Commit 0cfa506b authored by ale's avatar ale

Log unauthorized access to a different user

parent 4e9a202b
Pipeline #1403 passed with stages
in 1 minute and 41 seconds
......@@ -230,6 +230,7 @@ func (s *authService) authorizeUser(ctx context.Context, tx TX, req RequestBase)
// Requests are allowed if the SSO ticket corresponds to an admin, or if
// it identifies the same user that we're querying.
if !s.isAdmin(tkt) && tkt.User != req.Username {
log.Printf("unauthorized access from user %s to user %s", tkt.User, req.Username)
return nil, nil, ErrUnauthorized
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment