Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: endpoint for imapd to authenticate against #5295

Merged
merged 3 commits into from
Mar 14, 2023

Conversation

rjsparks
Copy link
Member

No description provided.

@rjsparks
Copy link
Member Author

Feel free to suggest a different direction for this.

@codecov
Copy link

codecov bot commented Mar 12, 2023

Codecov Report

Merging #5295 (aebd8dc) into main (61504b1) will increase coverage by 0.14%.
The diff coverage is 93.75%.

@@            Coverage Diff             @@
##             main    #5295      +/-   ##
==========================================
+ Coverage   88.61%   88.76%   +0.14%     
==========================================
  Files         294      287       -7     
  Lines       40061    39701     -360     
==========================================
- Hits        35499    35239     -260     
+ Misses       4562     4462     -100     
Impacted Files Coverage Δ
ietf/api/urls.py 100.00% <ø> (ø)
ietf/api/views.py 89.79% <92.00%> (+0.25%) ⬆️
ietf/api/ietf_utils.py 100.00% <100.00%> (ø)

... and 16 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

Copy link
Member

@jennifer-richards jennifer-richards left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need to fail if User.objects.filter(username__iexact=username).count() > 1 (equivalently, if User.objects.get(username__iexact=username) raises User.MultipleObjectsReturned). Otherwise, if two User records are somehow created with a username collision under iexact, whichever User comes up as first() can log in using either username. Assuming imapd is simply passing the username over as it receives it, it would then allow that password holder to access either account.

This is different from the cases we've dealt with before. If we want to treat it the same way, we would need to report back to imapd not only "success" but the actual username we used in deciding it was a success.

@rjsparks rjsparks merged commit 2fe4647 into ietf-tools:main Mar 14, 2023
VeselinPersinov

This comment was marked as spam.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 22, 2023
@rjsparks rjsparks deleted the api_for_imap branch April 25, 2023 20:04
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants