Skip to content

This is the API for Better Informatics that provides information about the currently logged in user.

License

Notifications You must be signed in to change notification settings

compsoc-edinburgh/bi-provider

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

bi-provider Go Report Card

This is the API for Better Informatics that provides information about the currently logged in user.

How does it get my details?

When you log in on Better Informatics, Informatics login server (CoSign) sends Better Informatics a personalised service-only (i.e, only valid to us) login cookie. We then store this login cookie as a cookie on your machine, available to all subdomains of betterinformatics.com.

We can see that login cookie, so we take it, and ask Informatics what your UUN is. Then we use Informatics' LDAP to get your details.

Does this mean other people can see my personal information?

Absolutely not. We set the Access-Control-Allow-Origin header, causing your browser to reject API calls sent from websites other than https://betterinformatics.com.

Found a security vulnerability? Please email qaisjp right away.

CoSign?

This repository uses gosign, a library to interact with CoSign daemons.

It also interacts with the cosign-webapi backend, available to Better Informatics services on TARDIS.

About

This is the API for Better Informatics that provides information about the currently logged in user.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages