Fix unauthorized routes in ApiHandler

uyuni-project · Feb 21, 2025 · 17d5403 · 17d5403
1 parent 0c5cf64
commit 17d5403
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 12 deletions.
diff --git a/java/code/src/com/redhat/rhn/frontend/xmlrpc/api/ApiHandler.java b/java/code/src/com/redhat/rhn/frontend/xmlrpc/api/ApiHandler.java
@@ -17,7 +17,6 @@
 import com.redhat.rhn.common.conf.Config;
 import com.redhat.rhn.common.conf.ConfigDefaults;
 import com.redhat.rhn.common.util.StringUtil;
-import com.redhat.rhn.domain.user.User;
 import com.redhat.rhn.frontend.xmlrpc.BaseHandler;
 import com.redhat.rhn.frontend.xmlrpc.HandlerFactory;
 
@@ -92,19 +91,17 @@ public String getVersion() {
     }
 
     /** Lists available API namespaces
-     * @param loggedInUser The current user
      * @return map of API namespaces
      *
      * @apidoc.doc Lists available API namespaces
-     * @apidoc.param #session_key()
      * @apidoc.returntype
      *   #struct_begin("namespace")
      *        #prop_desc("string", "namespace", "API namespace")
      *        #prop_desc("string", "handler", "API Handler")
      *   #struct_end()
      */
     @ReadOnly
-    public Map<String, String> getApiNamespaces(User loggedInUser) {
+    public Map<String, String> getApiNamespaces() {
         return handlers.getKeys().stream().collect(Collectors.toMap(
            namespace -> namespace,
            namespace -> StringUtil.getClassNameNoPackage(
@@ -114,11 +111,9 @@ public Map<String, String> getApiNamespaces(User loggedInUser) {
 
     /**
      * Lists all available api calls grouped by namespace
-     * @param loggedInUser The current user
      * @return a map containing list of api calls for every namespace
      *
      * @apidoc.doc Lists all available api calls grouped by namespace
-     * @apidoc.param #session_key()
      * @apidoc.returntype
      *   #struct_begin("method_info")
      *       #prop_desc("string", "name", "method name")
@@ -128,21 +123,19 @@ public Map<String, String> getApiNamespaces(User loggedInUser) {
      *   #struct_end()
      */
     @ReadOnly
-    public Map<String, Object> getApiCallList(User loggedInUser) {
+    public Map<String, Object> getApiCallList() {
         return handlers.getKeys().stream().collect(Collectors.toMap(
             namespace -> namespace,
-            namespace -> getApiNamespaceCallList(loggedInUser, namespace)
+                this::getApiNamespaceCallList
         ));
     }
 
     /**
      * Lists all available api calls for the specified namespace
-     * @param loggedInUser The current user
      * @param namespace namespace of interest
      * @return a map containing list of api calls for every namespace
      *
      * @apidoc.doc Lists all available api calls for the specified namespace
-     * @apidoc.param #session_key()
      * @apidoc.param #param("string", "namespace")
      * @apidoc.returntype
      *   #struct_begin("method_info")
@@ -153,7 +146,7 @@ public Map<String, Object> getApiCallList(User loggedInUser) {
      *   #struct_end()
      */
     @ReadOnly
-    public Map getApiNamespaceCallList(User loggedInUser, String namespace) {
+    public Map getApiNamespaceCallList(String namespace) {
         Class<? extends BaseHandler> handlerClass =
                 handlers.getHandler(namespace)
                         .orElseThrow(() -> new RuntimeException("Handler " + namespace + " not found."))

diff --git a/java/code/src/com/suse/manager/api/HttpApiRegistry.java b/java/code/src/com/suse/manager/api/HttpApiRegistry.java
@@ -122,10 +122,13 @@ public void initRoutes() {
      * Contains the endpoints that should be exposed without requiring any authentication.
      * @return a Set containing the URL to the public endpoints
      */
+    // TODO: Revisit (unnecessary now)
     public static Set<String> getUnautenticatedRoutes() {
         return Set.of(
             "/rhn/manager/api/api/getVersion",
+            "/rhn/manager/api/api/getApiCallList",
             "/rhn/manager/api/api/systemVersion",
+            "/rhn/manager/api/api/getApiNamespaces",
             "/rhn/manager/api/api/productName",
             "/rhn/manager/api/org/createFirst"
         );
@@ -136,7 +139,7 @@ public static Set<String> getUnautenticatedRoutes() {
      */
     private void registerAuthEndpoints() {
         registrationHelper.addPostRoute(HTTP_API_ROOT + "auth/login", LoginController::apiLogin);
-        registrationHelper.addPostRoute(HTTP_API_ROOT + "auth/logout", withUser(LoginController::logout));
+        registrationHelper.addGetRoute(HTTP_API_ROOT + "auth/logout", withUser(LoginController::logout));
     }
 
     /**