Skip to content

[stable26] fix(Session): avoid password confirmation on SSO #45812

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 18, 2024
Merged

[stable26] fix(Session): avoid password confirmation on SSO #45812

merged 4 commits into from
Jun 18, 2024

Conversation

blizzz
Copy link
Member

@blizzz blizzz commented Jun 12, 2024
edited
Loading

Backport of #43942 and #45809

With same adjustments as in #45703 (comment)

@blizzz blizzz added bug 3. to review Waiting for reviews labels Jun 12, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 12, 2024
View reviewed changes
@blizzz blizzz force-pushed the backport/43942/stable26 branch from ef675f8 to eb1084b Compare June 12, 2024 12:53
blizzz added 3 commits June 12, 2024 19:35
@blizzz
fix(Session): avoid password confirmation on SSO
eea5e1c 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <[email protected]>
@blizzz
fix(Token): make new scope future compatible
0f5c8f9 
- "password-unconfirmable" is the effective name for 30, but a draft
  name was backported.

Signed-off-by: Arthur Schiwon <[email protected]>
@blizzz
style(PHP): remove unacceptable empty lines
06c64fd 
Signed-off-by: Arthur Schiwon <[email protected]>
@blizzz blizzz added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Jun 12, 2024
@blizzz blizzz force-pushed the backport/43942/stable26 branch from 2da6020 to 06c64fd Compare June 12, 2024 17:36
@blizzz

This comment was marked as resolved.

Sign in to view
@blizzz blizzz merged commit 72feb5a into stable26 Jun 18, 2024
36 of 38 checks passed
@blizzz blizzz deleted the backport/43942/stable26 branch June 18, 2024 17:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@artonge artonge artonge approved these changes

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

Assignees
No one assigned
Labels
4. to release Ready to be released and/or waiting for tests to finish bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@blizzz @ChristophWurst @artonge