GithubHelp home page GithubHelp logo

real-dev-squad / sample-profile-service Goto Github PK

View Code? Open in Web Editor NEW

This project forked from rahulgoyal-tech/profile-service-rds

1.0 1.0 28.0 4.31 MB

It is a sample profile service. Profile service is what users have to make in RealDevSquad and link it to the identity service(project in RealDevSquad), by doing this their profile data is synced from their profile service to our database whenever they update it.

JavaScript 100.00%

sample-profile-service's People

Stargazers

avatar

Watchers

avatar

Forkers

mehulkchaudhari ashifkhn tejaskh3 rishirishhh iamashusahoo vishalkrkamat saransh29 satyam73 yesyash kaustubh-jsr chethan64 mehra-sourav skv93-coder pavangbhat vinayakahegade somu-code rahulyadev jsuryakt chandantaneja shaily20 atifsid achintya-chatterjee aneeshsubudhi-7901 palakgupta2712 anas-m1 lakshayman1 akhilkh2000 itismilan

sample-profile-service's Issues

Data Leak Issue

Issue Description

This is a critical issue notified by @Ajeyakrishna-k. This backend project has 3 endpoints - verification, profile, and health. The purpose of the profile API endpoint is to provide details of the owner like company, phone number, etc. To protect this API, we are receiving a bearer token, if the token is correct then it returns profile data. The issue is that one can generate that token from the verification endpoint easily by sending a salt.

Reproducibility

  • This issue is reproducible
  • This issue is not reproducible

Steps to Reproduce

  1. Try calling the verification endpoint with a salt, it will return a hash.
  2. Send that hash as a bearer token while calling the profile endpoint, you will get the profile data.

Severity/Priority

  • Critical
  • High
  • Medium
  • Low

Checklist

  • I have read and followed the project's code of conduct.
  • I have searched for similar issues before creating this one.
  • I have provided all the necessary information to understand and reproduce the issue.
  • I am willing to contribute to the resolution of this issue.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.