MTV-1377 | Fix web auth with wrong token

Issue: When we request the inventory web endpoint the auth functions allows the user to get the endpoint even with incorrect token. Fix: Change the permit function logic so we do not set the auth=true. Signed-off-by: Martin Necas <[email protected]>
kubev2v · Sep 4, 2024 · 7c3bc0a · 7c3bc0a
1 parent 55dfc99
commit 7c3bc0a
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/pkg/controller/provider/web/base/auth.go b/pkg/controller/provider/web/base/auth.go
@@ -64,7 +64,7 @@ func (r *Auth) Permit(ctx *gin.Context, p *api.Provider) (status int, err error)
 		ns = q.Get(NsParam)
 	}
 	allowed, err := r.permit(token, ns, p)
-	if allowed && err != nil {
+	if err != nil {
 		log.Error(err, "Authorization failed.")
 		status = http.StatusInternalServerError
 		return
@@ -85,7 +85,6 @@ func (r *Auth) Permit(ctx *gin.Context, p *api.Provider) (status int, err error)
 
 // Authenticate token.
 func (r *Auth) permit(token string, ns string, p *api.Provider) (allowed bool, err error) {
-	allowed = true
 	tr := &auth.TokenReview{
 		Spec: auth.TokenReviewSpec{
 			Token: token,