Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG - EGO : All Admin access api's should not return HTTP 400 when invalid or not provided #708

Open
Azher2Ali opened this issue May 29, 2023 · 0 comments
Open

BUG - EGO : All Admin access api's should not return HTTP 400 when invalid or not provided #708

Azher2Ali opened this issue May 29, 2023 · 0 comments
Assignees
@Azher2Ali
Labels
bug Something isn't working ITCR-Passport

Comments

@Azher2Ali
Copy link
Contributor

EGO : All Admin access api's should not return HTTP 400 when api key is not provided or invalid and should return HTTP 401

Description

EGO : All Admin access api's should not return HTTP 400 when api key is not provided or invalid and should return HTTP 401. Also invalid jwt should return 401, valid jwt but wrong credentials (ie. not admin) should return 403

Expected Behaviour

All Admin access api's in ego should return HTTP 401 Unauthorized when api key is not provided or is invalid.

Actual Behaviour

All Admin access api's in ego is returning HTTP 400 Bad Request when an api key is not provided or is invalid.

Sample response
{
"timestamp": "2023-05-26T14:32:48.744+0000",
"status": 400,
"error": "Bad Request",
"path": "/visa"
}

Possible Fix

Need to compare with older ego version to check the difference in changes done during Spring version upgrade for OAuth2SecurityRequestResolver

Steps to Reproduce

  1. Go to 'https://ego-passport.dev.cancogen.cancercollaboratory.org/swagger-ui/index.html'
  2. Do not provide any api key in "Authorize" tab.
  3. Test any api within ego
  4. Response returned is HTTP 400 Bad Request
@Azher2Ali Azher2Ali added bug Something isn't working ITCR-Passport labels May 29, 2023
@Azher2Ali Azher2Ali self-assigned this May 29, 2023
@Azher2Ali Azher2Ali changed the title BUG - EGO : All Admin access api's should not return HTTP 400 when api key is not provided or invalid and should return HTTP 401 BUG - EGO : All Admin access api's should not return HTTP 400 when invalid or not provided May 29, 2023
@Azher2Ali Azher2Ali mentioned this issue Jun 1, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Azher2Ali Azher2Ali

Labels
bug Something isn't working ITCR-Passport
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Azher2Ali