[SERVER-29862] Command auth checks behave differently on bad status vs exception Created: 26/Jun/17 Updated: 27/Oct/23 Resolved: 15/May/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Mathias Stearn | Assignee: | Mathias Stearn |
| Resolution: | Gone away | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Operating System: | ALL |
| Sprint: | Platforms 2018-04-09, Platforms 2018-04-23, Platforms 2018-05-07, Platforms 2018-05-21 |
| Participants: |
| Description |
|
In particular, if an exception is thrown from Command::checkAuthForOperation(), we won't log or audit the failure. It seems like the auth code should unify error handling by either converting all statuses to exceptions or vice-versa to ensure uniform handling of failures. |
| Comments |
| Comment by Mathias Stearn [ 15/May/18 ] |
|
Resolved by the work on |
| Comment by Githook User [ 10/May/18 ] |
|
Author: {'name': 'Billy Donahue', 'email': 'billy.donahue@mongodb.com', 'username': 'BillyDonahue'}Message: Also relevant to |