New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add @RequiresAuthentication to SystemPluginResource #4863

Closed
1Jesper1 opened this Issue Jun 23, 2018 · 0 comments

Comments

Projects
None yet
2 participants
@1Jesper1

1Jesper1 commented Jun 23, 2018

@Api(value = "System/Plugins", description = "Plugin information")

@dennisoelkers dennisoelkers self-assigned this Jun 25, 2018

@dennisoelkers dennisoelkers added this to the 3.0.0 milestone Jun 25, 2018

dennisoelkers added a commit that referenced this issue Jun 26, 2018

Requires user to be authenticated to retrieve plugin list.
Before this change, the `SystemPluginResource` which returns the list of
installed plugins for this node, did not require any authentication at
all. This might lead to unnecessary disclosure of harmful information
and should be avoided.

Therefore this change adds the annotation which requires the caller of
the `SystemPluginResource` to be authenticated. If this is not
sufficient, a further check for a permission can be introduced.

Fixes #4863.

@bernd bernd closed this in #4868 Jun 28, 2018

bernd added a commit that referenced this issue Jun 28, 2018

Requires user to be authenticated to retrieve plugin list. (#4868)
Before this change, the `SystemPluginResource` which returns the list of
installed plugins for this node, did not require any authentication at
all. This might lead to unnecessary disclosure of harmful information
and should be avoided.

Therefore this change adds the annotation which requires the caller of
the `SystemPluginResource` to be authenticated. If this is not
sufficient, a further check for a permission can be introduced.

Fixes #4863.

bernd added a commit that referenced this issue Jun 28, 2018

Requires user to be authenticated to retrieve plugin list. (#4868)
Before this change, the `SystemPluginResource` which returns the list of
installed plugins for this node, did not require any authentication at
all. This might lead to unnecessary disclosure of harmful information
and should be avoided.

Therefore this change adds the annotation which requires the caller of
the `SystemPluginResource` to be authenticated. If this is not
sufficient, a further check for a permission can be introduced.

Fixes #4863.

(cherry picked from commit 267be4a)

dennisoelkers added a commit that referenced this issue Jun 28, 2018

Requires user to be authenticated to retrieve plugin list. (#4868) (#…
…4875)

Before this change, the `SystemPluginResource` which returns the list of
installed plugins for this node, did not require any authentication at
all. This might lead to unnecessary disclosure of harmful information
and should be avoided.

Therefore this change adds the annotation which requires the caller of
the `SystemPluginResource` to be authenticated. If this is not
sufficient, a further check for a permission can be introduced.

Fixes #4863.

(cherry picked from commit 267be4a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment