blackroad-os/backroad
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(api): add an authenticated access policy to the websocket endpoint (#1979)

Browse Source 
* fix(api): add an authenticated access policy to the websocket endpoint

* refactor(api): centralize EndpointAccess validation

* feat(api): validate id query parameter for the /websocket/exec endpoint
This commit is contained in:
Anthony Lapenna
2018-06-18 11:56:31 +02:00
committed by GitHub
parent f3ce5c25de
commit da5a430b8c
14 changed files with 100 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
api/http/handler/stacks/stack_delete.go
View File

@@ -105,18 +105,9 @@ func (handler *Handler) deleteExternalStack(r *http.Request, w http.ResponseWrit
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find the endpoint associated to the stack inside the database", err}
}
tokenData, err := security.RetrieveTokenData(r)
err = handler.requestBouncer.EndpointAccess(r, endpoint)
if err != nil {
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user authentication token", err}
}
if tokenData.Role != portainer.AdministratorRole {
err = handler.checkEndpointAccess(endpoint, tokenData.ID)
if err != nil && err == portainer.ErrEndpointAccessDenied {
return &httperror.HandlerError{http.StatusForbidden, "Permission denied to access endpoint", portainer.ErrEndpointAccessDenied}
} else if err != nil {
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to verify permission to access endpoint", err}
}
return &httperror.HandlerError{http.StatusForbidden, "Permission denied to access endpoint", portainer.ErrEndpointAccessDenied}
}
stack = &portainer.Stack{