Allow anonymous access to the filelist of a transfer#2165
Merged
monkeyiq merged 1 commit intofilesender:development3from Mar 25, 2025
Merged
Allow anonymous access to the filelist of a transfer#2165monkeyiq merged 1 commit intofilesender:development3from
monkeyiq merged 1 commit intofilesender:development3from
Conversation
|
If there are selenium UI results for this code they will be at filesenderuici@5471e04 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In line with the remarks in #1555 and as a followup of #1569 this removes the need for users to be authenticated to access the filelist.
Use case: An authenticated user, for example a researcher, creates a transfer and allows anonymous download by sharing the download link to his newest paper on his blog.
Why the change:
Any anonymous user that is intended to download a transfer because he is the bearer of the needed token can now obtain details about the filelist, so further download of files via the REST API is possible.
Because an anonymous user can only authenticate themselves by the token, the need to be authenticated to FileSender in addition to presenting the token is odd.
As an alternative, we could make this a configurable, but I'm unsure if anyone would even be able to meet the requirements via the API to download the filelist then.