Uploaded image for project: 'GPII - Global Public Inclusive Infrastructure'
  1. GPII - Global Public Inclusive Infrastructure
  2. GPII-3717

Enhance logon procedure to allow signalling of requests from NOVA

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Work for GPII-3711 requires 3 additional security checks for HTTP requests from NOVA:
      1. Verify IP addresses of incoming requests to ensure they are within NOVA IP range;
      2. Only NOVA computers have privilege to retrieve and save user settings for nonexistent GPII keys, in which case the specified GPII key and its associated preference safes will be automatically created;
      3. Verify preferences to be saved against a list of preferences that are allowed to be updated/created.

      The enhanced data model done via GPII-3719 shows new document fields required for this work.

      Adjustments to APIs to accomplish these security checks:

      • /access_token handler:
        1. verify ip addresses;
        2. if a client credential in the request doesn't have privilege to create new GPII keys and prefs safes but it requests access to a nonexistent GPII key, this request will be rejected.
      • /settings PUT handler:
        If "allowedPrefsToWrite" is defined, all preference keys must be in this array. Any request to create or update preferences that are not allowed will be rejected.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                cli@ocad.ca Cindy Qi Li
                Reporter:
                amb26 Antranig Basman
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: