explicitly require groups in auth model when Authenticator.manage_groups is enabled #4645
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ups is enabled avoids the experience of silently ignored config for Authenticators that don't support manage_groups
Comment on lines
+832
to
834
| group_names = authenticated["groups"] | ||
| if group_names is not None: | ||
| user.sync_groups(group_names) |
There was a problem hiding this comment.
Should authenticated["groups"] be allowed to be None - if it is, then its currently treated differently from [], where setting it to None means its not getting synced, while setting it to [] means its getting synced to no groups.
- `groups`, the list of group names the user should be a member of, if Authenticator.manage_groups is True.
The above was from the authenticate docstring, and it didnt' mention anything about groups being allowed to be None.
There was a problem hiding this comment.
Yes, it's explicitly "no change" if None. I'll add that to the doc.
I'm mostly thinking of refresh_user here, where it may not have what it needs to refresh group membership, in which case 'no change' is still okay, but it should be explicit.
consideRatio
approved these changes
Nov 28, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
avoids the experience of silently ignored config for Authenticators that don't support
manage_groups, which leads to confusion like jupyterhub/oauthenticator#706.technically breaking, because the previously unspecified behavior allowed Authenticators to omit the groups field which is interpreted as "no change to group membership." That will no longer be allowed.