Bug 55651 – Central Navigation API response on unknown user

Bug 55651 - Central Navigation API response on unknown user


Summary:	Central Navigation API response on unknown user

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	Portal
Version:	UCS 5.0
Hardware:	Other Windows NT

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2023-02-02 09:17 CET by Thorsten
Modified:	2023-02-02 10:58 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thorsten

2023-02-02 09:17:47 CET

When calling the central navigation endpoint in the portal (/univention/portal/navigation.json) with an unknown user, today the response is:
---
{
  "categories": []
}
---
While it would make much more sense to either render the contents for anonymous users or respond with an appropritate HTTP response code (e.g. 401 or 403).
Functional wise I would prefer the "anonymous user" option.

Comment 1 Florian Best

2023-02-02 10:29:48 CET

if the shared secret is wrong, 401 is probably more accurate.
if the user doesn't exist: i am ok with treating it as anonymous user.

Comment 2 Thorsten

2023-02-02 10:58:55 CET

> if the shared secret is wrong, 401 is probably more accurate.
> if the user doesn't exist: i am ok with treating it as anonymous user.
In deed that would be the best way to solve it!