Project

General

Profile

Actions

Task #473

closed

Public endpoints must bypass BE Authentication filters

Added by Jan Helbich over 7 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Radek Tomiška
Category:
Authentication / Authorization
Target version:
Start date:
06/01/2017
Due date:
% Done:

100%

Estimated time:
Owner:

Description

Currently if users have access tokens (valid or invalid), they are eligible for authentication. It does not matter whether they try to access public or private endpoint.
A problem occurrs if user has invalid token / authentication -> filters will throw an error even when the user tries to access public endpoint.

The goal of this ticket is to fix the behavior of auth filters for public endpoints.


Related issues

Related to IdStory Identity Manager - Task #2506: Authentication: Two factor authenticationClosedRadek Tomiška10/01/2020

Actions
Actions #1

Updated by Radek Tomiška over 7 years ago

  • Target version changed from Citrine (7.3.0) to Diamond (7.4.0)
Actions #2

Updated by Jan Helbich over 7 years ago

  • Subject changed from Public endpoints BE Authentication filters must to Public endpoints must bypass BE Authentication filters
Actions #3

Updated by Jan Helbich about 7 years ago

  • Assignee changed from Jan Helbich to Radek Tomiška
Actions #5

Updated by Vít Švanda about 7 years ago

  • Target version deleted (Diamond (7.4.0))
Actions #6

Updated by Radek Tomiška about 4 years ago

  • Status changed from New to In Progress
  • Target version set to 10.7.0
Actions #7

Updated by Radek Tomiška about 4 years ago

  • Related to Task #2506: Authentication: Two factor authentication added
Actions #8

Updated by Radek Tomiška about 4 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 0 to 90

Implemented together with #2506. Authentication is resolved optionally for public endpoints => if credentials are given, then identity is logged (e.g. from public password change page). If credentials are wrong (expired token is given, or token is not verified yet etc.), then authentication is skipped.

Commit:
https://github.com/bcvsolutions/CzechIdMng/commit/6a460fd1c3cf92319dfbe509e63418777702810b#diff-66ada1fc97e45d40ba5c201e8f2f7f36342a88ea46332006c5b1995ee2c2166cR67

Could you provide me a feedback, please?

Actions #9

Updated by Vít Švanda about 4 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Vít Švanda to Radek Tomiška
  • % Done changed from 90 to 100

I did review, thanks for this fix/improvement.

Actions #10

Updated by Radek Tomiška about 4 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF