Skip to content

Feature: Only allow privileged admin features after passkey login #11464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 51 commits into
base: develop
Choose a base branch
from
Draft

Feature: Only allow privileged admin features after passkey login #11464

wants to merge 51 commits into from

Conversation

@florian-glombik
Copy link
Contributor

@florian-glombik florian-glombik commented Oct 7, 2025
edited
Loading

Checklist

General

Server

  • Important: I implemented the changes with a very good performance and prevented too many (unnecessary) and too complex database calls.
  • I strictly followed the principle of data economy for all database calls.
  • I strictly followed the server coding and design guidelines.
  • I added multiple integration tests (Spring) related to the features (with a high test coverage).
  • I added pre-authorization annotations according to the guidelines and checked the course groups for all new REST Calls (security).
  • I documented the Java code using JavaDoc style.

Client

  • Important: I implemented the changes with a very good performance, prevented too many (unnecessary) REST calls and made sure the UI is responsive, even with large data (e.g. using paging).
  • I strictly followed the principle of data economy for all client-server REST calls.
  • I strictly followed the client coding and design guidelines.
  • I added multiple integration tests (Jest) related to the features (with a high test coverage), while following the test guidelines.
  • I documented the TypeScript code using JSDoc style.
  • I added multiple screenshots/screencasts of my UI changes.
  • I translated all newly inserted strings into English and German.

Motivation and Context

Compared to passwords based mechanisms, Artemis leverages the higher usability and security of passkeys to improve the security of privileged actions. The enforcement of higher authentication requirements for privileged aligns with the principles set out in the NIS2 Directive that is further specified in 11.3.2a and 11.6.2f of the Commission Implementing Regulation (EU) 2024/2690

See also the respective implementation guidance

This means for Artemis

Privileged users (handling administrators in this PR), who are capable of altering course content, user data or system configurations (administrators), can only perform sensitive actions when authenticated via passkey.

Administrators will only be able to access that information if the passkey was previously approved by a superAdmin (this new Role will be introduced in a future PR), for now there is no UI, just a flag in the database that has to be manually set.

Description

Steps for Testing

Prerequisites:

  • 1 Instructor
  • 2 Students
  • 1 Programming Exercise with Complaints enabled
  1. Log in to Artemis
  2. Navigate to Course Administration
  3. ...

Testserver States

You can manage test servers using Helios. Check environment statuses in the environment list. To deploy to a test server, go to the CI/CD page, find your PR or branch, and trigger the deployment.

Review Progress

Performance Review

Code Review

  • Code Review 1
  • Code Review 2

Manual Tests

  • Test 1
  • Test 2

Test Coverage

TODO

Screenshots

TODO

@github-project-automation github-project-automation bot moved this to Work In Progress in Artemis Development Oct 7, 2025
@github-actions github-actions bot added tests server Pull requests that update Java code. (Added Automatically!) client Pull requests that update TypeScript code. (Added Automatically!) core Pull requests that affect the corresponding module labels Oct 7, 2025
@github-actions
Copy link

End-to-End (E2E) Test Results Summary

TestsPassed ☑️Skipped ⚠️Failed ❌️Time ⏱
End-to-End (E2E) Test Report205 ran193 passed3 skipped9 failed1h 12m 57s 368ms
TestResultTime ⏱
End-to-End (E2E) Test Report
e2e/SystemHealth.spec.ts
ts.Check artemis system health › Checks continuous integration server health❌ failure10s 282ms
ts.Check artemis system health › Checks db health❌ failure10s 214ms
ts.Check artemis system health › Checks hazelcast health❌ failure10s 208ms
ts.Check artemis system health › Checks ping health❌ failure10s 215ms
ts.Check artemis system health › Checks readiness state health❌ failure10s 172ms
ts.Check artemis system health › Checks websocket broker health❌ failure10s 228ms
ts.Check artemis system health › Checks websocket connection health❌ failure10s 281ms
e2e/exam/test-exam/TestExamParticipation.spec.ts
ts.Test exam participation › Early Hand-in › Using exercise sidebar to navigate within exam❌ failure3m 35s 329ms
ts.Test exam participation › Early Hand-in › Using exercise overview to navigate within exam❌ failure3m 46s 711ms

@github-actions
Copy link

End-to-End (E2E) Test Results Summary

TestsPassed ☑️Skipped ⚠️Failed ❌️Time ⏱
End-to-End (E2E) Test Report205 ran194 passed3 skipped8 failed1h 10m 52s 969ms
TestResultTime ⏱
End-to-End (E2E) Test Report
e2e/exercise/quiz-exercise/QuizExerciseDropLocation.spec.ts
ts.Quiz Exercise Drop Location Spec › DnD Quiz drop locations › Checks drop locations❌ failure2m 3s 127ms
e2e/SystemHealth.spec.ts
ts.Check artemis system health › Checks continuous integration server health❌ failure10s 233ms
ts.Check artemis system health › Checks db health❌ failure10s 235ms
ts.Check artemis system health › Checks hazelcast health❌ failure10s 202ms
ts.Check artemis system health › Checks ping health❌ failure10s 315ms
ts.Check artemis system health › Checks readiness state health❌ failure10s 192ms
ts.Check artemis system health › Checks websocket broker health❌ failure10s 251ms
ts.Check artemis system health › Checks websocket connection health❌ failure10s 282ms

@florian-glombik florian-glombik mentioned this pull request Oct 27, 2025
Merged
10 tasks
@github-actions
Copy link

End-to-End (E2E) Test Results Summary

TestsPassed ☑️Skipped ⚠️Failed ❌️Time ⏱
End-to-End (E2E) Test Report205 ran193 passed3 skipped9 failed1h 14m 32s 698ms
TestResultTime ⏱
End-to-End (E2E) Test Report
e2e/exercise/quiz-exercise/QuizExerciseDropLocation.spec.ts
ts.Quiz Exercise Drop Location Spec › DnD Quiz drop locations › Checks drop locations❌ failure2m 4s 13ms
e2e/SystemHealth.spec.ts
ts.Check artemis system health › Checks continuous integration server health❌ failure10s 422ms
ts.Check artemis system health › Checks db health❌ failure10s 290ms
ts.Check artemis system health › Checks hazelcast health❌ failure10s 216ms
ts.Check artemis system health › Checks ping health❌ failure10s 199ms
ts.Check artemis system health › Checks readiness state health❌ failure10s 284ms
ts.Check artemis system health › Checks websocket broker health❌ failure10s 476ms
ts.Check artemis system health › Checks websocket connection health❌ failure10s 354ms
e2e/exam/test-exam/TestExamParticipation.spec.ts
ts.Test exam participation › Early Hand-in › Using exercise overview to navigate within exam❌ failure3m 40s 248ms

@github-actions github-actions bot added the database Pull requests that update the database. (Added Automatically!). Require a CRITICAL deployment. label Oct 29, 2025
@github-actions
Copy link

End-to-End (E2E) Test Results Summary

@florian-glombik florian-glombik mentioned this pull request Nov 3, 2025
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@krusche krusche Awaiting requested review from krusche krusche will be requested when the pull request is marked ready for review krusche is a code owner

At least 4 approving reviews are required to merge this pull request.

Assignees

@florian-glombik florian-glombik

Labels

client Pull requests that update TypeScript code. (Added Automatically!) core Pull requests that affect the corresponding module database Pull requests that update the database. (Added Automatically!). Require a CRITICAL deployment. server Pull requests that update Java code. (Added Automatically!) tests

Projects

Artemis Development
Status: Work In Progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@florian-glombik