Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-15335

API Explorer endpoint is reachable without authentication

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.0, 7.1.0
    • Fix Version/s: 7.1.0
    • Component/s: None
    • Labels:
    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      1
    • Sprint:
      2020.12 - IDM, 2020.13 - IDM

      Description

      Investigation of our failing UI test api_page_not_loading_when_user_not_logged_in shows that API Explorer endpoint eg. idm.example.com:8080/api is reachable for users without authentication. 

      According to Mark Gibson this should be allowed only for admin users.

       

      Steps to reproduce:

      1. Start IDM
      2. Show /api endpoint in browser (eg. idm.example.com:8080/api)

      Expected results: not allowed for anonymous user

      Actual results: endpoint is reachable without authentication

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                travis.haagen Travis Haagen
                Reporter:
                alexander.dracka Alexander Dracka
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: