Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix UAA admin check code #141

Merged
merged 4 commits into from
Nov 4, 2024
Merged

Fix UAA admin check code #141

merged 4 commits into from
Nov 4, 2024

Conversation

markdboyd
Copy link
Contributor

@markdboyd markdboyd commented Nov 4, 2024
edited
Loading

Changes proposed in this pull request:

Related to https://github.com/cloud-gov/private/issues/2030

The proxy is currently returning a tuple ("Unexpected error", 500) from uaa.is_user_cf_admin if a non-200 status code is received from UAA. The app code doesn't inspect the actual value and instead only checks whether the return from uaa.is_user_cf_admin is truthy to determine if a user has admin access, whereas a user should only be an admin if the return from uaa.is_user_cf_admin is literally True.

  • Fix uaa. get_client_credentials_token to raise exception on non-200 status code
  • Fix uaa.is_user_cf_admin to raise exception on non-200 status code
  • Add unit tests for updated behavior
  • Fix app logic to only add admin role if session.get("is_cf_admin") is literally True (== True), and not just truthy

Things to check

  • For any logging statements, is there any chance that they could be logging sensitive data?
  • Are log statements using a logging library with a logging level set? Setting a logging level means that log statements "below" that level will not be written to the output. For example, if the logging level is set to INFO and debugging statements are written with log.debug or similar, then they won't be written to the otput, which can prevent unintentional leaks of sensitive data.

Security considerations

Currently, the proxy is improperly treating a user as an admin anytime the requests to UAA fail, which is obviously wrong and insecure. The updated code insures that errors from request to UAA will be raised and only literally True values will be accepted to determine if a user is an admin.

@markdboyd markdboyd requested a review from a team as a code owner November 4, 2024 21:47
JasonTheMain
JasonTheMain approved these changes Nov 4, 2024
View reviewed changes
Copy link
Contributor

@JasonTheMain JasonTheMain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amazing

@markdboyd markdboyd merged commit c29f86a into main Nov 4, 2024
2 checks passed
@markdboyd markdboyd deleted the fix-uaa-admin-check branch November 4, 2024 22:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JasonTheMain JasonTheMain JasonTheMain approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@markdboyd @JasonTheMain