TRUNK-6203: Global properties access should be privileged #4601
Conversation
|
@wikumChamith when you run these changes with the reference application modules, were you able to log in and load the main landing dashboard? |
|
@dkayiwa Yes, Everything seems fine on my end. |
|
@wikumChamith did you accidentally leave out the |
wikumChamith
force-pushed
the
TRUNK-6203
branch
from
50131c7
to
b01e48d
Compare
|
@dkayiwa I updated the PR. |
|
@wikumChamith are you still able to run the reference application even with that change without getting errors? |
|
@dkayiwa Yes, Are you getting any errors? |
|
@wikumChamith have you also tested and confirmed that, with your changes, non logged in users can no longer access global properties as per the ticket requirements? In other words, anonymous users should get some sort of access denied errors when they try to access this: http://localhost:8080/openmrs/ws/rest/v1/systemsetting |
wikumChamith
force-pushed
the
TRUNK-6203
branch
2 times, most recently
from
82724fd
to
37b5a03
Compare
|
@dkayiwa, I've made updates to the PR. Additionally, I've created pull requests for the modules to enable anonymous users to access the login page. openmrs-module-uiframework : openmrs/openmrs-module-uiframework#77 Regarding the One potential solution I could think of is using |
|
@wikumChamith how about if we intentionally expect this to fail until when accessed by a logged in user? |
|
@dkayiwa main issue here is users won't be able to access the login page because of that. |
| @@ -588,9 +588,8 @@ public void getGlobalProperty_shouldFailIfUserHasNoPrivileges() { | |||
| Context.logout(); | |||
| Context.authenticate(getTestUserCredentials()); | |||
|
|
|||
| APIException exception = assertThrows(APIException.class, () -> adminService.getGlobalProperty(property.getProperty())); | |||
| assertEquals(exception.getMessage(), String.format("Privilege: %s, required to view globalProperty: %s", | |||
There was a problem hiding this comment.
Do you mind explaining why you changed the contents of String.format()?
There was a problem hiding this comment.
The format of the exception message changes after adding the authorization.
api/src/test/java/org/openmrs/test/jupiter/StartModuleExecutionListener.java
Outdated
Show resolved
Hide resolved
api/src/test/java/org/openmrs/test/StartModuleExecutionListener.java
Outdated
Show resolved
Hide resolved
api/src/test/java/org/openmrs/test/StartModuleExecutionListener.java
Outdated
Show resolved
Hide resolved
| @@ -57,6 +57,7 @@ public static Locale getDefaultLocale() { | |||
| if (defaultLocaleCache == null) { | |||
| if (Context.isSessionOpen()) { | |||
| try { | |||
| Context.addProxyPrivilege(PrivilegeConstants.GET_GLOBAL_PROPERTIES); | |||
There was a problem hiding this comment.
Do we really need this? Who calls it in the startup process?
| } | ||
|
|
||
| /** | ||
| * Returns true if path matches pattern in gzip.acceptCompressedRequestsForPaths property | ||
| */ | ||
| private boolean isCompressedRequestForPathAccepted(String path) { | ||
| try { | ||
| Context.addProxyPrivilege(PrivilegeConstants.GET_GLOBAL_PROPERTIES); |
There was a problem hiding this comment.
Do we really need this? Who calls it in the startup process?
| @@ -124,9 +125,9 @@ private boolean isGZIPEnabled() { | |||
| } | |||
|
|
|||
| try { | |||
| Context.addProxyPrivilege(PrivilegeConstants.GET_GLOBAL_PROPERTIES); | |||
There was a problem hiding this comment.
We could also just catch the APIAuthenticationException here and log it, before returning false, in order to reduce the need to add proxy privileges. This is based on the fact that it is not a big deal for a not yet logged in user to miss gzip compression. They can have it after login.
There was a problem hiding this comment.
@wikumChamith i am changing my mind on this. I think it would be better to add the proxy privilege to avoid these unnecessary errors before login. :)
| import org.openmrs.test.StartModule; | ||
| import org.openmrs.test.jupiter.BaseContextSensitiveTest; | ||
| import org.openmrs.util.RoleConstants; |
There was a problem hiding this comment.
Do we need to make any changes in this file?
| @@ -21,8 +21,8 @@ | |||
| <global_property property="valid.integer" property_value="1234" uuid="b7225607-d0c4-4e44-8be5-31e1ac7e1fda"/> | |||
| <global_property property="valid.double" property_value="1234.54" uuid="b7225607-d0c4-4e44-8be6-31e1ac7e1fda"/> | |||
|
|
|||
| <privilege privilege="Some Privilege For View Global Properties" description="This is a test privilege for view global properties" uuid="d979d066-15e6-467c-9d4b-cb575ef12345"/> | |||
| <privilege privilege="Some Privilege For Edit Global Properties" description="This is a test privilege for edit global properties" uuid="d979d066-15e6-467c-9d4b-cb575ef54321"/> | |||
There was a problem hiding this comment.
I do not think we should change this file. Can't we do without these changes? The tests that expect these values should still do so.
There was a problem hiding this comment.
Not changing this could lead to problems with tests. For an example let's consider the following test.
openmrs-core/api/src/test/java/org/openmrs/api/AdministrationServiceTest.java
Lines 636 to 649 in 7d70503
If we keep the privilege name as "Some Privilege For View Global Properties," this test will fail with an error message stating:
org.openmrs.api.APIAuthenticationException: Privileges required: Get Global Properties
We could mitigate the error by adding Context.addProxyPrivilege(PrivilegeConstants.GET_GLOBAL_PROPERTIES);
However, this goes against the test's purpose: to validate that only users with the appropriate privilege can access global properties.
| @@ -473,8 +475,14 @@ public void changePassword_shouldMatchOnIncorrectlyHashedSha1StoredPassword() { | |||
| executeDataSet(XML_FILENAME); | |||
| Context.logout(); | |||
| Context.authenticate("incorrectlyhashedSha1", "test"); | |||
|
|
|||
| userService.changePassword("test", "Tester12"); | |||
| try { | |||
There was a problem hiding this comment.
Do we really need this try finally?
| @@ -515,8 +523,13 @@ public void changePassword_shouldMatchOnCorrectlyHashedSha1StoredPassword() { | |||
| executeDataSet(XML_FILENAME); | |||
| Context.logout(); | |||
| Context.authenticate("correctlyhashedSha1", "test"); | |||
|
|
|||
| userService.changePassword("test", "Tester12"); | |||
| try { | |||
There was a problem hiding this comment.
Do we really need this try finally? And the ones below?
|
Try create a new server. |
|
@dkayiwa I tested on both Reference Application 2.14.0-SNAPSHOT and 2.13.0. Looks like the issue is with the new SPA module. I'll look into this. |
Awesome! Looking forward to the fix. 😊 |
|
@dkayiwa, I am encountering an issue when running the O2 reference application with these changes. Upon launching the server, I face a browser error stating:
Apart from this, the only backend error I saw during redirects:
It looks like the issue is related to the openmrs-module-referenceapplication as the legacy-ui login page is accessible without this module. I also tried giving proxy privileges in a few instances within the reference application module where global properties were accessed but that didn't resolve the issue. Any insights on how to resolve this are highly appreciated. |
|
@wikumChamith does this problem happen only with your modified version of openmrs-core? |
Yeah. This only occurs on TRUNK-6203 |
|
@dkayiwa This fixes the issue: openmrs/openmrs-module-referenceapplication#105 Previously this didn't work for me because of another issue on my side. |
| try { | ||
| return Context.getConceptService().getConcept(Integer.valueOf(s)); |
There was a problem hiding this comment.
@wikumChamith is this supposed to be part of this pull request?
There was a problem hiding this comment.
Where is this from 😅 ?
pom.xml
Outdated
| @@ -942,7 +942,7 @@ | |||
| <plugin> | |||
| <groupId>org.apache.maven.plugins</groupId> | |||
| <artifactId>maven-dependency-plugin</artifactId> | |||
| <version>3.6.1</version> | |||
| <version>3.7.0</version> | |||
There was a problem hiding this comment.
Is this supposed to be part of this pul request?
|
@dkayiwa I think those two changes are from the rebase. They are similar to the current master: |
|
I do not care where they came from. All i want is not to see them here. 😊 |
|
@dkayiwa I removed those changes. |
|
@dkayiwa I updated the PR. |
* TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * TRUNK-6203: Global properties access should be privileged * Removing random changes * Removing random changes
Description of what I changed
Adding
@Authorized(PrivilegeConstants.GET_GLOBAL_PROPERTIES)annotation to throw an authentication exception if a user is not authenticated when requesting a global property. UsedContext.addProxyPrivilege("Get Global Properties")to extend the privilege to anonymous users in tests and before login.Issue I worked on
see https://openmrs.atlassian.net/browse/TRUNK-6203
Checklist: I completed these to help reviewers :)
My IDE is configured to follow the code style of this project.
No? Unsure? -> configure your IDE, format the code and add the changes with
git add . && git commit --amendI have added tests to cover my changes. (If you refactored
existing code that was well tested you do not have to add tests)
No? -> write tests and add them to this commit
git add . && git commit --amendI ran
mvn clean packageright before creating this pull request andadded all formatting changes to my commit.
No? -> execute above command
All new and existing tests passed.
No? -> figure out why and add the fix to your commit. It is your responsibility to make sure your code works.
My pull request is based on the latest changes of the master branch.
No? Unsure? -> execute command
git pull --rebase upstream master