Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Endpoint for GDPR export request works with random user-id #6114

Closed
SagarGi opened this issue Apr 24, 2023 · 0 comments · Fixed by #6123
Closed

Endpoint for GDPR export request works with random user-id #6114

SagarGi opened this issue Apr 24, 2023 · 0 comments · Fixed by #6123
Assignees
@kobergj
Labels
Interaction:Discussion Type:Bug Type:Discussion

Comments

@SagarGi
Copy link
Member

SagarGi commented Apr 24, 2023

Description

The general API endpoint to export GDPR as per seen in the web UI is something like this.

fotor_2023-4-24_12_56_7

But when i give some random values other than the user-id in the endpoint then the API works fine.

Steps to Reproduce:

  1. create a user Alice

curl request to export the GDPR.

curl -XPOST -k -uAlice:123456 'https://host.docker.internal:9200/graph/v1.0/users/<user-id>/exportPersonalData' -d '{"storageLocation": "/.personal_data_export.json"}' -v

Expexted Behaviour

When request is hit with the user-id in the API endpoint. The response is as:

* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 201 Created
< Content-Length: 0

Actual Behaviour

When request is hit with the random user-id for ed: abc in the API endpoint. The response is as:

* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 201 Created
< Content-Length: 0

Question

Need information regarding if the server actually behaves like this.

Environment:

oCIS latest docker image
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kobergj kobergj

Labels
Interaction:Discussion Type:Bug Type:Discussion
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

BadRequest when exporting GDPR for other user kobergj/ocis
2 participants
@kobergj @SagarGi