Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat( user token verification) #507

Merged
merged 9 commits into from
Jan 6, 2025
Merged

feat( user token verification) #507

merged 9 commits into from
Jan 6, 2025

Conversation

ChrOertlin
Copy link
Contributor

Description

this PR adds a user token verification to the before request in trailblazer. This aims to close the security issue where anyone with a generated JWT token using a users email can send requests to TB

@ChrOertlin ChrOertlin requested a review from a team as a code owner January 2, 2025 08:57
@clingen-sthlm clingen-sthlm temporarily deployed to stage January 2, 2025 09:52 Inactive
@clingen-sthlm clingen-sthlm temporarily deployed to stage January 3, 2025 08:38 Inactive
@clingen-sthlm clingen-sthlm temporarily deployed to stage January 3, 2025 08:44 Inactive
@clingen-sthlm clingen-sthlm temporarily deployed to stage January 3, 2025 08:54 Inactive
@clingen-sthlm clingen-sthlm temporarily deployed to stage January 3, 2025 08:56 Inactive
@clingen-sthlm clingen-sthlm temporarily deployed to stage January 3, 2025 10:22 Inactive
@clingen-sthlm clingen-sthlm temporarily deployed to stage January 3, 2025 10:36 Inactive
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 3, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@clingen-sthlm clingen-sthlm temporarily deployed to stage January 3, 2025 10:40 Inactive
@ChrOertlin
Copy link
Contributor Author

test:

unauthorized error with nonsene token

christian@chroerMBP ~ % curl -X GET
-H "Authorization: Bearer nonsensetoken"
-H "Content-Type: application/json"
"https://trailblazer-api-stage.scilifelab.se/api/v1/analyses?workflow=&pageSize=50&page=1"

<!doctype html>

<title>401 Unauthorized</title>

Unauthorized

TrailblazerError: Could not verify user token. It might be false or expired.

UI works normally otherwise

image

islean
islean approved these changes Jan 3, 2025
View reviewed changes
Copy link
Contributor

@islean islean left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@ChrOertlin ChrOertlin merged commit 21cfe51 into master Jan 6, 2025
6 checks passed
@ChrOertlin ChrOertlin deleted the add-token-verification branch January 6, 2025 08:58
ChrOertlin added a commit that referenced this pull request Jan 7, 2025
@ChrOertlin
Revert "feat( user token verification) (#507) (minor)"
665a5f0 
This reverts commit 21cfe51.
@ChrOertlin ChrOertlin mentioned this pull request Jan 7, 2025
Merged
ChrOertlin added a commit that referenced this pull request Jan 7, 2025
@ChrOertlin
Revert "feat( user token verification) (#507) (minor)" (#509)
795efa2 
This reverts commit 21cfe51.
@ChrOertlin ChrOertlin restored the add-token-verification branch January 7, 2025 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@islean islean islean approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ChrOertlin @islean @clingen-sthlm