Commit Graph

5 Commits

Author SHA1 Message Date
Dave Horton bff9314622 fix(security): add authorization checks to prevent cross-account access (CWE-639) (#558)
- Add precondition support to decorate.js retrieve function
- Fix google-custom-voices.js typo and add delete precondition
- Check ownership via speech_credential for google-custom-voices
- Add retrieve/delete preconditions to lcr-carrier-set-entries.js
- Add retrieve precondition to sip-gateways.js and smpp-gateways.js
- Add scope check to lcr-routes.js custom GET handler
- Add full authorization to tenants.js for all CRUD operations
- Add scoped query methods to tenant model

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-06-27 15:53:51 -04:00
EgleH 9c7f8b4e7b fix small issues in the code (#145)
Co-authored-by: eglehelms <e.helms@cognigy.com>
2023-04-06 07:31:14 -04:00
EgleH b2dce18c7a Limit access to resources according to user scoped Account or SP (#140)
* limit access to resources according to user scope

* fix error change

* speech credentials validation

* fix speech credentials validation

* fix the issues that didnt allow tests to pass

* speech credential validation

* retrieve speech cred list

* fixt speech credential test valodation

* check scope of smpp-gateways

* check scope of smpp-gateways

* testing time

* /signin for hosted system needs to return scope in jwt

* fix user delete route and adjust tests

* get refactor

---------

Co-authored-by: eglehelms <e.helms@cognigy.com>
Co-authored-by: Dave Horton <daveh@beachdognet.com>
Co-authored-by: Guilherme Rauen <g.rauen@cognigy.com>
2023-04-05 14:20:51 -04:00
Dave Horton 1013f3f222 handle adding predefined carriers with smpp gateways 2021-09-09 15:38:33 -04:00
Dave Horton ed51d8b13f merge of features from hosted branch (#7)
major merge of features from the hosted branch that was created temporarily during the initial launch of jambonz.org
2021-06-17 15:56:21 -04:00