Open riteshkew opened 3 weeks ago
Hi @riteshkew , @Nikhil-Nandagopal
Please find the possible solution through my findings:
"To secure the Git user config page, we need to implement route protection on the frontend using a higher-order component to check for user authentication and redirect unauthenticated users to the login page. On the backend, we will use Spring Security to ensure that only authenticated users can access the /profile endpoint. This solution ensures that sensitive configuration settings are protected from unauthorized access."
Our team will be working on this issue and update accordingly.
@SunnyTitus @Nikhil-Nandagopal I am picking up this issue.
Approach: In the profile page there is a tab with two tablist:
Observation: User - > unauthorized When the user is in the profile page with the general tab selected by default , it is showing the general tab and also not redirecting to the sign in page.
When we click on the git config tab , it redirects us to the sign in page.
Possible Reason: when git config page mounts it calls this protected endpoint: https://dev.appsmith.com/api/v1/git/profile/default which is missing when general tab mounts.
Solving Approach: We can call this protected endpoint when the general tab page also mounts to protect this page from unauthorized users.
Hi @Shivam-z, thank you for showing an interest in solving this issue. Please go ahead and raise a PR, I will help you with review and testing once it is done.
Hi @brayn003 , I have raised a PR for this issue. Can you take a look at it? Thank you.
Is there an existing issue for this?
Description
When we go to app.appsmith.com/profile, the pages can be accessed without the user logging in. Ideally it should be redirected to login page.
Steps To Reproduce
Public Sample App
No response
Environment
Production
Severity
High (Blocker to building or releasing)
Issue video log
No response
Version
Cloud - 1.29