Evergreen

support user activity logging in safe authtoken generation

Bug #1240119 reported by Bill Erickson
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Evergreen
Fix Released
Medium
Unassigned
Evergreen 2.9-beta
2.6
Won't Fix
Medium
Unassigned
2.7
Fix Released
Medium
Unassigned
Evergreen 2.7.7
2.8
Fix Released
Undecided
Unassigned
Evergreen 2.8.3

Bug Description

The safe authtoken generator, which is used for some 3rd-party services for verifying user accounts and (to date) accessing home library information does not currently log safe token access to the patron activity log.

Here is a patch to remedy that:

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/berick/safe-auth-activity-logging

In short, we store the user ID in the cache during safe token generation and later reference that ID in the safe token verification call to log a patron authentication "verify" action. Additionally, the verify call now accepts an optional user activity "who" string to specify the 3rd-party making the request.

Dan Wells (dbw2)
Changed in evergreen:
milestone: 2.5.0-rc → 2.5.1
Ben Shum (bshum)
Changed in evergreen:
milestone: 2.5.1 → 2.5.2
status: New → Triaged
importance: Undecided → Medium
Dan Wells (dbw2)
Changed in evergreen:
milestone: 2.5.2 → 2.6.0-alpha1
Dan Wells (dbw2)
Changed in evergreen:
milestone: 2.6.0-alpha1 → 2.6.0-beta1
Dan Wells (dbw2)
Changed in evergreen:
milestone: 2.6.0-beta1 → 2.6.0-rc1
Evergreen Bug Maintenance (bugmaster)
Changed in evergreen:
milestone: 2.6.0-rc1 → 2.next
Revision history for this message
Ben Shum (bshum) wrote :

Marking incomplete and removing pullrequest while this gets resubmitted with proper author signoff.

tags: removed: pullrequest
Changed in evergreen:
status: Triaged → Incomplete
assignee: nobody → Bill Erickson (berick)
Revision history for this message
Bill Erickson (berick) wrote :

Rebased and pushed with sign-off:

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/berick/lp1240119-safe-auth-act-logging

Changed in evergreen:
assignee: Bill Erickson (berick) → nobody
status: Incomplete → Confirmed
status: Confirmed → Triaged
tags: added: pullrequest
Changed in evergreen:
milestone: 2.next → 2.8.1
Josh Stompro (u-launchpad-stompro-org)
Changed in evergreen:
assignee: nobody → Josh Stompro (u-launchpad-stompro-org)
Revision history for this message
Josh Stompro (u-launchpad-stompro-org) wrote :

Should the API signature make note of the new optional param for this feature. Or is that only for required parameters?

Like:
@param safe_token Active safe token
@param who Optional user identifier string for logging.

Otherwise I tested this and it works just as described. I included a file with output from running through a session in srfsh and the logging output that shows the "who" param.

I have tested this code and consent to signing off on it with my
name,Josh Stompro and email address, <email address hidden>.

Josh

Changed in evergreen:
assignee: Josh Stompro (u-launchpad-stompro-org) → nobody
tags: added: signedoff
Evergreen Bug Maintenance (bugmaster)
Changed in evergreen:
milestone: 2.8.1 → 2.8.3
Revision history for this message
Bill Erickson (berick) wrote :

Rebased to current master. Added API comment about the new parameter. Added Josh's sign-off. (Thanks, Josh!). Squashed it back down to a nice tidy commit.

Changed in evergreen:
milestone: 2.8.3 → 2.9-beta
Revision history for this message
Bill Erickson (berick) wrote :

Pushed live test.

Jason Stephenson (jstephenson)
Changed in evergreen:
status: Triaged → Fix Committed
Revision history for this message
Jason Stephenson (jstephenson) wrote :

Thanks, everyone! Pushed to master, rel_2_8, and rel_2_7.

Evergreen Bug Maintenance (bugmaster)
Changed in evergreen:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.