Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-4265

API key is not checked when authenticating for API access in standalone

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Critical
          • Resolution: Fixed/Completed
          • Affects Version/s: 2.2.0
          • Fix Version/s: 2.2.8
          • Component/s: CiviCRM API, Standalone CiviCRM
          • Labels:
            None

            Description

            When a user in a standalone installation has any value in their api_key field, all API authentication attempts will succeed with that username (OpenID). You can pass any value for the API key and it will let you in.

            Instead it should check that the "pass" argument contains the correct API key for that user. This is different from how this works for other UFs.

              Attachments

                Activity

                  People

                  • Assignee:
                    cap10morgan Wes Morgan
                    Reporter:
                    cap10morgan Wes Morgan
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: