search

iqasport / referee_hub

The hub for all internal data and management of that data in the IQA.
3 stars 4 forks source link

Prevent unauthenticated access to endpoints that contain PII #353

Closed manio143 closed 1 year ago

manio143 commented 1 year ago

Accessing /api/v1/referees returns data of all referees even in unauthenticated context. There's no reason to suspect this endpoint has been accessed improperly.

codecov[bot] commented 1 year ago

Codecov Report

Base: 66.87% // Head: 66.87% // No change to project coverage :thumbsup:

Coverage data is based on head (d002e7b) compared to base (115cd72). Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #353 +/- ## ======================================= Coverage 66.87% 66.87% ======================================= Files 129 129 Lines 2895 2895 Branches 148 148 ======================================= Hits 1936 1936 Misses 959 959 ``` | [Impacted Files](https://codecov.io/gh/iqasport/referee_hub/pull/353?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=iqasport) | Coverage Δ | | |---|---|---| | [...ers/api/v1/national\_governing\_bodies\_controller.rb](https://codecov.io/gh/iqasport/referee_hub/pull/353/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=iqasport#diff-YXBwL2NvbnRyb2xsZXJzL2FwaS92MS9uYXRpb25hbF9nb3Zlcm5pbmdfYm9kaWVzX2NvbnRyb2xsZXIucmI=) | `95.31% <100.00%> (ø)` | | | [app/controllers/api/v1/referees\_controller.rb](https://codecov.io/gh/iqasport/referee_hub/pull/353/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=iqasport#diff-YXBwL2NvbnRyb2xsZXJzL2FwaS92MS9yZWZlcmVlc19jb250cm9sbGVyLnJi) | `96.20% <100.00%> (ø)` | | Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=iqasport). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=iqasport)

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.