Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security): Only allow System Administrators to create users #3022

Merged
merged 3 commits into from
Feb 5, 2024
Merged

fix(security): Only allow System Administrators to create users #3022

merged 3 commits into from
Feb 5, 2024

Conversation

seakayone
Copy link
Collaborator

@seakayone seakayone commented Feb 5, 2024
edited

Fixes a severe security problem. Anonymous users were able to create System Administrator account.

Pull Request Checklist

Task Description/Number

PR Type

  • build/chore: maintenance tasks (no production code change)
  • docs: documentation changes (no production code change)
  • feat: represents new features
  • fix: represents bug fixes
  • perf: performance improvements
  • refactor: represents production code refactoring
  • test: adding or refactoring tests (no production code change)

Basic requirements for bug fixes and features

  • Tests for the changes have been added
  • Docs have been added / updated

Does this PR introduce a breaking change?

  • Yes

Does this PR change client-test-data?

  • Yes

@seakayone seakayone self-assigned this Feb 5, 2024
@seakayone seakayone marked this pull request as ready for review February 5, 2024 14:58
@seakayone seakayone enabled auto-merge (squash) February 5, 2024 15:05
@codecov Codecov
Copy link

codecov bot commented Feb 5, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (eac5751) 11.74% compared to head (bfab7a0) 11.33%.
Report is 45 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3022      +/-   ##
==========================================
- Coverage   11.74%   11.33%   -0.41%     
==========================================
  Files         246      258      +12     
  Lines       22907    22848      -59     
==========================================
- Hits         2690     2590     -100     
- Misses      20217    20258      +41

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

mpro7
mpro7 approved these changes Feb 5, 2024
View reviewed changes
Copy link
Collaborator

@mpro7 mpro7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's get back to secured!

@seakayone seakayone merged commit 5ab6e35 into main Feb 5, 2024
11 checks passed
@seakayone seakayone deleted the fix/secure-add-user-with-system-admin-credentials branch February 5, 2024 15:46
@daschbot daschbot mentioned this pull request Feb 5, 2024
Merged
@seakayone seakayone changed the title fix: Only allow System Administrators to create users fix(security): Only allow System Administrators to create users Feb 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@siers siers siers approved these changes

@mpro7 mpro7 mpro7 approved these changes

@BalduinLandolt BalduinLandolt BalduinLandolt approved these changes

@subotic subotic Awaiting requested review from subotic

Assignees

@seakayone seakayone

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@seakayone @siers @mpro7 @BalduinLandolt