generator-jhipster Fix: Address User-Controlled Data Risk in isAuthenticated()

Fix: Address User-Controlled Data Risk in isAuthenticated()

Open gantoin opened this issue 1 year ago • 1 comments

Related to https://github.com/jhipster/generator-jhipster/issues/27051

For enhancing application security, this PR modifies the isAuthenticated() endpoint to return a boolean indicating the authentication status instead of a potentially user-controlled value (principal.getName()). This change mitigates the risk of reflecting user-controlled data and strengthens the security of the application.

Please make sure the below checklist is followed for Pull Requests.

[ ] All continuous integration tests are green
[ ] Tests are added where necessary
[ ] The JDL part is updated if necessary
[ ] jhipster-online is updated if necessary
[ ] Documentation is added/updated where necessary
[ ] Coding Rules & Commit Guidelines as per our CONTRIBUTING.md document are followed

If the PR is not ready for review, please consider converting it to a Draft. You can also add the skip-ci label to prevent CI build on branch.

Oct 12 '24 15:10 gantoin

All committers have signed the CLA.

Oct 12 '24 15:10 CLAassistant

Any updates? Builds are currently failing.

Feb 08 '25 01:02 mraible

I guess https://github.com/jhipster/generator-jhipster/issues/27051 is fixed by https://github.com/jhipster/generator-jhipster/pull/28729 @mraible

Jun 14 '25 13:06 gantoin

generator-jhipster generator-jhipster copied to clipboard

Fix: Address User-Controlled Data Risk in isAuthenticated()

generator-jhipster
generator-jhipster copied to clipboard