Skip to content

Commit

Permalink
Disable execution of CreateUserSession from GWT code
Browse files Browse the repository at this point in the history
CreateUserSesssion should be executed only as a part of login flow, so
explicitly disable execution from GWT code.

Signed-off-by: Martin Perina <[email protected]>
  • Loading branch information
mwperina committed Jan 31, 2024
1 parent 5a57ad7 commit 8caeb27
Showing 1 changed file with 20 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.UUID;
import java.util.regex.Pattern;
Expand All @@ -17,6 +18,7 @@
import org.ovirt.engine.core.common.action.ActionReturnValue;
import org.ovirt.engine.core.common.action.ActionType;
import org.ovirt.engine.core.common.constants.SessionConstants;
import org.ovirt.engine.core.common.errors.EngineFault;
import org.ovirt.engine.core.common.interfaces.BackendLocal;
import org.ovirt.engine.core.common.queries.QueryParametersBase;
import org.ovirt.engine.core.common.queries.QueryReturnValue;
Expand Down Expand Up @@ -149,12 +151,21 @@ public List<ActionReturnValue> runMultipleActions(ActionType actionType,
ArrayList<ActionParametersBase> multipleParams, boolean isRunOnlyIfAllValidationPass, boolean isWaitForResult) {
log.debug("Server: RunMultipleAction invoked! [amount of actions: {}]", multipleParams.size()); //$NON-NLS-1$

// CreateUserSession should never be invoked from GWT code
if (actionType == ActionType.CreateUserSession) {
ActionReturnValue error = new ActionReturnValue();
error.setSucceeded(false);
error.setFault(new EngineFault(new RuntimeException("Command cannot be executed from client"))); //$NON-NLS-1$
return Arrays.asList(error);
}

String correlationId = CorrelationIdTracker.getCorrelationId();
for (ActionParametersBase params : multipleParams) {
params.setSessionId(getEngineSessionId());
if (params.getCorrelationId() == null) {
params.setCorrelationId(correlationId);
}

}

List<ActionReturnValue> returnValues =
Expand All @@ -168,6 +179,15 @@ public ActionReturnValue runAction(ActionType actionType,
ActionParametersBase params) {
log.debug("Server: RunAction invoked!"); //$NON-NLS-1$
debugAction(actionType, params);

// CreateUserSession should never be invoked from GWT code
if (actionType == ActionType.CreateUserSession) {
ActionReturnValue error = new ActionReturnValue();
error.setSucceeded(false);
error.setFault(new EngineFault(new RuntimeException("Command cannot be executed from client"))); //$NON-NLS-1$
return error;
}

params.setSessionId(getEngineSessionId());
if (params.getCorrelationId() == null) {
params.setCorrelationId(CorrelationIdTracker.getCorrelationId());
Expand Down

0 comments on commit 8caeb27

Please sign in to comment.