This project is read-only.

Access Key verification doesn't appear to work

Nov 24, 2010 at 2:31 AM

I tried setting AuthenticatePackageRequests to true and it broken package contribution.  Debugging it, the problem seems to be that the package id is not yet registered to the user (which it wouldn't be since I'm just uploading it).

Specifically, in Orchard.Gallery.Impl.UserkeyPackageService.KeyCanAccessPackage:

        public bool KeyCanAccessPackage(string packageId, string accessKey) {
            Userkey userkey = _userkeyRepository.Get(u => u.AccessKey == new Guid(accessKey));
            if (userkey == null) {
                return false;
            return _userkeyPackageRepository.Fetch(up => up.PackageId == packageId && up.UserkeyId == userkey.Id).Any();

So it expects that the package id is already registered to that user, even though nothing registered it.  Or something like that?

Nov 24, 2010 at 2:37 AM

Looking at UploadPackageController.CreatePackage, I see that it has code to register the package Id to the user, but that code comes *after* the code that checks for it, so I'm confused :)