Open yoramw opened 8 years ago
What logic place do you mean?
We have check on login step: https://github.com/Cloudify-PS/walle-service/blob/00e0c8ee1bd393c52fb8d14ca9bada34796fed7f/walle-api-server/walle_api_server/resources/login_openstack.py#L74
On every requests we check: https://github.com/Cloudify-PS/walle-service/blob/00e0c8ee1bd393c52fb8d14ca9bada34796fed7f/walle-api-server/walle_api_server/cli/app.py#L96
Malicious user can provide his own x-openstack-keystore-url and login to the system without authorization.
Please change to a pre set keystone url (or a list of keystone urls) that are preconfigured and verify this url is within this list.