Project

General

Profile

Actions
Copy link

Cleanup #48584

open

mgr/dashboard: remove auth/check and modify redirectURL for SSO

Added by Avan Thakkar over 3 years ago. Updated about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Security & Auth
Target version:
-
% Done:

0%

Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

Remove the /auth/check endpoint as it has the the same response jsonBody as /auth (/auth has 1 more which is the token value) and it gets called (POST request) on reaching the login page. So for the normal login there is no need of this POST request as POST /auth already handles the authentication. The only main purpose of auth/check is when SSO is enabled; if the token is valid it redirects the user to the dashboard login page, but that can be dealt with by modifying the redirectURL itself in login component.

Related issues 1 (0 open1 closed)

Related to Dashboard - Bug #44591: CVE-2020-27839: mgr/dashboard: The ceph dashboard is vulnerable to XSS attacksResolvedAvan Thakkar

Actions
Actions
Copy link
 #1

Updated by Avan Thakkar over 3 years ago

  • Related to Bug #44591: CVE-2020-27839: mgr/dashboard: The ceph dashboard is vulnerable to XSS attacks added
Actions
Copy link
 #2

Updated by Ernesto Puerta about 3 years ago

  • Project changed from mgr to Dashboard
Actions
Copy link
 #3

Updated by Ernesto Puerta about 2 years ago

  • Category set to Security & Auth
Actions
Copy link

Also available in: Atom PDF