-
Defect
-
Resolution: Duplicate
-
Critical
-
1.3.0-M2
-
None
To reproduce:
- While logged out go to a dataset you have access to (e.g. membership of group X).
- The Gateway will stop you from getting the file and required authentication.
- after authentication takes place (I've tried with account from same gateway) The Gateways will tell you you need to be member of the dataset's group (e.g. group X), which you should be already.
Another test case:
- Login, select dataset and go to "Download Data" page (where the files are listed) from a dataset you have access to.
- copy current URL and logout.
- Try to access the URL again and, after signing in, the gateway will tell you, you need to subscribe to the corresponding group.
- Copying the URL once more will allow you to access the files.
The second example shows that there's no problem with the security itself, but probably with the redirection after being authenticated.
The gateway where I'm trying this (albedo2) has other users with the same name in the DB. So this might also be caused by it, as is at least other bug that might be relatedGTWY-2201. Though rather unlikely in my opinion.
- While logged out go to a dataset you have access to (e.g. membership of group X).
- The Gateway will stop you from getting the file and required authentication.
- after authentication takes place (I've tried with account from same gateway) The Gateways will tell you you need to be member of the dataset's group (e.g. group X), which you should be already.
Another test case:
- Login, select dataset and go to "Download Data" page (where the files are listed) from a dataset you have access to.
- copy current URL and logout.
- Try to access the URL again and, after signing in, the gateway will tell you, you need to subscribe to the corresponding group.
- Copying the URL once more will allow you to access the files.
The second example shows that there's no problem with the security itself, but probably with the redirection after being authenticated.
The gateway where I'm trying this (albedo2) has other users with the same name in the DB. So this might also be caused by it, as is at least other bug that might be related
- duplicate of
-
-
- Done
-