|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0009598||New issues||Security||public||2017-04-22 12:40||2017-05-07 02:58|
|Summary||0009598: Cannot add mobile IP address to autorized IPs to access HTTP|
|Description||Cannot add mobile IP address to autorized IPs to access HTTP. Would be nice to have a command to add IP through console instead of playing MTA on phone.|
|Tags||No tags attached.|
edited on: 2017-04-22 13:59
Adding phone serial (if such exists) since IP can be dynamic. ****
authserial [account] after http attempt, but I guess HTTP doesn't accept serials. ********
|One solution could be to have a secondary password for http access if the IP has not been authorized.|
|Would sending a temporary key to the email defined in owner_email_address be possible?|
How about a command which authorized the last ip attempted for http access.
authserial [account] http-ip
edited on: 2017-04-22 20:09
The main problem that IP changes on every phone internet turn on/off. So "authserial [account] http-ip" is not a solution. It should be something static like phone's MAC address.
Secondary password is a nice idea. But registering it might be a problem, especially if developers wanted to register accounts in their own way. In this case HTTP could send a request and checking if account has a specific account data key with hashed password. If it doesn't, permission to HTTP would be only granted if IP is authorised the old way.
|Please give an example of developers registering accounts in their own way|
Adding an event handler, which could be cancelled for failed HTTP logins would allow scripters to implement this however they want.
addEventHandler("onHttpLoginFailed", function(theCurrentAccount, isAuthorized, key)
if theCurrentAccount and isObjectInACLGroup ("user."..getAccountName(theCurrentAccount), aclGetGroup ( "Admin" ) ) then
if not isAuthorized then
if key and key == getAccountData(theCurrentAccount, "customData") then
Parameters: account theCurrentAccount, bool isAuthorized, string key
Cancelling the event would result in user logging in regardless of authorization.
This is backwards compatible with the regular way.
The following command was added for 1.5.4:
authserial <account_name> httppass
|2017-04-22 12:40||Grafu||New Issue|
|2017-04-22 13:51||Grafu||Note Added: 0025831|
|2017-04-22 13:59||Grafu||Note Edited: 0025831||View Revisions|
|2017-04-22 19:16||ccw||Note Added: 0025833|
|2017-04-22 19:17||ccw||Relationship added||has duplicate 0009599|
|2017-04-22 19:24||Drakath||Note Added: 0025834|
|2017-04-22 19:41||ccw||Note Added: 0025835|
|2017-04-22 19:56||Grafu||Note Added: 0025836|
|2017-04-22 20:09||Grafu||Note Edited: 0025836||View Revisions|
|2017-04-23 02:27||ccw||Note Added: 0025838|
|2017-04-23 08:36||Drakath||Note Added: 0025839|
|2017-05-07 02:58||ccw||Note Added: 0025914|
|2017-05-07 02:58||ccw||Status||new => resolved|
|2017-05-07 02:58||ccw||Resolution||open => fixed|
|2017-05-07 02:58||ccw||Assigned To||=> ccw|
|Copyright © 2000 - 2017 MantisBT Team|