Commit 13fdb5c9 authored by Afonso Castanheta's avatar Afonso Castanheta
Browse files

Refactor user validation logic to fix fail-open pattern vulnerability (API Auditing)

parent 9e67b93a
Loading
Loading
Loading
Loading
Loading
+5 −6
Original line number Diff line number Diff line
@@ -6,7 +6,7 @@ from ..encoder import CustomJSONEncoder
from ..models.problem_details import ProblemDetails
from ..util import serialize_clean_camel_case
from .resources import Resource
from .responses import internal_server_error
from .responses import internal_server_error, not_found_error, forbidden_error


class ControlAccess(Resource):
@@ -19,11 +19,10 @@ class ControlAccess(Resource):
            my_query = {'cert_signature': cert_signature}
            cert_entry = cert_col.find_one(my_query)

            if cert_entry is not None:
                if cert_entry["role"] != "AMF":
                    prob = ProblemDetails(title="Unauthorized", detail="User not authorized", cause="You are not the owner of this resource")
                    prob = serialize_clean_camel_case(prob)
                    return Response(json.dumps(prob, cls=CustomJSONEncoder), status=401, mimetype="application/json")
            if cert_entry is None:
                return not_found_error(detail="Certificate not found", cause="No certificate matches the provided signature")
            elif cert_entry["role"] != "AMF":
                return forbidden_error(detail="User not authorized", cause="You are not the owner of this resource")

        except Exception as e:
            exception = "An exception occurred in validate invoker"