-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix unhandled errors on maybe_user_id unwraps in authorization logic #709
Fix unhandled errors on maybe_user_id unwraps in authorization logic #709
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @mario-nt, in all these cases, the feature requires an authenticated user. It would not be possible to allow guest users to perform those actions because it's hardcoded in the feature.
For example, the image proxy works with a user quota, therefore it would not work without a user.
Instead of panicking I would return an "unauthenticated" error, even before calling the authorization service.
And maybe we should even check for invalid permissions in the casbin policy. For example, these policies should not be allowed:
guest, GetImageByUrl
guest, AddTorrent
guest, ChangePassword
In order to allow them in the future the app behaviour must be changed. For the ChangePassword action it does not make sense at all to include it in the policies unless we want to allow in the the future the "admin" to change other users' passwords, which is something I wouldn't do.
@josecelano Maybe we can still use the user_id extractor in the handler or move that logic to the service: Also we need to find a way to not allow those policies as they break the expected behavior of the app and might even lead to a security risk. Actually, right now, the authorization policy is coupled with the logic in the handlers and services, maybe we should not allow end user to modify Casbin policies directly, only certain things like users and roles, and then persist those settings into the Casbin policy. All those customization options should be constrained and decided before hand. |
1dee85c
to
4359a77
Compare
5f9ca11
to
2e4b8d6
Compare
ACK 2e4b8d6 |
There are several unwraps that lack error handling in the authorization logic when unwrapping the maybe_user_id variable, this PR fix that by handling the errors.