Review test tokens and impact of authorization, esp wrt read/write/upload permissions

Hyperfoil / Horreum

Benchmark results repository service

https://horreum.hyperfoil.io/

Apache License 2.0

37 stars 31 forks source link

Review test tokens and impact of authorization, esp wrt read/write/upload permissions #789

Open johnaohara opened 1 year ago

johnaohara commented 1 year ago

This depends on : https://github.com/Hyperfoil/Horreum/issues/782

johnaohara commented 1 year ago

Test tokens are generated client side, with no validations on length, complexity etc.

johnaohara commented 1 year ago

There are multiple ways in which tokens can be generated, and it is not consistent between different object types, e.g. Test access tokens are generated client side. Run & Schema tokens are generated server side. There is no record of who generated what token.

johnaohara commented 9 months ago

@barreiro after chatting yesterday, it also seems that you are trying to fix this issue, alongside https://github.com/Hyperfoil/Horreum/issues/780

Is that correct?