Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: fix CVE 2022 46172 #4275

Merged
merged 5 commits into from Dec 23, 2022
Merged

security: fix CVE 2022 46172 #4275

merged 5 commits into from Dec 23, 2022

Conversation

BeryJu
Copy link
Member

@BeryJu BeryJu commented Dec 23, 2022
edited

No description provided.

@BeryJu
fallback to current user in user_write, add flag to disable user crea…
3a8011d 
…tion

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
@BeryJu
update api and web ui
712b354 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
@BeryJu
update default flows
bb985cf 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
@BeryJu
add cve post to website
58ee3f7 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
@BeryJu
add tests
5cb70d9 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
@netlify
Copy link

netlify bot commented Dec 23, 2022

Deploy Preview for authentik ready!

Name Link
🔨 Latest commit 5cb70d9
🔍 Latest deploy log https://app.netlify.com/sites/authentik/deploys/63a5a7455a0994000830b267
😎 Deploy Preview https://deploy-preview-4275--authentik.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@codecov
Copy link

codecov bot commented Dec 23, 2022
edited

Codecov Report

Base: 92.92% // Head: 50.90% // Decreases project coverage by -42.02% ⚠️

Coverage data is based on head (5cb70d9) compared to base (01da8e1).
Patch coverage: 20.00% of modified lines in pull request are covered.

Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #4275       +/-   ##
===========================================
- Coverage   92.92%   50.90%   -42.01%     
===========================================
  Files         477      477               
  Lines       23428    23456       +28     
===========================================
- Hits        21767    11937     -9830     
- Misses       1661    11519     +9858
Flag Coverage Δ
e2e 48.57% <20.00%> (-5.14%) ⬇️
integration 27.41% <10.00%> (-0.03%) ⬇️
unit ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
authentik/stages/user_write/api.py 100.00% <ø> (ø)
authentik/stages/user_write/tests.py 0.00% <0.00%> (-100.00%) ⬇️
authentik/stages/user_write/stage.py 74.76% <50.00%> (-24.21%) ⬇️
authentik/stages/user_write/models.py 96.00% <100.00%> (-4.00%) ⬇️
tests/__init__.py 0.00% <0.00%> (-100.00%) ⬇️
authentik/api/schema.py 0.00% <0.00%> (-100.00%) ⬇️
authentik/root/tests.py 0.00% <0.00%> (-100.00%) ⬇️
authentik/crypto/tests.py 0.00% <0.00%> (-100.00%) ⬇️
authentik/tenants/tests.py 0.00% <0.00%> (-100.00%) ⬇️
authentik/recovery/tests.py 0.00% <0.00%> (-100.00%) ⬇️
... and 349 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@BeryJu BeryJu merged commit 84fbeb5 into main Dec 23, 2022
@BeryJu BeryJu deleted the security/CVE-2022-46172 branch December 23, 2022 13:13
BeryJu added a commit that referenced this pull request Dec 23, 2022
@BeryJu
security: fix CVE 2022 46172 (#4275)
47d79ac 
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
BeryJu added a commit that referenced this pull request Dec 23, 2022
@BeryJu
security: fix CVE 2022 46172 (#4275)
8eb73d3 
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@BeryJu