Authorization in backend for office worker not works properly

SaintAngeLs / courier_app

Courier-hub application build up with .net and React

2 stars 0 forks source link

Authorization in backend for office worker not works properly #113

Open an2508374 opened 9 months ago

an2508374 commented 9 months ago

There is probably a problem in authorization for office worker in backend, because office worker with credentials: "officeworker@email.com", "officeworker" in IdentityService has set appContext.Identity.IsOfficeWorker property as false during handling with following queries:

GetParcelsOfficeWorkerHandler (ParcelsService)
GetOrderOfficeWorker (OrdersService)
GetOrderOfficeWorkerPending (OrdersService)

And this results in getting empty results in Bank Inquiries, Bank Offers and Manage Pending Offers. problem1 problem2

eggwhat commented 9 months ago

The problem is with authorization not specifically with this service. Some other endpoints are just checking if the request is authorized so they look like there are working but in fact they are not. I would suggest moving to symmetric key unless someone knows how to make ntrada use certs for assymetric keys. For symmetric keys authorization works fine

eggwhat commented 9 months ago

I provided some changes on frontendFix2 branch that make auth work. I don't know if we are happy with that. Also I made small changes on frontend. Please have a look if it is fine.

SaintAngeLs commented 9 months ago

@an2508374 ,@eggwhat, thank you, the changes in the 'frontendFix2' provides the needed functionality. Also the issue with user authentication mentioned partially here #112 is resolved. Thank you!