MISP
Bug: Misleading warning when using read-only auth key for pull only sync partnership
Actual behavior
If a read-only auth key is generated for a sync user and used to create a pull-only sync partnership on a remote instance the following warning replaces the whole connection test output, i.e. versions and compatibility details are not shown.
Remote user not a sync user, only pulling events is available.
Viewing the user shows:
Role name: Sync user Sync flag: Yes Sync Internal flag: No Sync Authoritative flag: No
Expected behavior
Versions and compatibility information is shown on the connection test, potentially with a warning appended along the lines of:
Auth key is read-only, only pulling events is available.
Viewing the user shows an additional flag:
Role name: Sync user Sync flag: Yes Sync Internal flag: No Sync Authoritative flag: No Read-Only: Yes
Steps to reproduce
- On Instance 1:
- Create a user with the Sync User role.
- Create an auth key for this user - ticking Read Only.
- On Instance 2:
- Create a server partnership to Instance 1 using the Read-Only Auth Key.
- Run a connection test.
- Run the view user action.
Version
2.5.21
Operating System
Debian
Operating System version
12
PHP version
8.3.25
Browser
No response
Browser version
No response
Relevant log output
Extra attachments
No response
Code of Conduct
- [x] I agree to follow this project's Code of Conduct
