New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix ssh deploy and user key constraints (#1357) (#5939) #5966

Merged
merged 1 commit into from Feb 4, 2019

Conversation

4 participants
@zeripath
Copy link
Contributor

zeripath commented Feb 4, 2019

Backport of #5939

  1. A key can either be an ssh user key or a deploy key. It cannot be both.
  2. If a key is a user key - it can only be associated with one user.
  3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
  4. If a repository is deleted, its deploy keys must be deleted too.

We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:

  • You should not be able to add the same user key as another user
  • You should not be able to add a ssh user key which is being used as a deploy key
  • You should not be able to add a ssh deploy key which is being used as a user key
  • If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
  • If you delete a repository you must delete all its deploy keys.

Fix #1357

Fix ssh deploy and user key constraints (#1357) (#5939)
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.

We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:

- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.

Fix #1357

@zeripath zeripath added this to the 1.7.2 milestone Feb 4, 2019

@lafriks

lafriks approved these changes Feb 4, 2019

@GiteaBot GiteaBot added the lgtm/need 1 label Feb 4, 2019

@lafriks lafriks added the kind/bug label Feb 4, 2019

@GiteaBot GiteaBot added lgtm/done and removed lgtm/need 1 labels Feb 4, 2019

@zeripath zeripath merged commit 6416f06 into go-gitea:release/v1.7 Feb 4, 2019

2 checks passed

approvals/lgtm this commit looks good
continuous-integration/drone/pr the build was successful
Details

@zeripath zeripath deleted the zeripath:backport-5939 branch Feb 4, 2019

@zeripath zeripath referenced this pull request Feb 17, 2019

Closed

Deployment keys should not collide with user keys #938

2 of 6 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment