[Bug]: Git user config page can be accessed without user signed in about appsmith HOT 4 CLOSED

Hi @brayn003 , I have raised a PR for this issue. Can you take a look at it? Thank you.

from appsmith.

Hi @riteshkew , @Nikhil-Nandagopal

Please find the possible solution through my findings:

"To secure the Git user config page, we need to implement route protection on the frontend using a higher-order component to check for user authentication and redirect unauthenticated users to the login page. On the backend, we will use Spring Security to ensure that only authenticated users can access the /profile endpoint. This solution ensures that sensitive configuration settings are protected from unauthorized access."

Our team will be working on this issue and update accordingly.

from appsmith.

@SunnyTitus @Nikhil-Nandagopal I am picking up this issue.

Approach:
In the profile page there is a tab with two tablist:

• General tab (default tab)
• Git config tabl

Observation:
User - > unauthorized
When the user is in the profile page with the general tab selected by default , it is showing the general tab and also not redirecting to the sign in page.

When we click on the git config tab , it redirects us to the sign in page.

Possible Reason: when git config page mounts it calls this protected endpoint:
https://dev.appsmith.com/api/v1/git/profile/default which is missing when general tab mounts.

Solving Approach:
We can call this protected endpoint when the general tab page also mounts to protect this page from unauthorized users.

from appsmith.

Hi @Shivam-z, thank you for showing an interest in solving this issue. Please go ahead and raise a PR, I will help you with review and testing once it is done.

from appsmith.