Comments (5)
You indicate in the document that the request method of the /wolf/user-role/set interface is POST, but I test accidentally found that the PUT method can also be successful. Is this a bug?
This is a known problem, there is no strict verification of the http request method, POST and PUT mixed should not have any problems.
Even if the user's appID list does not have this application, the role binding of this application can still be added and it can take effect
This problem is currently controlled from theConsole
interface. The backend interface has not yet been validated for this. I'll find some time later to work on the corresponding checksum issue. Or do you have time to address this issue and submit a PR?
from wolf.
Oh my god, LOL ;-) Just now, I did the test again.
I found that there are no effective restrictions in many places (For example, use the add user interface to add non-existent applications to the appID list)
Maybe your intention is to rely on the console front end to control,But there are so many scenarios using API,It is not elegant enough not to restrict the backend.
This problem is currently controlled from the Console interface. The backend interface has not yet been validated for this. I'll find some time later to work on the corresponding checksum issue. Or do you have time to address this issue and submit a PR?
I think this task is huge, maybe you can try to modify one interface as an example, I will try to modify other interfaces according to this example
from wolf.
Okay, I'll add this to my TODO list and work on it as soon as possible.
from wolf.
#9 In this PR, I added request method verification to any interfaces. I don’t know Whether it meets your coding style. Please review
from wolf.
All the above issues have been fixed.
ba97310
bc497b0
91a6a3f
from wolf.
Related Issues (20)
- 是否适用于生产 HOT 2
- Build a user chat group,for user communication HOT 1
- wolf console run npm install given error HOT 1
- limit 256 HOT 2
- External directory (e.g. OpenLDAP/AD/JumpCloud) integration? HOT 1
- 是否考虑支持角色之间的权限继承? HOT 1
- restapi HOT 2
- restapi-角色权限 HOT 3
- wolf-console-limit HOT 3
- 能支持多租户吗 HOT 1
- 资源或者权限能否限制到host? HOT 3
- how about the stress resistance when used with apisix gateway HOT 2
- 启用redis cache连接失败 HOT 1
- auth_type可否扩展签名认证方式
- user role assignment on wolf dashboard? HOT 1
- 不启动redis cache的情况下,wolf-cache被指向redis, 登录接口超时 HOT 3
- 管理接口能提供按用户名获取用户信息的功能么? HOT 1
- The dashboard login need add human vaild ban the bot HOT 3
- wolf-server connect redis error HOT 2
- 问题:是否能只用API权限验证功能,而不用wolf的用户登录功能 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wolf.