Category: Token Access
Show subcategories objects| Name | Type |
|---|---|
| Share doesn't include the token unless subscribe notification is checked | tracker item |
|
PDF do not work when exporting restricted pages
When a page is restricted by permissions, this page cannot be exported to pdf using the pdf icon. The result is a pdf that contains the message "You do not have the permission to view that page....". The reason for that is that the pdf export contains NO mechanism to pass the authentication of the logged-in user to the pdf tool. So the pdf tool (i.e. wkhtml2pdf) calls the page in question as an un-authenticated user. Update: Main issue fixed. Restricted pages require token authentication enabled to be exported to pdf. Feature: "auth_token_access". Note: If the page acts as a template for tracker input - access is still debied. This might be an issue with the "auth_token_access" feature itself and should be a new bug report bc it might effect other areas as well. |
tracker item |
|
Severe problems to log into d.t.o
Hi, in the past couple of days I had severe problems to log in to d.t.o. First, it kept complaining that cookie consent would be required. I have always had d.t.o. in my list of execeptions. Therefore I entirely disabled the "improved activity tracking block" of my Firefox ( 84.0.2 running on Linux Mint 18.3. ), but it kept complaining. After filing a note on tiki.org (where I could log in with no problems at all), and several days with no replies, I tried d.t.o. again. Then it complained about a mismatch of the security token with that on the server, with the remark "reloading might help". It did not. Not immediately. Upon the third reload, with a cache clear and a restart of Firefox, it finally worked... |
tracker item |
|
Share access rights when using Share or Tell a friend fails in both cases with SEFURL enabled
I recall this working in 6.x or so, so "tagged as regression". Using (12.1svn): Abril 4, 2014. r50665 Sharing acccess rights, with token access, seems to be failing. When using "Tell a firend" for a wiki page, as user with tiki_p_admin, there is a checkboxa message sending time, and the link in the email received by the destination emial contains a TOKEN hash inside. However, once clicked in that link in a browser as anonymous, the user see the message "L'accés a aquesta pàgina està acabat" (the access to this page is over). When using Share, as user with tiki_p_admin to share a wiki page, I see the dropdown to indicate how many times to share access rights with that email. I shared for 3 accesses (the mas allowed in the admin panel, and thus, in the dropdown, also). The eamil that receives a message comes with a token hash inside, but still gets the message "L'accés a aquesta pàgina està acabat" (the access to this page is over). --- u: admin p: 12345 Homepage restricted to registered users. When SEFURL is off, sharing access rights with friends seemed to work as expected. http://xavi-9794-5225.show.tikiwiki.org/tiki-index.php?page=Community+Members+HomePage --- IT seems the bug was not solved in trunk by then (15.x currently), and a new fix was added by jonnyb in r58322. {sign user="xavidp" datetime="2016-04-14T12:54:16+00:00"} --- Fix unconfirmed for me {sign user="xavi" datetime="2016-04-18T11:41:19+00:00"} in localhost with a snapshot of this site upgradeed to 15.x (rewrite rules do not work in show.t.o so SEF cannot be tested there). When attempting to view the site as anon. with the url (which includes the token param name and value), I get: {QUOTE()} Your access to this page has expired {QUOTE} Update June 22, 2016: This issue seems to happen still when any param is added to the url (page_ref_id=nnn - from structures, or fullscreen=y to prevent disclosing information from the side modules that the user has access to, besides the content that would like to be shown frmo the central column). {sign user="xavi" datetime="2016-06-23T07:32:05+00:00"} |
tracker item |
In 12.x it works as expected, as far as this issue is concerned.
To reproduce, come here as admin:
http://xavi-9794-5631.show.tikiwiki.org/tiki-share.php?ur
u: admin
p: 12345
and share that page to your email.
Logout as admin, and visit the url in the email you received.
You should be able to see the homepage as if you were the admin (even if hte page is not viewable for anons).
But you can't due to some bug.