Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add auth.credentials_login permission to default-user #1653

Merged
merged 1 commit into from
Jun 4, 2024
Merged

Add auth.credentials_login permission to default-user #1653

merged 1 commit into from
Jun 4, 2024

Conversation

otaviojacobi
Copy link
Contributor

@otaviojacobi otaviojacobi commented Jun 4, 2024
edited
Loading

This is a step towards enabling more granular logins. Once this is merged we will want to enforce the user has this permission when logg n in here:

open-balena-api/src/features/auth/index.ts

Line 28 in 423fc58

app.post('/login_', loginRateLimiter('body.username'), login(onLogin));

This can't be done directly using the middleware.permissionRequired because this middleware requires a partiallyAuthenticatedUser to work. So we can just enforce it on the login method, as: https://github.com/balena-io/open-balena-api/pull/1654/files#diff-09036ece83a65b9a83897a8dd10e51dec832301f86fe4a21aed2b76d3ef98050R27-R31 in here

We also want to have a "auth.service_account_login" for SSO providers and enforce it, but on balena-api. On SAML specific, the saml role won't have these permissions.

Change-type: minor

@otaviojacobi otaviojacobi requested a review from a team June 4, 2024 16:19
@flowzone-app flowzone-app bot enabled auto-merge June 4, 2024 16:30
auto-merge was automatically disabled June 4, 2024 16:34

Pull request was closed

@otaviojacobi otaviojacobi reopened this Jun 4, 2024
@otaviojacobi otaviojacobi enabled auto-merge June 4, 2024 19:18
@otaviojacobi otaviojacobi merged commit 7328680 into master Jun 4, 2024
90 checks passed
@otaviojacobi otaviojacobi deleted the create-login-credentials-permission branch June 4, 2024 20:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Page- Page- Page- approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@otaviojacobi @Page-