Bug #18676
Updated by Ward Vandewege over 2 years ago
As per the configuration reference:
<pre>
# Set AnonymousUserToken to enable anonymous user access. Populate this
# field with a long random string. Then run "bundle exec
# ./script/get_anonymous_user_token.rb" in the directory where your API
# server is running to record the token in the database.
AnonymousUserToken: ""
</pre>
The salt-based installer does not run that ruby script, which means the anonymous user token is unusable.
Observed on 2.3-release.
It would be nice to do away with the need to run this script to make the anonymous token work.
Tom suggests: I suspect we could handle the anonymous token the same way we handle system root token, in app/models/api_client_authorization.rb -> check_system_root_token ... no db record or rake task needed. It would change the semantics a bit (changing the config would invalidate the old token, if you wanted multiple anon tokens you'd need to create real db records) which I think would be an improvement.
TODO:
* make the rails adjustment as Tom suggested
* update documentation
* remove script/get_anonymous_user_token.rb and any remaining references to it