API allows access to resources without Auth token #1410

atextor · 2019-02-21T07:08:27Z

The API allows read-access to resources without any authentication, for example:
GET /api/v1/attachments/{modelId}/files/somefile.txt works without an Authorization header, i.e. retrieves the file. When sending an invalid token in the header, the request is correctly rejected with a 401 response.

Signed-off-by: Erle Czar Mantos <erleczar.mantos@bosch-si.com>

aedelmann added bug Repository labels Feb 21, 2019

aedelmann modified the milestones: 0.10, 0.11-M1 Feb 21, 2019

aedelmann added this to To do in 0.11 (E06.2019) Feb 21, 2019

aedelmann moved this from To do to In progress in 0.11 (E06.2019) May 29, 2019

aedelmann moved this from In progress to To do in 0.11 (E06.2019) May 30, 2019

aedelmann moved this from To do to In progress in 0.11 (E06.2019) Jun 7, 2019

erlemantos pushed a commit to bosch-io/vorto that referenced this issue Jun 10, 2019

Fixes eclipse#1410 - API allows access to resources without Auth token

8d85269

Signed-off-by: Erle Czar Mantos <erleczar.mantos@bosch-si.com>

aedelmann closed this as completed in a9b404c Jun 10, 2019

aedelmann moved this from In progress to Done in 0.11 (E06.2019) Jun 10, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

API allows access to resources without Auth token #1410

API allows access to resources without Auth token #1410

atextor commented Feb 21, 2019

API allows access to resources without Auth token #1410

API allows access to resources without Auth token #1410

Comments

atextor commented Feb 21, 2019