Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SO search with search scope results in 403 Forbidden #1475

Closed
oskogstad opened this issue Nov 15, 2024 · 3 comments
Closed

SO search with search scope results in 403 Forbidden #1475

oskogstad opened this issue Nov 15, 2024 · 3 comments
Assignees
@oskogstad @LeifHelstad
Labels
bug Something isn't working

Comments

@oskogstad
Copy link
Collaborator

Description

Using only the search scope, digdir:dialogporten.serviceprovider.search, on GET /api/v1/serviceowner/dialogs/ results in 403 Forbidden
This is caused by a bad scope check in ClaimsPrincipalExtensions.GetUserType, it only checks for digdir:dialogporten.serviceprovider

Expected behavior

200 OK

Actual behavior

403 Forbidden
@oskogstad oskogstad added the bug Something isn't working label Nov 15, 2024
@oskogstad oskogstad moved this to Code Review og PR in Dialogporten / Arbeidsflate Nov 15, 2024
@oskogstad oskogstad self-assigned this Nov 15, 2024
@oskogstad oskogstad mentioned this issue Nov 15, 2024
Merged
4 tasks
@oskogstad
Copy link
Collaborator Author

Ref. Slack discussion, changing this to require base scope on search.

oskogstad added a commit that referenced this issue Nov 19, 2024
@oskogstad
fix(webapi): Require base service provider scope on search endpoint (#…
8c41f3d 
…1476)

<!--- Provide a general summary of your changes in the Title above -->

## Description

<!--- Describe your changes in detail -->

## Related Issue(s)

- #1475 

## Verification

- [x] **Your** code builds clean without any errors or warnings
- [x] Manual testing done (required)
- [ ] Relevant automated test added (if you find this hard, leave it and
we'll help out)

## Documentation

- [ ] Documentation is updated (either in `docs`-directory, Altinnpedia
or a separate linked PR in
[altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if
applicable)


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Enhanced authorization logic for the `ServiceProviderSearch` policy,
improving specificity and security.
- **Bug Fixes**
- Refined error handling during initialization to ensure valid settings
are used.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
@LeifHelstad
Copy link

Her må jeg ha litt rettleding med tanke på setting av scope. Forstår vi skal ut i JWT landskapet (eller noe i den dur). Setter "Under test" og tar testing i løpet av kommende uke,

@LeifHelstad
Copy link

Har avklart med Ole Jørgen at denne ikke lenger er testbar på samme måte som #1491 opphørte å være testbar.
Det er i dagens kode-versjon i test ingen kjente måter for å oppnå feiltilstanden som skal gi denne feilmeldingen.
Det er derfor diskutert om det gir mening å ha en feilhåndtering av en feil som ikke kan oppstå.
Argumentet for å beholde det ny-implementerte "sikkerhetsnettet" er at det utilsiktet ved endringer kan åpnes for at feilen er mulig å trigge.

Er i utgangspunktet usikker på om Teststatus bør være NA eller Passed her. Basert på diskusjon og eksemplifisering så kan man si at denne er verifisert ved inspeksjon. Derfor settes Passed.

@LeifHelstad LeifHelstad self-assigned this Nov 27, 2024
@elsand elsand closed this as completed Nov 29, 2024
@github-project-automation github-project-automation bot moved this from Testing / Design QA to Done in Dialogporten / Arbeidsflate Nov 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@oskogstad oskogstad

@LeifHelstad LeifHelstad

Labels
bug Something isn't working
Projects
Dialogporten / Arbeidsflate
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@elsand @oskogstad @LeifHelstad