Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix unhandled errors on maybe_user_id unwraps in authorization logic #709

Merged
merged 4 commits into from
Aug 13, 2024
Merged

Fix unhandled errors on maybe_user_id unwraps in authorization logic #709

merged 4 commits into from
Aug 13, 2024

Conversation

mario-nt
Copy link
Contributor

@mario-nt mario-nt commented Aug 8, 2024

There are several unwraps that lack error handling in the authorization logic when unwrapping the maybe_user_id variable, this PR fix that by handling the errors.

@mario-nt mario-nt marked this pull request as ready for review August 8, 2024 16:42
josecelano
josecelano requested changes Aug 9, 2024
View reviewed changes
Copy link
Member

@josecelano josecelano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @mario-nt, in all these cases, the feature requires an authenticated user. It would not be possible to allow guest users to perform those actions because it's hardcoded in the feature.

For example, the image proxy works with a user quota, therefore it would not work without a user.

Instead of panicking I would return an "unauthenticated" error, even before calling the authorization service.

And maybe we should even check for invalid permissions in the casbin policy. For example, these policies should not be allowed:

guest, GetImageByUrl
guest, AddTorrent
guest, ChangePassword

In order to allow them in the future the app behaviour must be changed. For the ChangePassword action it does not make sense at all to include it in the policies unless we want to allow in the the future the "admin" to change other users' passwords, which is something I wouldn't do.

@mario-nt
Copy link
Contributor Author

mario-nt commented Aug 9, 2024

@josecelano Maybe we can still use the user_id extractor in the handler or move that logic to the service:

Also we need to find a way to not allow those policies as they break the expected behavior of the app and might even lead to a security risk.

Actually, right now, the authorization policy is coupled with the logic in the handlers and services, maybe we should not allow end user to modify Casbin policies directly, only certain things like users and roles, and then persist those settings into the Casbin policy. All those customization options should be constrained and decided before hand.

@mario-nt mario-nt force-pushed the fix-unhandled-error-on-maybe-user-id-unwraps branch from 1dee85c to 4359a77 Compare August 12, 2024 20:59
josecelano
josecelano requested changes Aug 13, 2024
View reviewed changes
src/services/proxy.rs Show resolved Hide resolved
@josecelano josecelano self-requested a review August 13, 2024 14:24
@josecelano josecelano added the Needs Rebase Base Branch has Incompatibilities label Aug 13, 2024
@josecelano josecelano added this to the v3.0.0 milestone Aug 13, 2024
@mario-nt mario-nt force-pushed the fix-unhandled-error-on-maybe-user-id-unwraps branch from 5f9ca11 to 2e4b8d6 Compare August 13, 2024 14:37
@josecelano josecelano removed the Needs Rebase Base Branch has Incompatibilities label Aug 13, 2024
@josecelano
Copy link
Member

ACK 2e4b8d6

@josecelano josecelano merged commit 146cd54 into torrust:develop Aug 13, 2024
11 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josecelano josecelano josecelano approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3.0.0
Development

Successfully merging this pull request may close these issues.
2 participants
@mario-nt @josecelano