be set to the desired application's name. However, I can log with one application, then use another one without having to reauthenticate. Even better, I can log with an application for which I don't have permission, then use an application for which I do.For example, even if the user is explicitely denied access to AudioStation, I can log with
/webapi/auth.cgi?api=SYNO.API.Auth&version=3&method=login&account=user&passwd=password&session=AudioStation
Then list the files in my home folder:
syno.fs.list({'folder_path':'/home'}, callback);
But trying use AudioStation's API, which I don't have access to, gets you a
Error 115: The logged in session does not have permission
.Possible fix
For now, I changed
session = 'SYNO_SESSION_' + Date.now()
tosession = 'FileStation'
inAuth.login
since the FileStation application can't seems to be turned off or removed (easily).Not pretty but seems to be the simplest solution.