Mirrors/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-31 09:31:53 +01:00
Code Issues Activity

Fix accidental overwriting of LDAP team memberships (#24050)

Browse Source 
In the `for` loop, the value of `membershipsToAdd[org]` and
`membershipsToRemove[org]` is a slice that should be appended instead of
overwritten.
Due to the current overwrite, the LDAP group sync only matches the last
group at the moment.

## Example reproduction
- an LDAP user is both a member of
`cn=admin_staff,ou=people,dc=planetexpress,dc=com` and
`cn=ship_crew,ou=people,dc=planetexpress,dc=com`.
- configuration of `Map LDAP groups to Organization teams ` in
`Authentication Sources`:
```json
{
    "cn=admin_staff,ou=people,dc=planetexpress,dc=com":{
        "test_organization":[
            "admin_staff",
            "test_add"
        ]
    },
    "cn=ship_crew,ou=people,dc=planetexpress,dc=com":{
        "test_organization":[
            "ship_crew"
        ]
}
```
- start `Synchronize external user data` task in the `Dashboard`.
- the user was only added for the team `test_organization.ship_crew`
This commit is contained in:
sillyguodong 2023-04-12 07:54:26 +08:00 committed by GitHub
parent 6a4be2cb6a
commit 890d10c7c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
services/auth/source/source_group_sync.go
View File

@ -52,11 +52,11 @@ func resolveMappedMemberships(sourceUserGroups container.Set[string], sourceGrou
isUserInGroup := sourceUserGroups.Contains(group)
if isUserInGroup {
for org, teams := range memberships {
membershipsToAdd[org] = teams
membershipsToAdd[org] = append(membershipsToAdd[org], teams...)
}
} else {
for org, teams := range memberships {
membershipsToRemove[org] = teams
membershipsToRemove[org] = append(membershipsToRemove[org], teams...)
}
}
}