yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #11667 from lafirest/fix/logout 

fix(sso): Disable access to `logout` endpoint by the `API key`
This commit is contained in:
lafirest 2023-09-25 16:56:04 +08:00 committed by GitHub
parent 7105f68d2d 4f4868a46c
commit 42eb7059fa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_management/src/emqx_mgmt_auth.erl
View File

@ -156,6 +156,8 @@ authorize(<<"/api/v5/users", _/binary>>, _ApiKey, _ApiSecret) ->
{error, <<"not_allowed">>}; {error, <<"not_allowed">>};
authorize(<<"/api/v5/api_key", _/binary>>, _ApiKey, _ApiSecret) -> authorize(<<"/api/v5/api_key", _/binary>>, _ApiKey, _ApiSecret) ->
{error, <<"not_allowed">>}; {error, <<"not_allowed">>};
authorize(<<"/api/v5/logout", _/binary>>, _ApiKey, _ApiSecret) ->
{error, <<"not_allowed">>};
authorize(_Path, ApiKey, ApiSecret) -> authorize(_Path, ApiKey, ApiSecret) ->
Now = erlang:system_time(second), Now = erlang:system_time(second),
case find_by_api_key(ApiKey) of case find_by_api_key(ApiKey) of

4
rel/i18n/emqx_dashboard_api.hocon
View File

@ -43,7 +43,9 @@ login_success.desc:
"""Dashboard Auth Success""" """Dashboard Auth Success"""
logout_api.desc: logout_api.desc:
"""Dashboard user logout""" """Dashboard user logout.
This endpoint is only for the Dashboard, not the `API Key`.
The token from the `/login` endpoint must be a bearer authorization in the headers."""
logout_api.label: logout_api.label:
"""Dashboard user logout""" """Dashboard user logout"""