Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accept multiple SSH keys in single LDAP SSHPublicKey attribute #13989

Merged
merged 11 commits into from Dec 18, 2020
Merged

Accept multiple SSH keys in single LDAP SSHPublicKey attribute #13989

merged 11 commits into from Dec 18, 2020

Conversation

zeripath
Copy link
Contributor

Fix #13984

Signed-off-by: Andrew Thornton art27@cantab.net

@zeripath
Accept multiple SSH keys in single LDAP SSHPublicKey attribute
d868283 
Fix go-gitea#13984

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath added this to the 1.14.0 milestone Dec 14, 2020
zeripath
zeripath commented Dec 14, 2020
View reviewed changes
models/user.go Outdated Show resolved Hide resolved
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Dec 14, 2020
@strk
Copy link
Member

strk commented Dec 15, 2020

Thanks, I'll try to test this out, but I'm blocked by #13993 at the moment.
I see there's an integrations/auth_ldap_test.go file which could be used to add automated testing for this fix.
Would be nice to test some malicious ssh pub keys, like containing pipes and comments and what not (injection attempts)

@lafriks
Copy link
Member

lafriks commented Dec 15, 2020

tests fail now

@zeripath
bugfix
f3be383 
Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath
fixup2
328faed
@zeripath
Copy link
Contributor Author

UGh this is quite a bit more fiddly than I initially expected.

@zeripath
Copy link
Contributor Author

Turns out that the last problem was that the marshall authorized key added a newline - which was the cause of the failing test!

@zeripath
remove additional logging
e8a6632 
Signed-off-by: Andrew Thornton <art27@cantab.net>
@codecov-io
Copy link

Codecov Report

Merging #13989 (e8a6632) into master (b8c58ed) will decrease coverage by 0.09%.
The diff coverage is 66.66%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master   #13989      +/-   ##
==========================================
- Coverage   42.23%   42.13%   -0.10%     
==========================================
  Files         710      710              
  Lines       77261    77291      +30     
==========================================
- Hits        32629    32570      -59     
- Misses      39266    39370     +104     
+ Partials     5366     5351      -15
Impacted Files Coverage Δ
models/user.go 54.61% <66.66%> (+0.26%) ⬆️
modules/notification/ui/ui.go 84.72% <0.00%> (-11.12%) ⬇️
models/issue_comment.go 45.46% <0.00%> (-7.26%) ⬇️
modules/notification/mail/mail.go 33.33% <0.00%> (-5.75%) ⬇️
services/repository/push.go 38.46% <0.00%> (-4.65%) ⬇️
modules/git/commit.go 49.67% <0.00%> (-3.95%) ⬇️
modules/notification/base/null.go 74.28% <0.00%> (-2.86%) ⬇️
modules/notification/notification.go 83.92% <0.00%> (-2.68%) ⬇️
models/notification.go 66.25% <0.00%> (-0.99%) ⬇️
services/pull/check.go 51.09% <0.00%> (-0.73%) ⬇️
... and 9 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b8c58ed...e8a6632. Read the comment docs.

@strk
Copy link
Member

strk commented Dec 16, 2020

Great that you handled to fix the existing tests, but would you please consider adding a new test for having multiple keys and malicious code in single elements coming from LDAP ? That was the issue reported in #13984

@zeripath
Add simple test
5fe2816 
Signed-off-by: Andrew Thornton <art27@cantab.net>
@strk
Copy link
Member

strk commented Dec 18, 2020

Great work ! LGTM

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Dec 18, 2020
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Dec 18, 2020
@zeripath zeripath merged commit e2b069e into go-gitea:master Dec 18, 2020
@zeripath zeripath deleted the fix-13984-multiple-keys-per-input branch December 18, 2020 17:44
@zeripath zeripath mentioned this pull request Feb 7, 2021
Closed
6 tasks
zeripath added a commit to zeripath/gitea that referenced this pull request Feb 7, 2021
@zeripath
Accept multiple SSH keys in single LDAP SSHPublicKey attribute (go-gi…
b17bb1e 
…tea#13989)

Backport go-gitea#13989

Fix go-gitea#13984

Fix go-gitea#14566

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath mentioned this pull request Feb 7, 2021
Merged
@6543 6543 added the backport/done All backports for this PR have been created label Feb 7, 2021
lunny pushed a commit that referenced this pull request Feb 8, 2021
@zeripath
Accept multiple SSH keys in single LDAP SSHPublicKey attribute (#13989)…
82637c2 
… (#14607)

Backport #13989

Fix #13984

Fix #14566

Signed-off-by: Andrew Thornton <art27@cantab.net>
@go-gitea go-gitea locked and limited conversation to collaborators Feb 11, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lunny lunny lunny approved these changes

@lafriks lafriks lafriks approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug
Projects
None yet
Milestone
1.14.0
Development

Successfully merging this pull request may close these issues.

Sanitize SSH pubkeys (and Support multiple) when sync from LDAP
7 participants
@zeripath @strk @lafriks @codecov-io @lunny @GiteaBot @6543