Feature #17487

Allow sessions for API calls

Added by Tomáš Strachota 10 months ago. Updated 10 months ago.

Assigned To:Tomáš Strachota
Target version:Team Marek Iteration 7
Difficulty: Bugzilla link:
Found in release: Pull request:https://github.com/theforeman/foreman/pull/4045
Story points-
Velocity based estimate-
Release1.14.0Release relationshipAuto


Authenticated API calls should allow creating sessions to avoid sending credentials with every request.

Related issues

Related to Hammer CLI - Feature #8016: Ability to use tokenized authentication to hammer in lieu... Closed 10/21/2014

Associated revisions

Revision 9a4ed000
Added by Tomas Strachota 10 months ago

Fixes #17487 - support sessions for api calls

- authenticated api calls save user to session and set
flag api_authenticated_session
- sessions with such flag allow posting requests without CSRF token
- api sessions exipre the same way as UI sessions
- api sessions don't store any additional data to keep the requests

This way the standard UI requests as well as API requests authenticated
with session created from UI remain protected against CSRF. At the same
time applications using API (such as hammer) can benefit from using
session authentication and avoid the need of storing two tokens
(CSRF and _session_id).


#1 Updated by Tomáš Strachota 10 months ago

  • Related to Feature #8016: Ability to use tokenized authentication to hammer in lieu of username/password in configuration file. added

#2 Updated by The Foreman Bot 10 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/4045 added

#3 Updated by Marek Hulán 10 months ago

  • Target version changed from Team Marek Iteration 6 to Team Marek Iteration 7

#4 Updated by Anonymous 10 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#5 Updated by Dominic Cleal 10 months ago

  • Release set to 1.14.0

Also available in: Atom PDF