Task #4242
closedHawat: Merge reports/view and reports/unauth views
100%
Description
The idea behind reports/unauth view was to enable access to report data even to unauthenticated users, so that they can be easily shared. The hash for unauthenticated access serves as a password, but it is contained within the email in clear text form. Another identifier is report label, which also contains random part. Since both of these identifiers are sent in clear text form and contain random parts, it might be better so simplify things and use just label for accessing the reports and hide anything sensitive or inaccessible until login.
Related issues
Updated by Jan Mach over 6 years ago
- Related to Bug #4240: When accessing report in unauthenticated mode it is not possible to load report JSON data file in Data tab added
Updated by Jan Mach about 6 years ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
I have not merged the views, because it turned out to be wrong idea. I have however removed the handle attribute from the report model, because the report label contains random component and can be used as secret access token instead. This patch sadly introduces BC break, because old access tokens stored within the mailed reports will no longer work. I think, that this should not cause much problems, because users prefer to use the authenticated approach.
I have deployed the code to mentat-alt for testing over the weekend.
Updated by Jan Mach about 6 years ago
- Status changed from Feedback to Closed
Current solution accepted.