Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-auth): add warn to check if server can't set authenticated #9395

Merged
merged 2 commits into from
Sep 6, 2024
Merged

feat(jans-auth): add warn to check if server can't set authenticated #9395

merged 2 commits into from
Sep 6, 2024

Conversation

yurem
Copy link
Contributor

@yurem yurem commented Sep 6, 2024

closes #9394

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@yurem
feat(jans-auth): add warn to check if server can't set authenticated
002bc7c 
user in session

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
@yurem yurem requested a review from yuremm September 6, 2024 09:50
@yurem yurem requested review from yuriyz and yuriyzz as code owners September 6, 2024 09:50
@yurem yurem enabled auto-merge (squash) September 6, 2024 09:50
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Sep 6, 2024
edited
Loading

DryRun Security Summary

The pull request contains changes to the authentication service in the Janssen Project application, including adding a new else block to log a warning message when the sessionId is null in the setAuthenticatedUserSessionAttribute method, which is a routine maintenance update to improve the robustness and reliability of the authentication service.

Expand for full summary

Summary:

The code changes in this pull request are related to the authentication service in the Janssen Project application. The key changes include adding a new else block to log a warning message when the sessionId is null in the setAuthenticatedUserSessionAttribute method. This change is not directly related to security vulnerabilities, but it highlights the importance of handling session-related operations gracefully, as a null session could lead to unexpected behavior or potential security issues if not properly handled. Overall, this code change seems to be a routine maintenance update to improve the robustness and reliability of the authentication service, rather than addressing any specific security concerns. The code appears to be well-structured and follows secure coding practices.

Files Changed:

  • jans-auth-server/server/src/main/java/io/jans/as/server/service/AuthenticationService.java: The changes in this file include adding a new else block to log a warning message when the sessionId is null in the setAuthenticatedUserSessionAttribute method. This change is not directly related to security vulnerabilities, but it highlights the importance of handling session-related operations gracefully.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Authn/Authz Analyzer 1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mo-auto mo-auto added comp-jans-auth-server Component affected by issue or PR kind-feature Issue or PR is a new feature request labels Sep 6, 2024
@yurem yurem merged commit fc87b08 into main Sep 6, 2024
6 of 7 checks passed
@yurem yurem deleted the mark_auth_session branch September 6, 2024 10:44
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Sep 6, 2024

Quality Gate Passed Quality Gate passed for 'jans-pycloudlib'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@yurem
feat(jans-auth): add warn to check if server can't set authenticated (#…
a890d39 
…9395)

user in session

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Former-commit-id: fc87b08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuremm yuremm yuremm approved these changes

@yuriyz yuriyz yuriyz approved these changes

@yuriyzz yuriyzz Awaiting requested review from yuriyzz yuriyzz is a code owner

Assignees
No one assigned
Labels
comp-jans-auth-server Component affected by issue or PR kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat(jans-auth): add warn to check if server can't set authenticated
4 participants
@yurem @yuriyz @yuremm @mo-auto