Skip to content

Commit c2a99fb

Browse files
committed
editoast: authn: forbid the use of skip-authz and authn headers together
Signed-off-by: Younes Khoudli <younes.khoudli@epita.fr>
1 parent 2c5146b commit c2a99fb

2 files changed

Lines changed: 6 additions & 12 deletions

File tree

editoast/src/authentication.rs

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -23,10 +23,7 @@ pub enum Mode {
2323
impersonator_name: String,
2424
impersonated_identity: String,
2525
},
26-
Skip {
27-
identity: Option<String>,
28-
name: Option<String>,
29-
},
26+
Skip,
3027
}
3128

3229
#[derive(Debug, Default)]
@@ -45,8 +42,9 @@ impl Mode {
4542
skip: true,
4643
identity,
4744
name,
48-
..
49-
} => Self::Skip { identity, name },
45+
impersonate,
46+
} if identity.is_none() && name.is_none() && impersonate.is_none() => Self::Skip,
47+
AuthenticationParameters { skip: true, .. } => return Err(params),
5048
AuthenticationParameters {
5149
impersonate: Some(impersonated_identity),
5250
identity: Some(impersonator_identity),

editoast/src/views/server/middlewares.rs

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -158,11 +158,7 @@ pub(in crate::views) async fn authentication_validation_middleware(
158158
}
159159

160160
let (user, roles_prot) = match &authn {
161-
crate::authentication::Mode::Authenticated { identity, name }
162-
| crate::authentication::Mode::Skip {
163-
identity: Some(identity),
164-
name: Some(name),
165-
} => {
161+
crate::authentication::Mode::Authenticated { identity, name } => {
166162
let conn = db_pool.get().await?;
167163
conn.transaction(async |conn| {
168164
let user =
@@ -215,7 +211,7 @@ pub(in crate::views) async fn authentication_validation_middleware(
215211
})
216212
.await?
217213
}
218-
crate::authentication::Mode::Skip { .. } => (None, ::authz::v2::Protected::default()),
214+
crate::authentication::Mode::Skip => (None, ::authz::v2::Protected::default()),
219215
crate::authentication::Mode::Unauthenticated => {
220216
return Err(AuthorizationError::Unauthenticated.into());
221217
}

0 commit comments

Comments
 (0)