Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix OIDC role assigner #6605

Merged
merged 1 commit into from
Jun 23, 2023
Merged

Fix OIDC role assigner #6605

merged 1 commit into from
Jun 23, 2023

Conversation

kobergj
Copy link
Collaborator

@kobergj kobergj commented Jun 22, 2023
edited
Loading

@sonarcloud
Copy link

sonarcloud bot commented Jun 22, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

@micbar micbar mentioned this pull request Jun 23, 2023
Closed
@kobergj kobergj merged commit 76c3e3c into owncloud:master Jun 23, 2023
2 checks passed
@kobergj kobergj deleted the FixUpdateRolesAssigner branch June 23, 2023 08:32
ownclouders pushed a commit that referenced this pull request Jun 23, 2023
@kobergj
Merge pull request #6605 from kobergj/FixUpdateRolesAssigner
42a2bda 
Fix OIDC role assigner
rhafer
rhafer reviewed Jun 23, 2023
View reviewed changes
services/proxy/pkg/userroles/oidcroles.go
err := errors.New("too many roles assigned")
logger.Error().Err(err).Msg("The user has too many roles assigned")
return nil, err
logger.Error().Str("userID", user.GetId().GetOpaqueId()).Int("numRoles", len(assignedRoles)).Msg("The user has too many roles assigned")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kobergj I know I am a bit late to the party, but I fear this is not enough. We need to make sure that the assignment is re-written when len(assignedRoles) > 1. Otherwise other code reading the assigments might get confused.

It should be enough to turn the if len(assignedRoles) == 0 || (assignedRoles[0] != roleIDFromClaim) on line 96 into if len(assignedRoles) != 1 || (assignedRoles[0] != roleIDFromClaim) for that to happen.

@kobergj kobergj mentioned this pull request Jun 26, 2023
Merged
@micbar micbar mentioned this pull request Jul 3, 2023
Merged
9 tasks
@micbar micbar mentioned this pull request Jul 24, 2023
Closed
68 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rhafer rhafer rhafer left review comments

@micbar micbar micbar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kobergj @rhafer @micbar