Allow SOAP endpoint to authenticate via session (!182) · Merge requests · services / t3o sites / extensions.typo3.org / extensions.typo3.org

Helmut Hummel requested to merge cookie-login into develop Sep 06, 2017

Since we call the SOAP endpoint for certain actions of an authenticated user on extensions.typo3.org (like registering ext keys) and we do not know the password at this point any more, we now include the session id in the SOAP request, so that TYPO3 will login this user before the SOAP endpoint is triggered.

In the endpoint, we can then just check if a user is already logged in and whether the username given matches the username of the logged in user.

Allow SOAP endpoint to authenticate via session

Merge request reports