Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix auth process to check against username also and not just groups #293

Merged
merged 1 commit into from
Aug 17, 2017
Merged

Fix auth process to check against username also and not just groups #293

merged 1 commit into from
Aug 17, 2017

Conversation

aszmyd
Copy link
Contributor

@aszmyd aszmyd commented Aug 15, 2017

Type: bug

Description:

When using some authentication plugins other than htpasswd (we're using sinopia-github-oauth) user gets 403 if package publish/access config is setup to use username. I.e.:

packages:
    '**':
        access: $authenticated
        publish: aszmyd

Is not working as authentication is checking this publish field against user groups only. But because my user object looks like this:

{ 
    name: 'aszmyd',
    groups: [ 'org', '$all', '$authenticated', '@all', '@authenticated', 'all' ],
    real_groups: [ 'org' ] 
 }

And the current check fails.

My PR is fixing this by changing the way authentication checks publish/access configurations - now it checks also against user.name and not just user.groups

@juanpicado juanpicado self-requested a review August 17, 2017 04:18
juanpicado
juanpicado approved these changes Aug 17, 2017
View reviewed changes
Copy link
Member

@juanpicado juanpicado left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your change makes sense and fits with the documentation. I could not find any downside on this change. I'll merge. Thanks, nice catch.

@juanpicado juanpicado merged commit 5c51e48 into verdaccio:master Aug 17, 2017
@aszmyd
Copy link
Contributor Author

aszmyd commented Aug 17, 2017

Thanks. Do You have any idea when You'll be putting this to release?

@juanpicado juanpicado added this to the 2.3.x milestone Aug 17, 2017
@juanpicado
Copy link
Member

10 seconds ago ;) v2.3.6

@aszmyd
Copy link
Contributor Author

aszmyd commented Aug 17, 2017

@juanpicado super fast! Thanks!

@juanpicado
Copy link
Member

hehe thanks ! ☕️ helps at mornings ...
0p1bjhc

@lock
Copy link

lock bot commented May 30, 2018

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators May 30, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@juanpicado juanpicado juanpicado approved these changes

Assignees
No one assigned
Labels
feat: auth issue: bug
Projects
None yet
Milestone
bug fixing
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@aszmyd @juanpicado