Comments (8)
giosakti
commented on August 10, 2024
@ajeygore can you advise on this? Now that we have encrypted user token, we can't use it anymore by embedding them on layout.
Should we create a new kind of (unencrypted) token/secret that is more restricted and specifically created for accessing utility APIs like these?
from gate.
ajeygore
commented on August 10, 2024
Why do you want to expose search APIs?
from gate.
giosakti
commented on August 10, 2024
these APIs are necessary for autocomplete to function
from gate.
ajeygore
commented on August 10, 2024
Let’s talk about it, how can we do these APIs with authentication. I am right now disabling this APIs, but Tests didn’t fail :-(
… On 14 Mar 2018, at 10:28 AM, Giovanni Sakti ***@***.***> wrote:
these APIs are necessary for autocomplete to function
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#97 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAKK_prKCyoM3qPcTr4inWVIsk2XCiFrks5teI5HgaJpZM4SlwYq>.
from gate.
sidpub
commented on August 10, 2024
Ajey / gio my only point is all endpoints should be validated by sessions or API tokens
from gate.
ajeygore
commented on August 10, 2024
Yes, we will be validating with all sessions tokens, I have already put patch there and committed the code, will work with Gio today and close it. Thanks for raising it.
Ajey
… On 14 Mar 2018, at 11:55 AM, phoenix-labs ***@***.***> wrote:
Ajey / gio my only point is all endpoints should be validated by sessions or API tokens
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#97 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAKK_vHfGpiTUtwxCQq6_uAWVhNSpskeks5teKK7gaJpZM4SlwYq>.
from gate.
giosakti
commented on August 10, 2024
with Ajey's latest commit, this should be secured because Devise already taking care of it. I just confirmed that Devise will check the session and plain request to those APIs won't work anymore (it will be redirected instead).
No need to change the autocomplete fields because session is already embedded in request.
from gate.
ajeygore
commented on August 10, 2024
Marking this as complete.
from gate.
Related Issues (20)
- Fixing null issue with User.get_user_pass_attributes
- 404 issue with favicon and other image assets
- Authentication credentials on some APIs HOT 2
- Thundering herd issue whenever group with high number of host machines is modified HOT 1
- A new group member added on gate does not reflect on nss host fetch api HOT 1
- Easy Demo steps for non ruby experts HOT 3
- Fixing authorization issues on user and group page HOT 1
- rake app:setup fails HOT 5
- OpenVPN auth integration with Gate HOT 9
- Create APIs for managing groups and VPNs
- Create group API should return existing group id if group name already taken
- Generate TOTP token qr code internally
- Stuck at rake app:setup HOT 3
- VPN using SSO fails HOT 2
- Fetch active only user HOT 1
- OpenVPN Server HOT 7
- oAuth failing - NoMethodError in Users::OmniauthCallbacksController#google_oauth2 - request.env['omniauth.auth'] HOT 1
- oAuth Failing - undefined method `new_session_path' for #<Users::OmniauthCallbacksController:0x00007f2c1edfa4e8> Did you mean? new_user_path HOT 1
- oAuth Failing - NoMethodError - undefined method `new_session_path' for #<Users::OmniauthCallbacksController:0x00007f2c1edfa4e8> Did you mean? new_user_path HOT 2
- Routes - No route matches [GET] "/vpn/users/auth/google_oauth2/callback" HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gate.