support user activity logging in safe authtoken generation
Bug #1240119 reported by
Bill Erickson
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Fix Released
|
Medium
|
Unassigned | ||
2.6 |
Won't Fix
|
Medium
|
Unassigned | ||
2.7 |
Fix Released
|
Medium
|
Unassigned | ||
2.8 |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The safe authtoken generator, which is used for some 3rd-party services for verifying user accounts and (to date) accessing home library information does not currently log safe token access to the patron activity log.
Here is a patch to remedy that:
In short, we store the user ID in the cache during safe token generation and later reference that ID in the safe token verification call to log a patron authentication "verify" action. Additionally, the verify call now accepts an optional user activity "who" string to specify the 3rd-party making the request.
Changed in evergreen: | |
milestone: | 2.5.0-rc → 2.5.1 |
Changed in evergreen: | |
milestone: | 2.5.1 → 2.5.2 |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in evergreen: | |
milestone: | 2.5.2 → 2.6.0-alpha1 |
Changed in evergreen: | |
milestone: | 2.6.0-alpha1 → 2.6.0-beta1 |
Changed in evergreen: | |
milestone: | 2.6.0-beta1 → 2.6.0-rc1 |
Changed in evergreen: | |
milestone: | 2.6.0-rc1 → 2.next |
Changed in evergreen: | |
assignee: | nobody → Josh Stompro (u-launchpad-stompro-org) |
Changed in evergreen: | |
milestone: | 2.8.1 → 2.8.3 |
Changed in evergreen: | |
status: | Triaged → Fix Committed |
Changed in evergreen: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Marking incomplete and removing pullrequest while this gets resubmitted with proper author signoff.