Closed Foxcapades closed 7 months ago
Stealing this issue to encompass more involved refinement of the interaction between our two auth annotations. Final proposal:
@Authenticated: perform user discovery and deny if not present
- allowGuests: allow guests; trumps admin- never allow guest if allowGuests=false
- adminOverride: AdminOverrideOption (header/queryParam "proxied-user-id")
enum AdminOverrideOption {
DISALLOW, // (default if missing) admin is irrelevant
ALLOW_WITH_USER, // allow access but only if proxied-user-id header/qp is present and legit
ALLOW_ALWAYS // allow access; try to find user but OK if missing
}
@AdminRequired: require admin and deny if missing/incorrect
- 500 if needed and misconfigured (github issue to scan endpoints on startup)
So code would look something like this:
boolean hasValidAdmin = false;
if (adminDiscoveryRequired)
// only check if needed
hasValidAdmin = look for admin and check valid (500/403)
}
if (adminRequired and !hasValidAdmin) 403
if (!userDiscoveryRequired) return // done
Optional<User> authKeyUser = look for user in Auth-Key (500/401)
if (override == disallow || !hasValidAdmin) {
401 if authKeyUser.isMissing
403 if !allowGuests and authKeyUser.get.isGuest
setOnRequest(authKeyUser)
return
}
// override != disallow && hasValidAdmin
Optional<User> proxiedUser = look for user in proxied-user
if (override == allow_with_user && proxiedUser.isEmpty) 401
setOnRequest(proxiedUser)
return
Add a new header and auth option that allows specified endpoints to allow for admin auth instead of user auth.