Uploaded image for project: 'mod-codex-inventory'
  1. mod-codex-inventory
  2. MODCXINV-41

Endpoints w/o required permissions

    XMLWordPrintable

    Details

    • Template:
    • Development Team:
      Prokopovych

      Description

      Overview

      Two endpoints can be accessed w/o logging in because they don't have any required permisisons:

      • codex-instances
        • Returns a 500 because the call to inventory-storage requires a permission (inventory-storage.instances.collection.get). So you may also want to add that to permissionsDesired
          for this endpoint
      • codex-instances/id
        • Also fails like above - consider adding (inventory-storage.instances.item.get) to permissionsDesired for this endpoint

      I think we probably want the same permission required both here and in codex-mux (handled in a separate story). The desired permissions stuff mentioned above is extra that helps make it clear which permissions are really needed for this to work. If you actually makes these required permissions you'd also have to add them as module permissions in codex-mux, and I'm not sure that's what we want.

      Reproducer

      /codex-instances

      $ curl $OKAPI/codex-instances -v -H "X-Okapi-Tenant: diku" -w '\n' -H "X-Okapi-Module-Id: mod-codex-inventory-1.6.0-SNAPSHOT.73"
      *   Trying 52.0.23.15...
      * Connected to folio-testing-okapi.aws.indexdata.com (52.0.23.15) port 443 (#0)
      * found 148 certificates in /etc/ssl/certs/ca-certificates.crt
      * found 597 certificates in /etc/ssl/certs
      * ALPN, offering http/1.1
      * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
      * 	 server certificate verification OK
      * 	 server certificate status verification SKIPPED
      * 	 common name: *.aws.indexdata.com (matched)
      * 	 server certificate expiration date OK
      * 	 server certificate activation date OK
      * 	 certificate public key: RSA
      * 	 certificate version: #3
      * 	 subject: CN=*.aws.indexdata.com
      * 	 start date: Thu, 23 May 2019 00:00:00 GMT
      * 	 expire date: Tue, 23 Jun 2020 12:00:00 GMT
      * 	 issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon
      * 	 compression: NULL
      * ALPN, server accepted to use http/1.1
      > GET /codex-instances HTTP/1.1
      > Host: folio-testing-okapi.aws.indexdata.com
      > User-Agent: curl/7.47.0
      > Accept: */*
      > X-Okapi-Tenant: diku
      > X-Okapi-Module-Id: mod-codex-inventory-1.6.0-SNAPSHOT.73
      > 
      < HTTP/1.1 500 Internal Server Error
      < Date: Fri, 27 Sep 2019 17:42:06 GMT
      < Content-Type: text/plain
      < Transfer-Encoding: chunked
      < Connection: keep-alive
      < X-Okapi-Trace: GET mod-authtoken-2.4.0-SNAPSHOT.57 http://10.36.1.54:9132/codex-instances : 202 2853us
      < x-forwarded-for: 140.234.253.9
      < x-forwarded-proto: https
      < x-forwarded-port: 443
      < host: folio-testing-okapi.aws.indexdata.com
      < x-amzn-trace-id: Root=1-5d8e49ee-995b5632b1a891c1a3faeaa6
      < user-agent: curl/7.47.0
      < accept: */*
      < x-okapi-tenant: diku
      < x-okapi-request-id: 586797/codex-instances
      < x-okapi-url: http://10.36.1.54:9130
      < x-okapi-request-ip: 10.36.10.9
      < x-okapi-request-timestamp: 1569606126615
      < x-okapi-request-method: GET
      < x-okapi-permissions: []
      < x-okapi-match-path-pattern: /codex-instances
      < X-Okapi-Trace: GET mod-codex-inventory-1.6.0-SNAPSHOT.73 http://10.36.1.54:9154/codex-instances : 500 14527us
      < 
      * Connection #0 to host folio-testing-okapi.aws.indexdata.com left intact
      Get url http://10.36.1.54:9130/instance-storage/instances?offset=0&limit=10 returned 403
      

      /codex-instances/<id>

      $ curl $OKAPI/codex-instances/04489a01-f3cd-4f9e-9be4-d9c198703f45 -v -H "X-Okapi-Tenant: diku" -w '\n' -H "X-Okapi-Module-Id: mod-codex-inventory-1.6.0-SNAPSHOT.73"
      *   Trying 52.0.23.15...
      * Connected to folio-testing-okapi.aws.indexdata.com (52.0.23.15) port 443 (#0)
      * found 148 certificates in /etc/ssl/certs/ca-certificates.crt
      * found 597 certificates in /etc/ssl/certs
      * ALPN, offering http/1.1
      * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
      * 	 server certificate verification OK
      * 	 server certificate status verification SKIPPED
      * 	 common name: *.aws.indexdata.com (matched)
      * 	 server certificate expiration date OK
      * 	 server certificate activation date OK
      * 	 certificate public key: RSA
      * 	 certificate version: #3
      * 	 subject: CN=*.aws.indexdata.com
      * 	 start date: Thu, 23 May 2019 00:00:00 GMT
      * 	 expire date: Tue, 23 Jun 2020 12:00:00 GMT
      * 	 issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon
      * 	 compression: NULL
      * ALPN, server accepted to use http/1.1
      > GET /codex-instances/04489a01-f3cd-4f9e-9be4-d9c198703f45 HTTP/1.1
      > Host: folio-testing-okapi.aws.indexdata.com
      > User-Agent: curl/7.47.0
      > Accept: */*
      > X-Okapi-Tenant: diku
      > X-Okapi-Module-Id: mod-codex-inventory-1.6.0-SNAPSHOT.73
      > 
      < HTTP/1.1 500 Internal Server Error
      < Date: Fri, 27 Sep 2019 17:44:40 GMT
      < Content-Type: text/plain
      < Transfer-Encoding: chunked
      < Connection: keep-alive
      < X-Okapi-Trace: GET mod-authtoken-2.4.0-SNAPSHOT.57 http://10.36.1.54:9132/codex-instances/04489a01-f3cd-4f9e-9be4-d9c198703f45 : 202 2946us
      < x-forwarded-for: 140.234.253.9
      < x-forwarded-proto: https
      < x-forwarded-port: 443
      < host: folio-testing-okapi.aws.indexdata.com
      < x-amzn-trace-id: Root=1-5d8e4a88-f037576090e2b8b007716690
      < user-agent: curl/7.47.0
      < accept: */*
      < x-okapi-tenant: diku
      < x-okapi-request-id: 094607/codex-instances
      < x-okapi-url: http://10.36.1.54:9130
      < x-okapi-request-ip: 10.36.10.9
      < x-okapi-request-timestamp: 1569606280906
      < x-okapi-request-method: GET
      < x-okapi-permissions: []
      < x-okapi-match-path-pattern: /codex-instances/{id}
      < X-Okapi-Trace: GET mod-codex-inventory-1.6.0-SNAPSHOT.73 http://10.36.1.54:9154/codex-instances/04489a01-f3cd-4f9e-9be4-d9c198703f45 : 500 13941us
      < 
      * Connection #0 to host folio-testing-okapi.aws.indexdata.com left intact
      Get url http://10.36.1.54:9130/instance-storage/instances/04489a01-f3cd-4f9e-9be4-d9c198703f45 returned 403
      

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                Unassigned Unassigned
                Reporter:
                cmcnally Craig McNally
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases