You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2022/03/03 23:06:09 UTC
[GitHub] [trafficcontrol] mattjackson220 commented on a change in pull request #6577: JWT Authorization
mattjackson220 commented on a change in pull request #6577:
URL: https://github.com/apache/trafficcontrol/pull/6577#discussion_r819136197
##########
File path: traffic_ops/traffic_ops_golang/cdni/shared.go
##########
@@ -518,7 +531,14 @@ func checkBearerToken(bearerToken string, inf *api.APIInfo) (string, error) {
return "", errors.New("invalid token - incorrect dcdn")
}
if ucdn == "" {
- return "", errors.New("invalid token - empty ucdn field")
+ if inf.User.RoleName == tc.AdminRoleName {
+ ucdn = inf.Params["ucdn"]
+ if ucdn == "" {
+ return "", errors.New("admin level ucdn requests require a ucdn query parameter")
+ }
+ } else {
+ return "", errors.New("invalid token - empty ucdn field")
+ }
Review comment:
i dont think we need to since we control all sides of the equation but i can add it in to be extra safe. people shouldnt be changing ucdns really and if they do then they would still see their old ucdn until they log out and log back in or the token expires in 6 hours. i was trying to avoid an extra DB call but might as well be extra safe
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@trafficcontrol.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org