Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix user_show for ckan.auth.public_user_details #7866

Merged
merged 1 commit into from Nov 13, 2023
Merged

Fix user_show for ckan.auth.public_user_details #7866

merged 1 commit into from Nov 13, 2023

Conversation

markstuart
Copy link
Contributor

Fixes #7838

Proposed fixes:

Allows _check_access to evaluate the ckan.auth.public_user_details config so that it can return the correct 403 response and not leak information about what users are in the system.

Features:

  • includes tests covering changes
  • includes updated documentation
  • includes user-visible changes
  • includes API changes
  • includes bugfix for possible backport

Please [X] all the boxes above that apply

@markstuart
Copy link
Contributor Author

typecheck failing test is fixed in #7862

@wardi wardi self-assigned this Oct 19, 2023
@Zharktas
Copy link
Member

PR is made against the wrong branch, should be done against master and cherry-picked from the to dev-v2.10

@pdelboca
Copy link
Member

pdelboca commented Nov 1, 2023

Hello @markstuart we are moving forward with the release of CKAN 2.11 and we would love to have this fix.

Could you re create the PR but targeting master instead? If you do not have time, let me know and I would create a new one. (I don't want to steal your contribution)

@markstuart markstuart changed the base branch from dev-v2.10 to master November 1, 2023 19:15
@markstuart
Copy link
Contributor Author

@pdelboca here you go, hopefully that works as expected. I'm very stretched for time right now, so I'd appreciate it if you could cherry-pick back to dev-v2.10 as suggested by @Zharktas.

@pdelboca pdelboca merged commit 9c27607 into ckan:master Nov 13, 2023
1 check failed
@pdelboca
Copy link
Member

Thanks @markstuart ! We'll backport it during the release process.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wardi wardi

Labels
zBackport 2.10.3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

user_show returns NotFound before checking authentication for anonymous users
5 participants
@markstuart @Zharktas @pdelboca @wardi @amercader