You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@shenyu.apache.org by GitBox <gi...@apache.org> on 2022/07/03 14:26:10 UTC

[GitHub] [incubator-shenyu] nuo-promise opened a new pull request, #3658: #3657 Fix Admin have insecure permissions

nuo-promise opened a new pull request, #3658:
URL: https://github.com/apache/incubator-shenyu/pull/3658

   <!-- Describe your PR here; eg. Fixes #issueNo -->
   
   <!--
   Thank you for proposing a pull request. This template will guide you through the essential steps necessary for a pull request.
   -->
   Make sure that:
   
   - [ ] You have read the [contribution guidelines](https://shenyu.apache.org/community/contributor-guide).
   - [ ] You submit test cases (unit or integration tests) that back your changes.
   - [ ] Your local test passed `./mvnw clean install -Dmaven.javadoc.skip=true`.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shenyu.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-shenyu] codecov-commenter commented on pull request #3658: #3657 Fix Admin have insecure permissions

Posted by GitBox <gi...@apache.org>.

codecov-commenter commented on PR #3658:
URL: https://github.com/apache/incubator-shenyu/pull/3658#issuecomment-1173103997

   # [Codecov](https://codecov.io/gh/apache/incubator-shenyu/pull/3658?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
   > Merging [#3658](https://codecov.io/gh/apache/incubator-shenyu/pull/3658?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (b86ef5b) into [master](https://codecov.io/gh/apache/incubator-shenyu/commit/5bee11232b27f52e02048726126316c155fec8c8?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (5bee112) will **decrease** coverage by `0.38%`.
   > The diff coverage is `0.00%`.
   
   ```diff
   @@             Coverage Diff              @@
   ##             master    #3658      +/-   ##
   ============================================
   - Coverage     62.43%   62.04%   -0.39%     
   + Complexity     5924     5881      -43     
   ============================================
     Files           903      903              
     Lines         24952    24946       -6     
     Branches       2283     2282       -1     
   ============================================
   - Hits          15578    15478     -100     
   - Misses         7928     8021      +93     
   - Partials       1446     1447       +1     
   ```
   
   
   | [Impacted Files](https://codecov.io/gh/apache/incubator-shenyu/pull/3658?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
   |---|---|---|
   | [...enyu/admin/controller/DashboardUserController.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LWFkbWluL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvYWRtaW4vY29udHJvbGxlci9EYXNoYm9hcmRVc2VyQ29udHJvbGxlci5qYXZh) | `80.64% <0.00%> (-11.95%)` | :arrow_down: |
   | [...apache/shenyu/admin/utils/ShenyuResultMessage.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LWFkbWluL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvYWRtaW4vdXRpbHMvU2hlbnl1UmVzdWx0TWVzc2FnZS5qYXZh) | `0.00% <ø> (ø)` | |
   | [...henyu/plugin/logging/kafka/LoggingKafkaPlugin.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LXBsdWdpbi9zaGVueXUtcGx1Z2luLWxvZ2dpbmcvc2hlbnl1LXBsdWdpbi1sb2dnaW5nLWthZmthL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvcGx1Z2luL2xvZ2dpbmcva2Fma2EvTG9nZ2luZ0thZmthUGx1Z2luLmphdmE=) | `22.72% <0.00%> (-72.73%)` | :arrow_down: |
   | [...ache/shenyu/plugin/grpc/cache/GrpcClientCache.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LXBsdWdpbi9zaGVueXUtcGx1Z2luLWdycGMvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3NoZW55dS9wbHVnaW4vZ3JwYy9jYWNoZS9HcnBjQ2xpZW50Q2FjaGUuamF2YQ==) | `75.00% <0.00%> (-25.00%)` | :arrow_down: |
   | [...controller/ShenyuClientHttpRegistryController.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LWFkbWluL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvYWRtaW4vY29udHJvbGxlci9TaGVueXVDbGllbnRIdHRwUmVnaXN0cnlDb250cm9sbGVyLmphdmE=) | `77.77% <0.00%> (-22.23%)` | :arrow_down: |
   | [...n/logging/kafka/body/LoggingServerHttpRequest.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LXBsdWdpbi9zaGVueXUtcGx1Z2luLWxvZ2dpbmcvc2hlbnl1LXBsdWdpbi1sb2dnaW5nLWthZmthL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvcGx1Z2luL2xvZ2dpbmcva2Fma2EvYm9keS9Mb2dnaW5nU2VydmVySHR0cFJlcXVlc3QuamF2YQ==) | `0.00% <0.00%> (-20.00%)` | :arrow_down: |
   | [...gin/logging/kafka/kafka/KafkaLogCollectClient.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LXBsdWdpbi9zaGVueXUtcGx1Z2luLWxvZ2dpbmcvc2hlbnl1LXBsdWdpbi1sb2dnaW5nLWthZmthL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvcGx1Z2luL2xvZ2dpbmcva2Fma2Eva2Fma2EvS2Fma2FMb2dDb2xsZWN0Q2xpZW50LmphdmE=) | `34.69% <0.00%> (-18.37%)` | :arrow_down: |
   | [.../plugin/logging/kafka/entity/ShenyuRequestLog.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LXBsdWdpbi9zaGVueXUtcGx1Z2luLWxvZ2dpbmcvc2hlbnl1LXBsdWdpbi1sb2dnaW5nLWthZmthL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvcGx1Z2luL2xvZ2dpbmcva2Fma2EvZW50aXR5L1NoZW55dVJlcXVlc3RMb2cuamF2YQ==) | `86.20% <0.00%> (-13.80%)` | :arrow_down: |
   | [...ruptor/RegisterClientServerDisruptorPublisher.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LWFkbWluL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvYWRtaW4vZGlzcnVwdG9yL1JlZ2lzdGVyQ2xpZW50U2VydmVyRGlzcnVwdG9yUHVibGlzaGVyLmphdmE=) | `52.94% <0.00%> (-11.77%)` | :arrow_down: |
   | [...a/org/apache/shenyu/common/utils/VersionUtils.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LWNvbW1vbi9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvc2hlbnl1L2NvbW1vbi91dGlscy9WZXJzaW9uVXRpbHMuamF2YQ==) | `67.85% <0.00%> (-10.72%)` | :arrow_down: |
   | ... and [43 more](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | |
   
   ------
   
   [Continue to review full report at Codecov](https://codecov.io/gh/apache/incubator-shenyu/pull/3658?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
   > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
   > `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
   > Powered by [Codecov](https://codecov.io/gh/apache/incubator-shenyu/pull/3658?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [5bee112...b86ef5b](https://codecov.io/gh/apache/incubator-shenyu/pull/3658?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shenyu.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shenyu] dragon-zhang commented on a diff in pull request #3658: #3657 Fix Admin have insecure permissions

Posted by GitBox <gi...@apache.org>.

dragon-zhang commented on code in PR #3658:
URL: https://github.com/apache/shenyu/pull/3658#discussion_r930927148


##########
shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java:
##########
@@ -158,6 +161,11 @@ public ShenyuAdminResult modifyPassword(@PathVariable("id")
                                             @Existed(provider = DashboardUserMapper.class,
                                                     message = "user is not found") final String id,
                                             @Valid @RequestBody final DashboardUserDTO dashboardUserDTO) {
+        UserInfo userInfo = (UserInfo) SecurityUtils.getSubject().getPrincipal();
+        if (Objects.isNull(userInfo) || !userInfo.getUserId().equals(id)

Review Comment:
   `Objects.isNull(userInfo)` maybe need to return another error message.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shenyu.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shenyu] dragon-zhang merged pull request #3658: #3657 Fix Admin have insecure permissions

Posted by GitBox <gi...@apache.org>.

dragon-zhang merged PR #3658:
URL: https://github.com/apache/shenyu/pull/3658


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shenyu.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org