-
Notifications
You must be signed in to change notification settings - Fork 147
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure the api endpoints #151
Comments
Yes, we should create middlewares to check whether the user is created of that class |
@atulya2109 are you willing to work on this issue? |
@aavishkarmishra Yeah, sure. |
5 tasks
5 tasks
@aavishkarmishra The pull request was merged but my points weren't updated. Please look into it |
aavishkarmishra
added
good first issue
Good for newcomers
Level0
Minor Documentation
Level1
Major Documentation
Level3
New features, major bug fixing
bug
Something isn't working
security
and removed
gssoc21
Level0
Minor Documentation
Level1
Major Documentation
Level2
Bug Fixing, adding small features
Level3
New features, major bug fixing
good first issue
Good for newcomers
labels
Jun 6, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
This is an umbrella issue for all the issues that could be related to securing endpoints. For example, when creating a test the class id is passed in the POST Request but it isn't verified on the back end whether the user is the admin of the class or not. Therefore, anyone can create tests in any class. Similarly, in delete test endpoint as well it should be checked whether the user has delete privileges or not.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Test creation should fail instead of creating it in another class.
Desktop (please complete the following information):
Additional context
There are many other security issues in other end points as well.
The text was updated successfully, but these errors were encountered: