Details
-
Bug
-
Status: Closed (View Workflow)
-
P3
-
Resolution: Done
-
2.0.1
Description
If a call is made to /token (or any other API endpoints exposed by authtoken module) as a filter request, currently mod-authtoken only returns x-okapi-token but not x-okapi-module-tokens which causes following Okapi calls to carry incorrect permissions.
For example, in the Okapi log we can see something like this:
2018-10-02 19:28:52,993 INFO ProxyContext 084711/token REQ 172.17.0.24:59306 diku POST /token mod-authtoken-2.0.2-SNAPSHOT.30 mod-audit-filter-0.0.2-SNAPSHOT.10 mod-authtoken-2.0.2-
So basially Okapi will make calls to four modules in sequential:
1, mod-authtoken (as filter)
2, mod-audit-filter (as Okapi PRE filter)
3, mod-authtoken (as module handler for /token endpoint)
4, mod-audit-filter (as Okapi POST filter)
In step 1, because mod-authtoken does not return x-okapi-module-tokens, when Okapi makes call to mod-audit-filter, the required module level permission "audit.item.post" is not present, we see errors in mod-audit-filter:
SEVERE: Access requires permission: audit.item.post
and errors in mod-auth-token
SEVERE: ["auth.signtoken","auth.signrefreshtoken","users.collection.get","users.item.put","configuration.entries.collection.get"](user permissions) nor ["auth.signtoken","auth.signrefreshtoken","users.collection.get","users.item.put","configuration.entries.collection.get"](module permissions) do not contain audit.item.post
TestRail: Results
Attachments
Issue Links
- blocks
-
-
- Closed
-
