Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove implementations for X-Admin-Request #59

Open
Noroth opened this issue Feb 8, 2023 · 1 comment
Open

Remove implementations for X-Admin-Request #59

Noroth opened this issue Feb 8, 2023 · 1 comment
Labels
legacy

Comments

@Noroth
Copy link
Contributor

Noroth commented Feb 8, 2023
edited
Loading

In order to perform admin calls, we added an additional security layer to the authorization. The service requires the header X-Admin-Request to be set with the constant value available

This header is set from the legacy regsys classic.

Once the identity provider supports 2FA we have to remove the implementations within the service.

Hint: Searching for:
// See reference https://github.com/eurofurence/reg-payment-service/issues/57

Should locate all code sections, which have to be removed.
@Noroth Noroth added the legacy label Feb 8, 2023
@Jumpy-Squirrel
Copy link
Contributor

Already removed this in the room-service (which does not expose highly sensitive data). By the same argument, we can remove all checks for this header from this service.

Keep in mind that it will stay in the attendee-service for now, so admin requests sent TO the attendee service will still need it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
legacy
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Noroth @Jumpy-Squirrel