Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(core): Block Public API related REST calls when Public API is not enabled #9521

Merged
merged 3 commits into from
May 28, 2024

Conversation

netroy
Copy link
Member

@netroy netroy commented May 27, 2024

When Public API is disabled via config, or unavailable because of licensing, the related rest endpoints to manage API keys should also be disabled.

Related tickets and issues

https://linear.app/n8n/issue/SEC-5

Review / Merge checklist

  • PR title and summary are descriptive
  • Tests included

@netroy netroy changed the title fix(core): Block Public API related API calls when Public API is not enabled fix(core): Block Public API related REST calls when Public API is not enabled May 27, 2024
@n8n-assistant n8n-assistant bot added core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team labels May 27, 2024
@netroy netroy requested a review from despairblue May 28, 2024 10:22
Copy link

cypress bot commented May 28, 2024

1 flaky test on run #5142 ↗︎

0 350 0 0 Flakiness 1

Details:

🌳 🖥️ browsers:node18.12.0-chrome107 🤖 netroy 🗃️ e2e/*
Project: n8n Commit: b2a6e0876d
Status: Passed Duration: 04:49 💡
Started: May 28, 2024 12:32 PM Ended: May 28, 2024 12:37 PM
Flakiness  cypress/e2e/5-ndv.cy.ts • 1 flaky test

View Output Video

Test Artifacts
NDV > should not retrieve remote options when required params throw errors Screenshots Video

Review all test suite changes for PR #9521 ↗︎

Copy link
Contributor

✅ All Cypress E2E specs passed

@netroy netroy merged commit ac4e0fb into master May 28, 2024
30 checks passed
@netroy netroy deleted the fix-SEC-5 branch May 28, 2024 12:43
MiloradFilipovic added a commit that referenced this pull request May 29, 2024
* master:
  feat(editor): Show expression infobox on hover and cursor position (#9507)
  fix(core): Block Public API related REST calls when Public API is not enabled (#9521)
  test(core): Align test names with route names (no-changelog) (#9518)
  refactor(core): Prevent reporting to Sentry IMAP server error (no-changelog) (#9515)
  fix(editor): Executions view popup in dark mode (#9517)
  refactor: Delete dead crash recovery code (no-changelog) (#9512)
MiloradFilipovic added a commit that referenced this pull request May 30, 2024
* master:
  ci: Upgrade storybook to address CVE-2024-36361 (no-changelog) (#9541)
  fix(editor): Improve contrast for `--color-danger` in dark mode (no-changelog) (#9537)
  fix(editor): Prevent updating node parameter value if it hasn't changed (#9535)
  fix(editor): Show execution error toast also if there is no error stack just message (#9526)
  fix(editor): Prevent expression editor focus being lost when user is selecting (#9525)
  fix(editor): Update webhook paths when duplicating workflow (#9516)
  refactor(core): Increase minimum supported Node.js version to 18.17 (#9533)
  fix(core): Set source control repository to track remote if ready (#9532)
  feat(editor): Show expression infobox on hover and cursor position (#9507)
  fix(core): Block Public API related REST calls when Public API is not enabled (#9521)
  test(core): Align test names with route names (no-changelog) (#9518)
  refactor(core): Prevent reporting to Sentry IMAP server error (no-changelog) (#9515)
  fix(editor): Executions view popup in dark mode (#9517)
  refactor: Delete dead crash recovery code (no-changelog) (#9512)
  fix(editor): Send only execution id in postMessage when previewing an execution (#9514)
  fix(editor): Make sure auto loading and auto scrolling works in executions tab (#9505)
  fix(core): Fix worker encryption key warning docs link (no-changelog) (#9513)
  build: Bump license-sdk to v2.12.0 (no-changelog) (#9510)
  Revert "build: Bump license-sdk to v2.11.1 (no-changelog)"
  build: Bump license-sdk to v2.11.1 (no-changelog)

# Conflicts:
#	pnpm-lock.yaml
@github-actions github-actions bot mentioned this pull request May 30, 2024
@janober
Copy link
Member

janober commented May 30, 2024

Got released with n8n@1.44.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team Released security
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants