Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various fixes in login sources #10428

Merged
merged 3 commits into from
Feb 23, 2020
Merged

Various fixes in login sources #10428

merged 3 commits into from
Feb 23, 2020

Conversation

guillep2k
Copy link
Member

@guillep2k guillep2k commented Feb 23, 2020
edited by zeripath
Loading

  • Only autoregister users from external login sources (eg. PAM and SMTP authentication) if the username is valid i.e. [A-Za-z0-9_.-]+ NOTE: This is a breaking change.

  • Call pam_get_item(PAM_USER...) to allow PAM pipelines to adjust the username

@guillep2k guillep2k added pr/breaking Merging this PR means builds will break. Needs a description what exactly breaks, and how to fix it! type/bug topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! labels Feb 23, 2020
@guillep2k guillep2k added this to the 1.12.0 milestone Feb 23, 2020
@techknowlogick techknowlogick added type/refactoring Existing code has been cleaned up. There should be no new functionality. and removed topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! labels Feb 23, 2020
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Feb 23, 2020
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 23, 2020
@codecov-io
Copy link

Codecov Report

❗ No coverage uploaded for pull request base (master@0b74dfe). Click here to learn what that means.
The diff coverage is 50%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master   #10428   +/-   ##
=========================================
  Coverage          ?   43.67%           
=========================================
  Files             ?      586           
  Lines             ?    81386           
  Branches          ?        0           
=========================================
  Hits              ?    35544           
  Misses            ?    41439           
  Partials          ?     4403
Impacted Files Coverage Δ
modules/notification/webhook/webhook.go 40.66% <50%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0b74dfe...905b058. Read the comment docs.

@jolheiser jolheiser merged commit 09dbd85 into go-gitea:master Feb 23, 2020
zeripath pushed a commit to zeripath/gitea that referenced this pull request Feb 23, 2020
@guillep2k @zeripath
Various fixes in login sources (go-gitea#10428)
033aef5
@zeripath zeripath mentioned this pull request Feb 23, 2020
Merged
lafriks pushed a commit that referenced this pull request Feb 23, 2020
@zeripath @guillep2k
Various fixes in login sources (#10428) (#10429)
d3b6f00 
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
@lafriks lafriks added the backport/done All backports for this PR have been created label Feb 23, 2020
@zeripath zeripath added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Mar 6, 2020
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jolheiser jolheiser jolheiser approved these changes

@zeripath zeripath zeripath approved these changes

@techknowlogick techknowlogick techknowlogick approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. pr/breaking Merging this PR means builds will break. Needs a description what exactly breaks, and how to fix it! topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug type/refactoring Existing code has been cleaned up. There should be no new functionality.
Projects
None yet
Milestone
1.12.0
Development

Successfully merging this pull request may close these issues.
7 participants
@guillep2k @codecov-io @techknowlogick @zeripath @jolheiser @lafriks @GiteaBot