Cleanup #48584: mgr/dashboard: remove auth/check and modify redirectURL for SSO - Dashboard - Ceph

Cleanup #48584

mgr/dashboard: remove auth/check and modify redirectURL for SSO

Added by Avan Thakkar almost 3 years ago. Updated over 1 year ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Security & Auth

Target version:

% Done:

Tags:

Backport:

Reviewed:

Affected Versions:

Pull request ID:

Description

Remove the /auth/check endpoint as it has the the same response jsonBody as /auth (/auth has 1 more which is the token value) and it gets called (POST request) on reaching the login page. So for the normal login there is no need of this POST request as POST /auth already handles the authentication. The only main purpose of auth/check is when SSO is enabled; if the token is valid it redirects the user to the dashboard login page, but that can be dealt with by modifying the redirectURL itself in login component.

Related issues

History

#1 Updated by Avan Thakkar almost 3 years ago

Related to Bug #44591: CVE-2020-27839: mgr/dashboard: The ceph dashboard is vulnerable to XSS attacks added

#2 Updated by Ernesto Puerta over 2 years ago

Project changed from mgr to Dashboard

#3 Updated by Ernesto Puerta over 1 year ago

Category set to Security & Auth

Also available in: Atom PDF

Project

General

Profile

Ceph » mgr » Dashboard

Issues

Tags

Custom queries