Ticket #813 (closed Task: worksforme)

Opened 6 years ago

Last modified 6 years ago

sign-up case: fetching related user-account topic from username-topic - no permission

Reported by: Malte Owned by: jri
Priority: Blocker Milestone: Release 4.7
Component: DeepaMehta Standard Distribution Version: 4.6.1
Keywords: Cc: JuergeN
Complexity: 3 Area: Application Framework / API
Module: deepamehta-accesscontrol

Description

After calling createUserAccount() one has the username topic at hand but fetching the related "User Account" topic leads to an AccessControlException?.

// 1) Create new user
Topic user = acService.createUserAccount(new Credentials(username.trim(), password));
Topic account = user.getRelatedTopic(null, null, null, "dm4.accesscontrol.user_account");

"de.deepamehta.core.service.accesscontrol.AccessControlException?: user <anonymous> has no READ permission for object 4457"

The issue seems to be restricted to the request-scope the username is created (via createUseraCcount()) in since the request is not part of a valid Session for our new user but is an "<anonymous>" request.

The latter is indicated by sucessfully being able to access the topic 4457 (the "user account" topic) in a seperate request, e.g. later, being logged in as the very user (represented by 4457). In that context, no ACLExcepion is thrown.

This is kind of in the way with the background of us wanting to attach an "Email Address" topic to the "User Account" as (that is an existential) part of the logical operation "create user account".

Thanks for your help!

Change History

comment:1 Changed 6 years ago by jri

  • Cc JuergeN added

comment:2 Changed 6 years ago by jri

According to the current access control concept (#592) a User Account topic (as well as a Password topic) are private by definition. They are assigned to the user's private workspace. Only the user is allowed to edit hers own account.

Could your Sign-up plugin's createUserAccount() method first login the new user an then attach its email address to the User Account?

Anyways, things do not feel right to me anymore. At the moment we allow the Sign-up plugin (and the whole world!) to create User Accounts as "anonymous"! In order for that to work at all we have to do crude tricks (using a GET request when a POST semantics exist) and undermine DM's access control mechanism at several spots (#811) in order to let anonymous perform more an more privileged code, and still more will come (as evident in this ticket).

From my point of view we must revise the Sign-up concept completely.

Anonymous must not be able to create User Accounts.

I think we should resort to an email based workflow after all. The Sign-up action just sends an email. This email could be answered either 1) by an admin who creates the account manually, or 2) automatically by the system (which runs under the System authority anyway, #764, and have all privileges). We could start with the manual way as it requires much less development work in advance.

What do you think?

comment:3 Changed 6 years ago by Malte

Jri, thanks for your answer and your questions.

For now, let me note down the following four things here:

  • Submitting an "E-Mail Address" will not be part of the registration procedure with 4.6.x (for now).
  • Submitting an "E-Mail Address" could be realized by another plugin in an extra step.
  • Discussion on how a more complex user registration could also be realized (in one application flow) need to happen at some time.

Status:
Signing up for a personal user account now works with 4.6 and the dm46-sign-up-1.1 module (in conjuction with dm46-webactivator).

From my perspective the user (or that entity) which is (consciously) wanting to create a representation for itself (in our system, so we can authorize it in the future) should not only (1) be entitled to do so but (2) should also be authorized to set its "E-Mail Address" to any (more or less valid) value it may want.

Furthermore the issue revealed here, to me, seems not to be restricted to the sign-up case but requires a more elaborate discussion along more cases but i find such discussion hard to do now and here via trac.

Regarding jri's proposal on revising the sign-up concept completely:

  • I would vote against a sign-up workflow requiring manual action from the systems operator.
  • How would the 2) option look like, do you imagine that the sign-up module starts interpretating incoming E-Mails?

Looking forward to improve on this but from my perspective, account creation with 4.6 now works.

I would like to ask JuergeN to install the following two plugins and
http://download.deepamehta.de/nightly/dm46-sign-up-1.1-SNAPSHOT.jar along with http://download.deepamehta.de/dm46-webactivator-0.4.5.jar once and try to configure his splash/sign-up screen as "admin" up to his desires.

test drive the customization through "Editing" the one (pre-installed) "Sign-up Module Configuration" while being logged in as "admin".

comment:4 Changed 6 years ago by jri

  • Status changed from new to closed
  • Resolution set to worksforme

To my knowledge the Sign-up plugin meanwhile works with DM 4.6 and 4.7. See #816.

Note: See TracTickets for help on using tickets.