Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Frontend spams backend API when exploring unauthorized API #11160

Open
Aiosa opened this issue Nov 4, 2024 · 1 comment
Open

Frontend spams backend API when exploring unauthorized API #11160

Aiosa opened this issue Nov 4, 2024 · 1 comment

Comments

@Aiosa
Copy link

Aiosa commented Nov 4, 2024

When you have a weird situation in the settings of your cbioportal authorization such that you are able to see studies in the list which you are then prevented to view (for whatever reason), and you go:

  • select a study you are not permitted to view
  • click 'Explore selected studies'

The frontend scripts start DoSsing backend with queries to https://cbioportal.wsi-vault.bbmri-eric.eu/api/session/settings/fetch (roughly 50-60 requests / second, looks 'ugly close' enough to FPS).

image
@Aiosa
Copy link
Author

Aiosa commented Nov 4, 2024

When importing two studies (out of 2), both had this issue - authentication ON, study available in view, unable to open because of:

  • first study: probably a bug in the API (crash on study that has no data for gene panel)
  • second study: probably a bug in the authorization logics (still investigating)

100% success if you thought this is 'just some corner case' situation. Also do not forget that anyone can just create a given url without going through UI.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Aiosa