Public key expiration date is current date for service access tokens
Bug #1744351 reported by
Alex Buckley
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Low
|
Unassigned |
Bug Description
In the 'Manage service users' area of the Mahara administration when you generate a new token, the public key of the token has an expiration date of the current date/time making the token un-usable.
This bug was replicated in a remote and locally installed instance of Mahara.
When I tried to perform curl commands using this token I was redirected to the Mahara login page, showing the token was not valid.
To replicate:
1. Login to Mahara and go to Administration->Web services-
2. Input a username and generate the token
3. Notice the expiration date of the public key is the current date/time of the server that the instance is running on
summary: |
- Public key expiration date is current date for service access tokens is - current date + Public key expiration date is current date for service access tokens |
description: | updated |
description: | updated |
description: | updated |
tags: | added: usermanualupdate |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
The fields:
"Enable web services security (XML-RPC Only)"
"Public key"
"Public key expires"
All go together - if you've not enabled the XML-RPC Only switch the other fields are ignored.
If you paste in a public key then the expires field shows the true expiry of the key - but still isn't used if XML-RPC Only switch is off