Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Solutions A small chevron
Device management

Device management

Remotely manage, and protect laptops and mobile devices.

Orchestration

Orchestration

Automate tasks across devices, from app installs to scripts.

Software management

Software management

Inventory, patch, and manage installed software.

Extend Fleet

Extend Fleet

Integrate your favorite tools with Fleet.

Customers A small chevron
Stripe + Fleet

Stripe + Fleet

Stripe consolidates multiple tools with Fleet.

Foursquare + Fleet

Foursquare + Fleet

Foursquare quickly migrates to Fleet for device management.

What people are saying

What people are saying

Stories from the Fleet community.

Pricing
More A small chevron
Try it yourself Get a demo
{{thisPage.meta.articleTitle}}
search

Catch missed authorization checks during software development

{{articleSubtitle}}

| The author's GitHub profile picture

Victor Lyuboslavsky

Share

Share this article on Hacker News Share this article on LinkedIn Share this article on Twitter
Docs Docs REST API REST API Guides Guides Get a demoGet a demo

Catch missed authorization checks during software development

{{articleSubtitle}}

| The author's GitHub profile picture

Victor Lyuboslavsky

Catch missed authorization checks during software development

Authorization is giving permission to a user to do an action on the server. As developers, we must ensure that users are only allowed to do what they are authorized.

One way to ensure that authorization has happened is to loudly flag when it hasn’t. This is how we do it at Fleet Device Management.

In our code base, we use the go-kit library. Most of the general endpoints are created in the handler.go file. For example:

// user-authenticated endpoints
ue := newUserAuthenticatedEndpointer(svc, opts, r, apiVersions...)

ue.POST("/api/_version_/fleet/trigger", triggerEndpoint, triggerRequest{})

Every endpoint calls kithttp.NewServer and wraps the endpoint with our AuthzCheck. From handler.go:

e = authzcheck.NewMiddleware().AuthzCheck()(e)
return kithttp.NewServer(e, decodeFn, encodeResponse, opts...)

Example check

This means that after the business logic is processed, the AuthzCheck is called. This check ensures that authorization was checked. Otherwise, an error is returned. From authzcheck.go:

// If authorization was not checked, return a response that will
// marshal to a generic error and log that the check was missed.
if !authzctx.Checked() {
    // Getting to here means there is an authorization-related bug in our code.
    return nil, authz.CheckMissingWithResponse(response)
}

This additional check is useful during our development and QA process, to ensure that authorization always happens in our business logic.