markcarroll
commented
5 years ago I hit these too. They API only shows up in the first usage plan in the Admin Panel, but shows up multiple times in the sidebar on the API page.
Open a-tan opened 5 years ago
markcarroll
commented
5 years ago I hit these too. They API only shows up in the first usage plan in the Admin Panel, but shows up multiple times in the sidebar on the API page.
markcarroll
commented
5 years ago Is there any news of progress on this? It is a huge security issue.
I have one usage plan for the DevPortal that is fairly restricted by daily usage as it is for testing/eval, then I have usage plans for production use of the APIs. Since the admin pages are so messed up, if I add the APIs from the dev portal usage plan and someone subscribes, they inadvertently get added to the production ones instead.
@a-tan @Trial-In-Error is anyone working on this and any news of a timeline for a fix?
a-tan
commented
5 years ago @markcarroll I didn't notice this bug, but I tried it after reading your comment and can repro. I added a bug 4 to my original post and will check with the team on when we can get this fixed.
mcronje75
commented
4 years ago Hi, Is there any feedback on this bug?
mvanbaak
commented
4 years ago Hi, I'm also wondering what the status on this one is
jakobnordztrom
commented
4 years ago I'd like to see this one fixed as well!
markcarroll
commented
4 years ago @amazon-meaisiah any chance you can look at this issue?
nzphoenix
commented
3 years ago Is it possible to get an update on this? This is a pretty major bug that can lead to serious security implications.
cvsudheer108
commented
3 years ago Unable to use multiple usage plans for the same API is a serious problem. Any update on this , please?
nzphoenix
commented
1 year ago Is there some way to get this significant security issue addressed? Unfortunately it appears that the developer portal is not really supported outside of dependency upgrades every so often?
There are 3 related bugs that appear as part of this. Repro setup: A) Create API A B) Create API AB C) Add API A to Usage Plan A D) Add API AB to Usage Plan A and Usage Plan B Bug 1) In the Admin Panel the API AB is only listed in Usage Plan B. API AB should show up in both Usage Plan A and Usage Plan B
E) Publish Usage Plan A in Admin Panel F) Go to API List Bug 2) API AB shows up twice and selecting one entry selects both entries. User should only see one entry for API AB
F) Subscribe to API AB Bug 4) User is subscribed to Usage Plan B. User should be subscribed to Usage Plan A because that is the one published.
G) Go to Admin Panel H) Hide Usage Plan B I) Go to API List Bug 3) API AB still shows up in API List and is selectable. However it doesn't do anything, refreshing the page removes it.