Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verb of object session token is not checked #1191

Closed
cthulhu-rider opened this issue Feb 21, 2022 · 0 comments · Fixed by #1203
Closed

Verb of object session token is not checked #1191

cthulhu-rider opened this issue Feb 21, 2022 · 0 comments · Fixed by #1203
Assignees
@fyrchik
Labels
bug Something isn't working
Milestone
v0.28.0

Comments

@cthulhu-rider
Copy link
Contributor

Originally posted by @KirillovDenis

Verb of the session token attached to the object request should correspond to the operation.

Expected Behavior

Storage nodes denies request with wrong token verb.

Current Behavior

Request is processed.

Possible solution

Node can:

  1. Deny the request.
  2. Ignore session token and process the request without it.

IMO 1. is more clear.

Steps to Reproduce (for bugs)

  1. Attach session token with verb other than the object request one.
  2. Send the request.
  3. Receive OK status.

Your Environment

  • Version used: v0.27.5
@cthulhu-rider cthulhu-rider added bug Something isn't working triage labels Feb 21, 2022
@cthulhu-rider cthulhu-rider added this to the v0.28.0 milestone Feb 21, 2022
This was referenced Feb 21, 2022
Merged
Closed
@fyrchik fyrchik mentioned this issue Mar 1, 2022
Merged
@alexvanin alexvanin mentioned this issue Mar 2, 2022
Closed
aprasolova pushed a commit to aprasolova/neofs-node that referenced this issue Oct 19, 2022
@fyrchik @aprasolova
[nspcc-dev#1191] object/acl: check session token verb
f08f469 
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fyrchik fyrchik

Labels
bug Something isn't working
Projects
None yet
Milestone
v0.28.0
Development

Successfully merging a pull request may close this issue.

object/acl: check session token verb fyrchik/neofs-node
2 participants
@fyrchik @cthulhu-rider