Comments (4)
Hi @brayn003 , I have raised a PR for this issue. Can you take a look at it? Thank you.
from appsmith.
Hi @riteshkew , @Nikhil-Nandagopal
Please find the possible solution through my findings:
"To secure the Git user config page, we need to implement route protection on the frontend using a higher-order component to check for user authentication and redirect unauthenticated users to the login page. On the backend, we will use Spring Security to ensure that only authenticated users can access the /profile endpoint. This solution ensures that sensitive configuration settings are protected from unauthorized access."
Our team will be working on this issue and update accordingly.
from appsmith.
@SunnyTitus @Nikhil-Nandagopal I am picking up this issue.
Approach:
In the profile page there is a tab with two tablist:
- General tab (default tab)
- Git config tabl
Observation:
User - > unauthorized
When the user is in the profile page with the general tab selected by default , it is showing the general tab and also not redirecting to the sign in page.
When we click on the git config tab , it redirects us to the sign in page.
Possible Reason: when git config page mounts it calls this protected endpoint:
https://dev.appsmith.com/api/v1/git/profile/default which is missing when general tab mounts.
Solving Approach:
We can call this protected endpoint when the general tab page also mounts to protect this page from unauthorized users.
from appsmith.
Hi @Shivam-z, thank you for showing an interest in solving this issue. Please go ahead and raise a PR, I will help you with review and testing once it is done.
from appsmith.
Related Issues (20)
- [Bug]: Testing bug creation HOT 5
- [Bug]: Platform Test Issue
- [Bug]: Test okatform issue
- [Feature]: Notification Bell HOT 1
- [Bug]: Unable to add a task in the default TO DO Template - errors with permission denied
- [Bug]: `400 - Bad request` error seen while forking apps from within the application
- [Task] Git Observability
- [Bug]: Mongodb collections are not in sorted order in schemas. HOT 8
- Add Select's thumbnail and icon
- [Bug]: [intermittent] error toast when navigating to apps home
- [Task]: Debugging issue for alias importing not worked for cypress in given PR
- [Task]: MockDB test cases updates
- Task: Update latest cypress setup guide to help internal and external contributors.
- [Bug]: Pencil icon for rename action of workspace is missing
- [Task - Server]: Server side implementation of create CRON schedule api for workflows
- [Task]: Remove sanitise action functionality from actions view mode
- [Bug] Module editor shows missing inputs in debugger for other query modules in package editor
- [Bug]: Long repo name causes text overlap in the appsmith git modal
- [Task]: Fetch actions for each page instead of all actions in app
- [Bug] Remove reference to Discord in error messages when a page fails
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from appsmith.