Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not allow inactive users to access repositories using private keys #3887

Merged
merged 3 commits into from
May 2, 2018
Merged

Do not allow inactive users to access repositories using private keys #3887

merged 3 commits into from
May 2, 2018

Conversation

lafriks
Copy link
Member

@lafriks lafriks commented May 2, 2018

Currently when disabling user he can still access repository using his private key when cloning/pushing using SSH

@lafriks lafriks added type/bug topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! backport/v1.4 labels May 2, 2018
@lafriks lafriks added this to the 1.5.0 milestone May 2, 2018
@lunny
Copy link
Member

lunny commented May 2, 2018

LGTM

@bkcsoft bkcsoft added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label May 2, 2018
@codecov-io
Copy link

codecov-io commented May 2, 2018
edited
Loading

Codecov Report

Merging #3887 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #3887   +/-   ##
=======================================
  Coverage   20.17%   20.17%           
=======================================
  Files         145      145           
  Lines       29151    29151           
=======================================
  Hits         5880     5880           
  Misses      22376    22376           
  Partials      895      895

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9495429...9cb8e1c. Read the comment docs.

@bkcsoft bkcsoft added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 2, 2018
@lafriks lafriks merged commit b66d6b3 into go-gitea:master May 2, 2018
@lafriks lafriks deleted the fix/ssh_inactive_user branch May 2, 2018 13:23
@lafriks lafriks added the backport/done All backports for this PR have been created label May 2, 2018
lafriks added a commit to lafriks-fork/gitea that referenced this pull request May 2, 2018
@lafriks
Do not allow inactive users to access repositories using private keys (
c730288 
…go-gitea#3887)
@lafriks lafriks mentioned this pull request May 2, 2018
Merged
lafriks added a commit that referenced this pull request May 2, 2018
@lafriks
Do not allow inactive users to access repositories using private keys (
e35d7ae 
…#3887) (#3889)
@lenidh lenidh mentioned this pull request May 12, 2018
Closed
7 tasks
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sapk sapk sapk approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug
Projects
None yet
Milestone
1.5.0
Development

Successfully merging this pull request may close these issues.
5 participants
@lafriks @lunny @codecov-io @sapk @bkcsoft