Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
2011.10, 4.6.0
-
None
Description
1. file auth_configuration.php, method filter(): the code builds an auth filter and checks that it is of type ezpRestAuthenticationStyle.
But that class is a pretty empty abstract class, that does not guarantee any interface to be there.
I guess the correct check is for interface ezpRestAuthenticationStyleInterface, which contains the methods setup() and authenticate()
2. the ezpRestAuthenticationStyleInterface::setup() method does not get passed the current routing info, only the request. This makes it impossible (or very hard?) for an auth filter to check the class of the controller in use - i.e. to make an auth filter that applies different auth schemes for different rest providers