-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Escape commas in usernames to fix rbac permissions #19365
Conversation
Changed the Name entry under projDeveloper in the api_test.go file for testing rbac corner cases.
Adjusted the GetUserName method in rbacUser.go to replace commas with underscores. This fixes a bug with commas in usernames.
a4b40f3
to
5c93b38
Compare
How can i recheck the DCO? |
Codecov Report
@@ Coverage Diff @@
## release-2.7.0 #19365 +/- ##
==================================================
- Coverage 66.41% 44.02% -22.40%
==================================================
Files 1012 245 -767
Lines 108713 13398 -95315
Branches 2678 2678
==================================================
- Hits 72207 5898 -66309
+ Misses 32542 7215 -25327
+ Partials 3964 285 -3679
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
I signed it yesterday and force pushed |
Because the OIDC onboard function checked the comma in the username, we need to investigate how the comma comes to the username in the database. |
You can also create usernames with comma and authdb |
@stonezdj, how can we move here further forward? |
This PR is being marked stale due to a period of inactivty. If this PR is still relevant, please comment or remove the stale label. Otherwise, this PR will close in 30 days. |
This PR was closed because it has been stalled for 30 days with no activity. If this PR is still relevant, please re-open a new PR against main. |
Pull request was closed
Comprehensive Summary of your change
This change escape
,
in username which breaks rbac validation.Which leads to that every user with
,
in his name wasn't able to access an repository via portal or API.Issue being fixed
Fixes #19356
Please indicate you've done the following: