Project

General

Profile

Bug #6899

Send auth token with Solr queries

Added by Lauren Walker over 5 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
High
Assignee:
Target version:
Start date:
12/08/2015
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:

Description

So that private data shows up in search results

History

#1 Updated by ben leinfelder over 5 years ago

I think it's probably fine to send the auth token with query requests, but I'm a little concerned that the browser session isn't providing access to private content. After all, that's how we are able to retrieve an auth token from the portal following authentication as it is. Perhaps something changed with all the proxying that happens through the search server apache config on to the cn solr index. Could we look into this together to make sure we're not adding a band aid to something that needs sutures?

#2 Updated by Lauren Walker over 5 years ago

Yep, let's discuss this

#3 Updated by Lauren Walker over 5 years ago

The token is now being sent with queries - but a bug in d1_solr_extensions needs to be ironed out and slated for d1 2.0.1 before I can test that it's all working with the UI.

#4 Updated by Lauren Walker over 5 years ago

  • Status changed from New to Resolved

Auth tokens are sent in the request header of almost all requests sent by MetacatUI now. The exceptions are requests sent to third-party services such as Bioportal and ORCID, and Metacat services like the online metadata registry. The app will need to send the initial DataCatalog or Metadata View search twice since it first will send before the token is retrieved, and then again once the token is retrieved and the user model is configured as logged-in.

Also available in: Atom PDF