Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lock Down User Creation To YNet Users, Unless System Admin #107

Open
klondikemarlen opened this issue Jun 7, 2024 · 0 comments
Open

Lock Down User Creation To YNet Users, Unless System Admin #107

klondikemarlen opened this issue Jun 7, 2024 · 0 comments
Assignees
@klondikemarlen
Labels
🔒 security Relates to the security mode of the app. ♻️ refactor Improves code's internal structure without changing its behavior.

Comments

@klondikemarlen
Copy link
Member

Relates to:

Context

Is your feature request related to a problem? Please describe.
Users should only be able to be created, if they exist in the YNet Active Directory. Or are created by a system admin.

Describe the solution you'd like
Lock down user creation, through sign up, and via user creation endpoint, to YNet Active Directory users, unless system admin.

Additional context
This effects both the "all users" create page /api/users and api/src/middlewares/authorization-middleware.ts -> ensureUserFromAuth0Token`
@klondikemarlen klondikemarlen added ♻️ refactor Improves code's internal structure without changing its behavior. 🔒 security Relates to the security mode of the app. labels Jun 7, 2024
@klondikemarlen klondikemarlen self-assigned this Jun 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@klondikemarlen klondikemarlen

Labels
🔒 security Relates to the security mode of the app. ♻️ refactor Improves code's internal structure without changing its behavior.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@klondikemarlen