First Last Prev Next    This bug is not in your last search results.
Bug 56714 - Hide UDM REST API web interface
Hide UDM REST API web interface
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-5-errata
Assigned To: Florian Best
Christian Castens
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-10-06 12:00 CEST by Dirk Wiesenthal
Modified: 2023-10-25 16:31 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Wiesenthal univentionstaff 2023-10-06 12:00:56 CEST 
We should deactivate the web interface of the UDM REST API by default. It is undocumented and unsupported. If a customer stumbles upon it, they may just be confused.

We should deactivate it via UCR by default and allow activation if really needed.
Comment 1 Dirk Wiesenthal univentionstaff 2023-10-09 14:13:02 CEST 
At this point: Nice to have, not escalating.
Comment 2 Florian Best univentionstaff 2023-10-16 22:54:31 CEST 
The HTML web interface is now hidden behind the error message:
The unsupported HTML view of the UDM REST API is disabled. Please use the JSON interface via the "Accept: application/json" HTTP header or enable it via the UCR variable "directory/manager/rest/html-view-enabled". To get a developer overview the OpenAPI schema interface can be reached at /univention/udm/schema/.

univention-directory-manager-rest.yaml
e6940167c368 | feat(udm-rest): deactivate HTML view of UDM REST API via UCR variable

univention-directory-manager-rest (10.0.6-13)
e6940167c368 | feat(udm-rest): deactivate HTML view of UDM REST API via UCR variable
20871bef4354 | feat(udm-rest): adjust styling of HTML view to align with the UCS 5.0 design
Comment 3 Florian Best univentionstaff 2023-10-17 16:50:37 CEST 
univention-directory-manager-rest (10.0.6-14)
3b2c5655e204 | fix(udm-rest): fix openapi.json access when no "Accept: application/json" is given.
Comment 4 Christian Castens univentionstaff 2023-10-23 16:18:49 CEST 
QA:
  - advisories: OK
  - HTML view of the UDM REST API is disabled by default: OK
  - Error message is displayed when accessing the disabled UDM REST API HTML view: OK
  - HTML view of the UDM REST API can be reached after directory/manager/rest/html-view-enabled=true:  OK
  - OpenAPI schema interface can be reached at /univention/udm/schema/:  OK
Comment 5 Iván.Delgado univentionstaff 2023-10-25 16:31:02 CEST 
<https://errata.software-univention.de/#/?erratum=5.0x856>
First Last Prev Next    This bug is not in your last search results.