Skip to content

fix: Ensure that numtracker headers are not re-used#1202

Merged
tpoliaw merged 2 commits intomainfrom
clear_credentials
Sep 15, 2025
Merged

fix: Ensure that numtracker headers are not re-used#1202
tpoliaw merged 2 commits intomainfrom
clear_credentials

Conversation

@tpoliaw
Copy link
Contributor

@tpoliaw tpoliaw commented Sep 12, 2025

If the headers are only set when they are present but not cleared at the
end of a plan (or when they're absent), a request with no headers
following a request with headers will re-use the previous users
credentials allowing unauthenticated access to running plans.

Setting the headers to an empty map if none are present helps ensure
tokens cannot be used by other users.

Fixes: #1201

@tpoliaw
Ensure that numtracker headers are not re-used
07697ab 
If the headers are only set when they are present but not cleared at the
end of a plan (or when they're absent), a request with no headers
following a request with headers will re-use the previous users
credentials allowing unauthenticated access to running plans.

Setting the headers to an empty map if none are present helps ensure
tokens cannot be used by other users.
@tpoliaw tpoliaw requested a review from a team as a code owner September 12, 2025 11:26
@codecov
Copy link

codecov bot commented Sep 12, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.58%. Comparing base (0760be5) to head (c69f9ce).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1202      +/-   ##
==========================================
- Coverage   94.59%   94.58%   -0.01%     
==========================================
  Files          41       41              
  Lines        2588     2587       -1     
==========================================
- Hits         2448     2447       -1     
  Misses        140      140

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@tpoliaw tpoliaw requested a review from abbiemery September 12, 2025 13:04
abbiemery
abbiemery approved these changes Sep 15, 2025
View reviewed changes
Copy link
Contributor

@abbiemery abbiemery left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@tpoliaw tpoliaw changed the title Ensure that numtracker headers are not re-used fix: Ensure that numtracker headers are not re-used Sep 15, 2025
@tpoliaw tpoliaw merged commit b356195 into main Sep 15, 2025
19 of 20 checks passed
@tpoliaw tpoliaw deleted the clear_credentials branch September 15, 2025 13:12
@DiamondJoseph DiamondJoseph mentioned this pull request Nov 20, 2025
Merged
DiamondJoseph added a commit that referenced this pull request Dec 9, 2025
@DiamondJoseph @tpoliaw
fix: Pass authn context into TiledWriter context (#1280)
ec820af 
Closes [ACQP-474](https://jira.diamond.ac.uk/browse/ACQP-474),
[ACQP-475](https://jira.diamond.ac.uk/browse/ACQP-475) by passing
authentication information into the TiledWriter, to allow writing to a
Tiled that uses proxy OIDC authentication.


Also refactors handling of #1201/#1202

Introduces #1296 which can be revisited once the Tiled authz changes
have gone in.

---------

Co-authored-by: Peter Holloway <peter.holloway@diamond.ac.uk>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abbiemery abbiemery abbiemery approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Tasks can be submitted without authorization

2 participants

@tpoliaw @abbiemery