From 3cf49d17b4ed7570bc2c3d31c9dc6b20dac6d4b1 Mon Sep 17 00:00:00 2001 From: Adrien Dupuis <61695653+adriendupuis@users.noreply.github.com> Date: Wed, 2 Oct 2024 12:09:50 +0200 Subject: [PATCH 1/7] rest_api_authentication.md: anon. user/login needed --- docs/api/rest_api/rest_api_authentication.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/api/rest_api/rest_api_authentication.md b/docs/api/rest_api/rest_api_authentication.md index e68db5fbcd..16fd339b12 100644 --- a/docs/api/rest_api/rest_api_authentication.md +++ b/docs/api/rest_api/rest_api_authentication.md @@ -18,6 +18,11 @@ For other security related subjects, see: - [Cross-origin requests](rest_responses.md#cross-origin) - [`access_control`]([[= symfony_doc =]]/security/access_control.html) +!!! caution "SiteAccess login" + + The anonymous user is used to access the ressource even if authentification with the REST server has been established. + Anonymous user must have user/login policy on the SiteAccess used by the REST domain. + ## Session-based authentication This authentication method requires a session cookie to be sent with each request. From 4269bea34c5c89c96a70283959008ee99e936e70 Mon Sep 17 00:00:00 2001 From: Adrien Dupuis <61695653+adriendupuis@users.noreply.github.com> Date: Wed, 2 Oct 2024 15:17:13 +0200 Subject: [PATCH 2/7] rest_api_authentication.md: anon. user/login needed --- docs/api/rest_api/rest_api_authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/api/rest_api/rest_api_authentication.md b/docs/api/rest_api/rest_api_authentication.md index 16fd339b12..ef74658100 100644 --- a/docs/api/rest_api/rest_api_authentication.md +++ b/docs/api/rest_api/rest_api_authentication.md @@ -21,7 +21,7 @@ For other security related subjects, see: !!! caution "SiteAccess login" The anonymous user is used to access the ressource even if authentification with the REST server has been established. - Anonymous user must have user/login policy on the SiteAccess used by the REST domain. + Anonymous user must have `user/login` policy on the SiteAccess matched by the REST domain or passed through [`X-Siteaccess` header](rest_requests.md#siteaccess). ## Session-based authentication From 22101a5558e6015b49f74d49ed92236bde0e20c7 Mon Sep 17 00:00:00 2001 From: Adrien Dupuis <61695653+adriendupuis@users.noreply.github.com> Date: Wed, 2 Oct 2024 15:59:13 +0200 Subject: [PATCH 3/7] Update docs/api/rest_api/rest_api_authentication.md --- docs/api/rest_api/rest_api_authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/api/rest_api/rest_api_authentication.md b/docs/api/rest_api/rest_api_authentication.md index ef74658100..e023afffba 100644 --- a/docs/api/rest_api/rest_api_authentication.md +++ b/docs/api/rest_api/rest_api_authentication.md @@ -20,7 +20,7 @@ For other security related subjects, see: !!! caution "SiteAccess login" - The anonymous user is used to access the ressource even if authentification with the REST server has been established. + The anonymous user is used to perform the request even if authentification with the REST server has been established to access the ressource. Anonymous user must have `user/login` policy on the SiteAccess matched by the REST domain or passed through [`X-Siteaccess` header](rest_requests.md#siteaccess). ## Session-based authentication From 05c797d354fe1b299fec4e9f3d45ee35230d4914 Mon Sep 17 00:00:00 2001 From: Adrien Dupuis <61695653+adriendupuis@users.noreply.github.com> Date: Wed, 2 Oct 2024 16:02:19 +0200 Subject: [PATCH 4/7] Update docs/api/rest_api/rest_api_authentication.md --- docs/api/rest_api/rest_api_authentication.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/api/rest_api/rest_api_authentication.md b/docs/api/rest_api/rest_api_authentication.md index e023afffba..bfae90bcf1 100644 --- a/docs/api/rest_api/rest_api_authentication.md +++ b/docs/api/rest_api/rest_api_authentication.md @@ -20,8 +20,8 @@ For other security related subjects, see: !!! caution "SiteAccess login" - The anonymous user is used to perform the request even if authentification with the REST server has been established to access the ressource. - Anonymous user must have `user/login` policy on the SiteAccess matched by the REST domain or passed through [`X-Siteaccess` header](rest_requests.md#siteaccess). + The Anonymous user is used to perform the authentification requests. + So, Anonymous user must have `user/login` policy on the SiteAccess matched by the REST domain or passed through [`X-Siteaccess` header](rest_requests.md#siteaccess). ## Session-based authentication From d8167c10ddd7053afe4fbfb9804600e9ae282d0a Mon Sep 17 00:00:00 2001 From: Adrien Dupuis <61695653+adriendupuis@users.noreply.github.com> Date: Wed, 2 Oct 2024 16:05:37 +0200 Subject: [PATCH 5/7] Update docs/api/rest_api/rest_api_authentication.md --- docs/api/rest_api/rest_api_authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/api/rest_api/rest_api_authentication.md b/docs/api/rest_api/rest_api_authentication.md index bfae90bcf1..f695762748 100644 --- a/docs/api/rest_api/rest_api_authentication.md +++ b/docs/api/rest_api/rest_api_authentication.md @@ -21,7 +21,7 @@ For other security related subjects, see: !!! caution "SiteAccess login" The Anonymous user is used to perform the authentification requests. - So, Anonymous user must have `user/login` policy on the SiteAccess matched by the REST domain or passed through [`X-Siteaccess` header](rest_requests.md#siteaccess). + Therefore, Anonymous users must have `user/login` permission on the SiteAccess that matches the REST domain or is passed through the [`X-Siteaccess` header](rest_requests.md#siteaccess). ## Session-based authentication From dad1978892afc5dd1be30b494221375426b1a57f Mon Sep 17 00:00:00 2001 From: Adrien Dupuis <61695653+adriendupuis@users.noreply.github.com> Date: Wed, 2 Oct 2024 16:06:45 +0200 Subject: [PATCH 6/7] Update docs/api/rest_api/rest_api_authentication.md --- docs/api/rest_api/rest_api_authentication.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/api/rest_api/rest_api_authentication.md b/docs/api/rest_api/rest_api_authentication.md index f695762748..8989cc5181 100644 --- a/docs/api/rest_api/rest_api_authentication.md +++ b/docs/api/rest_api/rest_api_authentication.md @@ -20,8 +20,8 @@ For other security related subjects, see: !!! caution "SiteAccess login" - The Anonymous user is used to perform the authentification requests. - Therefore, Anonymous users must have `user/login` permission on the SiteAccess that matches the REST domain or is passed through the [`X-Siteaccess` header](rest_requests.md#siteaccess). + The anonymous user is used to perform the authentification requests. + Therefore, "Anonymous" role must have `user/login` permission on the SiteAccess that matches the REST domain or is passed through the [`X-Siteaccess` header](rest_requests.md#siteaccess). ## Session-based authentication From 54d4f8957c04adf2d93c9365cb98c025c86f4dc1 Mon Sep 17 00:00:00 2001 From: Adrien Dupuis <61695653+adriendupuis@users.noreply.github.com> Date: Wed, 2 Oct 2024 16:14:20 +0200 Subject: [PATCH 7/7] Update docs/api/rest_api/rest_api_authentication.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Tomasz DÄ…browski <64841871+dabrt@users.noreply.github.com> --- docs/api/rest_api/rest_api_authentication.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/api/rest_api/rest_api_authentication.md b/docs/api/rest_api/rest_api_authentication.md index 8989cc5181..44b8f0a002 100644 --- a/docs/api/rest_api/rest_api_authentication.md +++ b/docs/api/rest_api/rest_api_authentication.md @@ -20,8 +20,8 @@ For other security related subjects, see: !!! caution "SiteAccess login" - The anonymous user is used to perform the authentification requests. - Therefore, "Anonymous" role must have `user/login` permission on the SiteAccess that matches the REST domain or is passed through the [`X-Siteaccess` header](rest_requests.md#siteaccess). + The anonymous user is used to perform authentification requests. + Therefore, the "Anonymous" role must have `user/login` permission on the SiteAccess that matches the REST domain or is passed through the [`X-Siteaccess` header](rest_requests.md#siteaccess). ## Session-based authentication