Issue #8524: Disable guardians' AnonymousUser - Pulp

Actions

Send by e-mail Copy link

Issue #8524

closed

Disable guardians' AnonymousUser

Added by ipanova@redhat.com over 3 years ago. Updated over 3 years ago.

Status:

CLOSED - CURRENTRELEASE

Priority:

Normal

Assignee:

ipanova@redhat.com

Category:

-

Sprint/Milestone:

Start date:

Due date:

Estimated time:

Severity:

2. Medium

Version:

Platform Release:

OS:

Triaged:

Yes

Groomed:

No

Sprint Candidate:

No

Tags:

Sprint:

Sprint 94

Quarter:

Description

The Guardian anonymous user is different from the Django Anonymous user. https://django-guardian.readthedocs.io/en/stable/configuration.html#anonymous-user-name

We are using DRF access policy which evaluetes this user as not anonymous and authenticated, this is a security concern. https://github.com/rsinger86/drf-access-policy/blob/master/rest_access_policy/access_policy.py#L99-L106

Actions

#1

Updated by pulpbot over 3 years ago

Status changed from NEW to POST

PR: https://github.com/pulp/pulpcore/pull/1239

Actions

#2

Updated by ipanova@redhat.com over 3 years ago

Assignee set to ipanova@redhat.com
Sprint set to Sprint 94

Actions

#3

Updated by fao89 over 3 years ago

Triaged changed from No to Yes

Added by ipanova@redhat.com over 3 years ago

Revision 5d63fc9a | View on GitHub

Disable django guardian's anonymous user.

closes #8524

Required PR: https://github.com/pulp/pulp-cli/pull/198

Actions

#4

Updated by ipanova@redhat.com over 3 years ago

Status changed from POST to MODIFIED

Applied in changeset pulpcore|5d63fc9ad78dfb63c68a52c28f21703a90164b08.

Actions

#5

Updated by dalley over 3 years ago

Sprint/Milestone set to 3.13.0

Actions

#6

Updated by pulpbot over 3 years ago

Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Actions

Send by e-mail Copy link

Also available in: Atom PDF