Add authorization on GET `project_import` endpoint (!131573) · Merge requests · GitLab.org / GitLab

Bojan Marjanovic requested to merge bmarjanovic/add-authorization-on-import-project-endpoint into master Sep 12, 2023

What does this MR do and why?

This issue follows up on previous work to add authorization to the project_import_status endpoint.

Previously, the project_import_status endpoint was publicly accessible to any user. This posed a security risk, as project import status reveals potentially sensitive information about projects.

To improve security, we have now placed the project_import_status endpoint behind authentication. Users must be signed in to access the endpoint and view associated project import status data.

This change limits availability of the endpoint to authorized users only. Implementing authentication helps mitigate the security risks of exposing project import status publicly.

Screenshots or screen recordings

N/A

How to set up and validate locally

Checkout the branch
Create an account and invite with a role below maintainer
Try to create a new project by importing from the template
Validate that everything works

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Sep 13, 2023 by Bojan Marjanovic

Add authorization on GET `project_import` endpoint

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports