Actions
Cleanup #48584
openmgr/dashboard: remove auth/check and modify redirectURL for SSO
Status:
New
Priority:
Normal
Assignee:
-
Category:
Security & Auth
Target version:
-
% Done:
0%
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:
Description
Remove the /auth/check endpoint as it has the the same response jsonBody as /auth (/auth has 1 more which is the token value) and it gets called (POST request) on reaching the login page. So for the normal login there is no need of this POST request as POST /auth already handles the authentication. The only main purpose of auth/check is when SSO is enabled; if the token is valid it redirects the user to the dashboard login page, but that can be dealt with by modifying the redirectURL itself in login component.
Updated by Avan Thakkar over 3 years ago
- Related to Bug #44591: CVE-2020-27839: mgr/dashboard: The ceph dashboard is vulnerable to XSS attacks added
Updated by Ernesto Puerta about 3 years ago
- Project changed from mgr to Dashboard
Actions