fix(security): close auth & site-scoping gaps across 8 findings
Resolves the auth-theme batch from the 2026-05-28 baseline review (8 findings across Security/CentralUI/ManagementService/CLI). The most consequential gaps: NotificationReport + SiteCallsReport now route through SiteScopeService so a site-scoped Deployment user cannot see or act on other sites' rows (CUI-028); QueryAuditLogCommand is no longer "any authenticated user" — gated Admin-only to match /api/audit/query's strictness (MS-018); RoleMapper preserves the broader grant when a user is in both an unscoped and scoped Deployment LDAP group, instead of silently narrowing to the scoped set (Sec-016); and the dead SiteScopeRequirement/Handler are deleted so SiteScopeService is unambiguously the sole site-scoping mechanism (Sec-017). Pending findings: 172 → 164.
This commit is contained in:
Joseph Doherty
@@ -0,0 +1,15 @@
|
||||
namespace ScadaLink.Security;
|
||||
|
||||
/// <summary>
|
||||
/// Thrown by <see cref="LdapAuthService"/> when the configured LDAP service-account
|
||||
/// rebind fails. Distinct from a user-bind <c>LdapException</c> so the outer login
|
||||
/// pipeline can surface "Authentication service is misconfigured" instead of
|
||||
/// masking the system fault as "Invalid username or password" (Security-019).
|
||||
/// </summary>
|
||||
public sealed class ServiceAccountBindException : Exception
|
||||
{
|
||||
public ServiceAccountBindException(Exception innerException)
|
||||
: base("LDAP service-account rebind failed", innerException)
|
||||
{
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user