Project

Profile

Help

Actions
Send by e-mail Copy link

Issue #8524

closed

Disable guardians' AnonymousUser

Added by ipanova@redhat.com about 3 years ago. Updated almost 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
ipanova@redhat.com
Category:
-
Sprint/Milestone:
3.13.0
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 94
Quarter:

Description

The Guardian anonymous user is different from the Django Anonymous user. https://django-guardian.readthedocs.io/en/stable/configuration.html#anonymous-user-name

We are using DRF access policy which evaluetes this user as not anonymous and authenticated, this is a security concern. https://github.com/rsinger86/drf-access-policy/blob/master/rest_access_policy/access_policy.py#L99-L106

Actions
Copy link
 #1

Updated by pulpbot about 3 years ago

  • Status changed from NEW to POST
Actions
Copy link
 #2

Updated by ipanova@redhat.com about 3 years ago

  • Assignee set to ipanova@redhat.com
  • Sprint set to Sprint 94
Actions
Copy link
 #3

Updated by fao89 about 3 years ago

  • Triaged changed from No to Yes

Added by ipanova@redhat.com about 3 years ago

Revision 5d63fc9a | View on GitHub

Disable django guardian's anonymous user.

closes #8524

Required PR: https://github.com/pulp/pulp-cli/pull/198

Actions
Copy link
 #4

Updated by ipanova@redhat.com about 3 years ago

  • Status changed from POST to MODIFIED
Actions
Copy link
 #5

Updated by dalley almost 3 years ago

  • Sprint/Milestone set to 3.13.0
Actions
Copy link
 #6

Updated by pulpbot almost 3 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Actions
Send by e-mail Copy link

Also available in: Atom PDF