1

I want to restrict data that is retrieved from a back-end server to organisations to which the authenticated user is a member.

From the documentation (https://github.com/ging/fiware-pep-proxy) this should be possible using Wilma's inbuilt function for populating a number of http headers:

Once authenticated, the forwarded request will include additional HTTP >headers with user info:

  • X-Nick-Name: nickname of the user in IdM
  • X-Display-Name: display name of user in IdM
  • X-Roles: roles of the user in IdM
  • X-Organizations: organizations in IdM

However the actual values of the last two headers as forwarded are:

  • 'x-roles': '[object Object]',
  • 'x-organizations': '[object Object]',

The headers literally contain a string value "[object Object]" rendering them completely useless. It looks like the author forgot to serialize the roles and organisations data.

Please tell me i am overlooking something here? If not, any chance of a timely fix? I am not a javascript guru, but a quick google search tells me "JSON.stringify" should do the trick.

frb
  • 3,738
  • 2
  • 21
  • 51
Robin
  • 103
  • 9
  • Yep, https://github.com/ging/fiware-pep-proxy/blob/master/controllers/root.js assumes roles and organisations are just strings and does not attempt to serialize the array of data. I am working off a docker instance and the Node.js code will not build on my mac due to gyp errors. Does anyone feel up to committing a fix? – Robin Apr 28 '16 at 23:32
  • 1
    Thanks! Fixed in https://github.com/ging/fiware-pep-proxy/commit/b6ed50974af895cf99a0eb3ef5c56e5c714fdaa4 – Álvaro Alonso May 03 '16 at 07:21
  • 1
    ..which ended up in release 5.2.1 – Cristan Jun 06 '16 at 17:16

0 Answers0