Prevent user with empty uid #6

Merged
merged 1 commit into from Sep 30, 2016

Projects

None yet

7 participants

@butonic
Member
butonic commented Sep 29, 2016

The uid might be empty if the mapped owncloud_username, eg. mail is empty. While admins should make sure the attribute is always set the ldap admins are only human. Errors happen and we need to protect against user errer. In this case we should die hard, giving everyone a hint at what might be wrong, which is why I use assert(). It will throw an exception and prevent further desaster. As in overwriting the quota for all users ...

@CLAassistant
CLAassistant commented Sep 29, 2016 edited

CLA assistant check
All committers have signed the CLA.

@mention-bot

@butonic, thanks for your PR! By analyzing the annotation information on this pull request, we identified @blizzz, @DeepDiver1975 and @VicDeo to be potential reviewers

@butonic butonic added the enhancement label Sep 29, 2016
@butonic
Member
butonic commented Sep 29, 2016

@owncloud/ldap quick review

@jvillafanez
Contributor

🚫

Assertions can be disabled, and we should assume they will disabled on production. Taking into account that the code depends on an external service (LDAP) whose configuration is completely unknown, we can't consider that the code will be "safe" to be run without assertions once it reach production.

Just checking and throwing the exception seems a better option.

@butonic butonic Prevent user with empty uid
50d0b3a
@butonic
Member
butonic commented Sep 30, 2016

@jvillafanez @DeepDiver1975 done, makes sense.

@jvillafanez
Contributor

👍

@DeepDiver1975 DeepDiver1975 merged commit 078372b into master Sep 30, 2016

2 of 3 checks passed

Scrutinizer Created
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
licence/cla Contributor License Agreement is signed.
Details
@DeepDiver1975 DeepDiver1975 deleted the preventemptyuid branch Sep 30, 2016
@PVince81
Contributor
PVince81 commented Oct 4, 2016

triple combo facepalm hit combo

@blizzz blizzz referenced this pull request in nextcloud/server Oct 4, 2016
Merged

Prevent user with empty uid #1616

@PVince81
Contributor
PVince81 commented Dec 6, 2016

Please backport to 9.1 and 9.0

@jvillafanez
Contributor
@SergioBertolinSG
Member

This field corresponds in the ldap app's expert tab to uuid or internal username?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment