Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential incorrect WPS-1 service ACL permissions validation #157

Closed
2 tasks
fmigneault opened this issue Mar 18, 2019 · 0 comments · Fixed by #363
Closed
2 tasks

Potential incorrect WPS-1 service ACL permissions validation #157

fmigneault opened this issue Mar 18, 2019 · 0 comments · Fixed by #363
Assignees
@fmigneault
Labels
bug Problem, error, or invalid behaviour investigate Issue or new component that needs further exploration security New security features or failing AuthN/AuthZ conditions

Comments

@fmigneault
Copy link
Collaborator

fmigneault commented Mar 18, 2019
edited
Loading

see crim-ca/weaver#22 for use case

  • Verify that POST for WPS-1 request=Execute doesn't cause problem (when using XML body instead of DataInputs=... in URI with GET request). When request has XML body, the values inside it are used instead of identifier=...&request=... in the URI. Therefore, the ServiceWPS possibly fails to retrieve the actual request field, and then fails to retrieve the proper ACL for Twitcher.
  • verify that WPS-1 request=... to corresponding Magpie service permission mapping is properly accomplished so that access to corresponding requests is granted/blocked as expected.
@fmigneault fmigneault added bug Problem, error, or invalid behaviour security New security features or failing AuthN/AuthZ conditions investigate Issue or new component that needs further exploration labels Mar 18, 2019
@fmigneault fmigneault self-assigned this Mar 18, 2019
@fmigneault fmigneault mentioned this issue Mar 18, 2019
Closed
2 tasks
fmigneault added a commit that referenced this issue Oct 23, 2020
@fmigneault
adjust and test WPS POST body parsing (fix #157)
aeaad22
@fmigneault fmigneault mentioned this issue Oct 23, 2020
Merged
fmigneault added a commit that referenced this issue Oct 29, 2020
@fmigneault
adjust and test WPS POST body parsing (fix #157)
fd42513
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fmigneault fmigneault

Labels
bug Problem, error, or invalid behaviour investigate Issue or new component that needs further exploration security New security features or failing AuthN/AuthZ conditions
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Permission extensions Ouranosinc/Magpie
1 participant
@fmigneault