Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix accidental overwriting of LDAP team memberships (#24050) #24065

Merged
merged 6 commits into from
Apr 12, 2023

Conversation

GiteaBot
Copy link
Collaborator

Backport #24050 by @sillyguodong

In the for loop, the value of membershipsToAdd[org] and membershipsToRemove[org] is a slice that should be appended instead of overwritten.
Due to the current overwrite, the LDAP group sync only matches the last group at the moment.

Example reproduction

  • an LDAP user is both a member of cn=admin_staff,ou=people,dc=planetexpress,dc=com and cn=ship_crew,ou=people,dc=planetexpress,dc=com.
  • configuration of Map LDAP groups to Organization teams in Authentication Sources:
{
    "cn=admin_staff,ou=people,dc=planetexpress,dc=com":{
        "test_organization":[
            "admin_staff",
            "test_add"
        ]
    },
    "cn=ship_crew,ou=people,dc=planetexpress,dc=com":{
        "test_organization":[
            "ship_crew"
        ]
}
  • start Synchronize external user data task in the Dashboard.
  • the user was only added for the team test_organization.ship_crew

In the `for` loop, the value of `membershipsToAdd[org]` and
`membershipsToRemove[org]` is a slice that should be appended instead of
overwritten.
Due to the current overwrite, the LDAP group sync only matches the last
group at the moment.

## Example reproduction
- an LDAP user is both a member of
`cn=admin_staff,ou=people,dc=planetexpress,dc=com` and
`cn=ship_crew,ou=people,dc=planetexpress,dc=com`.
- configuration of `Map LDAP groups to Organization teams ` in
`Authentication Sources`:
```json
{
    "cn=admin_staff,ou=people,dc=planetexpress,dc=com":{
        "test_organization":[
            "admin_staff",
            "test_add"
        ]
    },
    "cn=ship_crew,ou=people,dc=planetexpress,dc=com":{
        "test_organization":[
            "ship_crew"
        ]
}
```
- start `Synchronize external user data` task in the `Dashboard`.
- the user was only added for the team `test_organization.ship_crew`
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Apr 11, 2023
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Apr 12, 2023
@lunny lunny added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Apr 12, 2023
@delvh delvh enabled auto-merge (squash) April 12, 2023 09:42
@delvh delvh merged commit 37d3e0e into go-gitea:release/v1.19 Apr 12, 2023
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Apr 12, 2023
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Jul 31, 2023
@techknowlogick techknowlogick deleted the backport-24050-v1.19 branch September 9, 2023 05:31
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants