Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP services return all servcies when CSP is wrong in the user metadata #2214

Open
2 tasks
swaroopar opened this issue Dec 14, 2024 · 1 comment
Open
2 tasks

CSP services return all servcies when CSP is wrong in the user metadata #2214

swaroopar opened this issue Dec 14, 2024 · 1 comment
Labels
Accepted Issues that have been accepted and planned bug Something isn't working
Milestone
Sprint 122024_2

Comments

@swaroopar
Copy link
Contributor

swaroopar commented Dec 14, 2024
edited
Loading

The userHelper returns null when it cannot extract CSP from the user's metadata received from oauth provider. In this case, we are simply passing null to DB queries which then returns data of all CSP data.

xpanse/modules/security/src/main/java/org/eclipse/xpanse/modules/security/UserServiceHelper.java

Line 140 in 2a99017

return null;

  • If auth is enabled and CSP is null, return 403
  • This is correctly implemented in reviewServiceTemplateRequest. But please check if the the validation works only if the auth is enabled.
@swaroopar swaroopar added bug Something isn't working Accepted Issues that have been accepted and planned labels Dec 14, 2024
@swaroopar swaroopar added this to the Sprint 122024_2 milestone Dec 14, 2024
@Alice1319
Copy link
Contributor

I'll fix it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Accepted Issues that have been accepted and planned bug Something isn't working
Projects
xpanse
Status: No status
Milestone
Sprint 122024_2
Development

No branches or pull requests
2 participants
@Alice1319 @swaroopar