Skip to content

Users and security

Created by: slifty

I believe the current simplebook model is something like this:

  1. Mediawiki user specifies pages to render
  2. Simplebook is invoked, and passes the pages to render to the api service.
  3. Api service invokes node / puppeteer, which logs in as a special "simplebook" user in order to render the page and save as pdf.
  4. ... the rest of the process goes here

The issue is that the pdf generation is therefor not limited by the invoking user but rather is limited by the credentials of the simplebook user.

That is an issue for two reasons:

  • It may be possible for someone to print a page that they don't have access to (but simplebook does).
  • The information rendered on the page will be whatever simplebook has access to (e.g. hidden torque fields may be either visible or hidden inappropriately depending on the nature of the permission disparity between the end user and simplebook's user)

We need to think through the right way to address this securely.