[BUG] MLFLow Auth is giving admin as default permissions to the new user

[mohitanchlia]

Issues Policy acknowledgement

• I have read and agree to submit bug reports in accordance with the issues policy

Willingness to contribute

Yes. I would be willing to contribute a fix for this bug with guidance from the MLflow community.

MLflow version

• Client: curl
• Tracking server: 2.6.0

System information

• Linux ip-10-10-131-116 5.15.0-1021-aws Tracking datasets for each run #25~20.04.1-Ubuntu SMP Thu Sep 22 13:59:08 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux:
• Curl

Describe the problem

I create an user and then use new user to create another user. The new user is able to successfully create a new user. Basic authentication is supposed to be READ

curl --user app:password -d "username=app1&password=password" -X POST http://mlflow-dev.dev.svc-xyz.com/api/2.0/mlflow/users/create

<script type = "text/javascript">



      alert("Successfully signed up user: app1");



      window.location.href = "/";

Tracking information

REPLACE_ME

Code to reproduce issue

REPLACE_ME

Stack trace

REPLACE_ME

Other info / logs

REPLACE_ME

What component(s) does this bug affect?

• area/artifacts: Artifact stores and artifact logging
• area/build: Build and test infrastructure for MLflow
• area/docs: MLflow documentation pages
• area/examples: Example code
• area/gateway: AI Gateway service, Gateway client APIs, third-party Gateway integrations
• area/model-registry: Model Registry service, APIs, and the fluent client calls for Model Registry
• area/models: MLmodel format, model serialization/deserialization, flavors
• area/recipes: Recipes, Recipe APIs, Recipe configs, Recipe Templates
• area/projects: MLproject format, project running backends
• area/scoring: MLflow Model server, model deployment tools, Spark UDFs
• area/server-infra: MLflow Tracking server backend
• area/tracking: Tracking Service, tracking client APIs, autologging

What interface(s) does this bug affect?

• area/uiux: Front-end, user experience, plotting, JavaScript, JavaScript dev server
• area/docker: Docker use across MLflow's components, such as MLflow Projects and MLflow Models
• area/sqlalchemy: Use of SQLAlchemy in the Tracking Service or Model Registry
• area/windows: Windows support

What language(s) does this bug affect?

• language/r: R APIs and clients
• language/java: Java APIs and clients
• language/new: Proposals for new client languages

What integration(s) does this bug affect?

• integrations/azure: Azure and Azure ML integrations
• integrations/sagemaker: SageMaker integrations
• integrations/databricks: Databricks integrations

[BenWilson2]

@gabrielfu is this intended?

[gabrielfu]

The current behaviour is that user creation is unprotected and anyone can create a new user (whether the request sender is authenticated or not). So I don't think it is related to new user having admin permission.

To verify, can you try calling /mlflow/users/get to see if your new user has admin permission?

[mohitanchlia]

Admin is false. However, only admins should be allowed to create the users? What other operations are unprotected?

[gabrielfu]

Please see the below for unprotected routes. I'm closing this issue for now as the reported bug is not found. Feel free to continue the discussion.

mlflow/mlflow/server/auth/__init__.py

Lines 116 to 122 in 3a1126e

	UNPROTECTED_ROUTES = [CREATE_USER, SIGNUP]
	def is_unprotected_route(path: str) -> bool:
	if path.startswith(("/static", "/favicon.ico", "/health")):
	return True
	return path in UNPROTECTED_ROUTES

[goncalo-maia]

Is there any reason to let the create user operation be executed by any user? From my point of view it does not make much sense that this does not require admin permissions.

[mohitanchlia]

Correct, this shouldn't be unprotected

[gabrielfu]

That's a solid point, thanks for giving us the feedback. We are going to make user creation an admin only action