Skip to content

Do not allow inactive users to access repositories using private keys #3887

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 2, 2018
Merged

Do not allow inactive users to access repositories using private keys #3887

merged 3 commits into from
May 2, 2018

Conversation

lafriks
Copy link
Member

@lafriks lafriks commented May 2, 2018

Currently when disabling user he can still access repository using his private key when cloning/pushing using SSH
@lafriks lafriks added type/bug topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! backport/v1.4 labels May 2, 2018
@lafriks lafriks added this to the 1.5.0 milestone May 2, 2018
@lunny
Copy link
Member

lunny commented May 2, 2018

LGTM
@bkcsoft bkcsoft added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label May 2, 2018
@codecov-io
Copy link

codecov-io commented May 2, 2018
edited
Loading

Codecov Report

Merging #3887 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@ Coverage Diff @@ ## master #3887 +/- ## ======================================= Coverage 20.17% 20.17% ======================================= Files 145 145 Lines 29151 29151 ======================================= Hits 5880 5880 Misses 22376 22376 Partials 895 895

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9495429...9cb8e1c. Read the comment docs.
@bkcsoft bkcsoft added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 2, 2018
@lafriks lafriks merged commit b66d6b3 into go-gitea:master May 2, 2018
@lafriks lafriks deleted the fix/ssh_inactive_user branch May 2, 2018 13:23
@lafriks lafriks added the backport/done All backports for this PR have been created label May 2, 2018
lafriks added a commit to lafriks-fork/gitea that referenced this pull request May 2, 2018
@lafriks
Do not allow inactive users to access repositories using private keys (
c730288 
…go-gitea#3887)
@lafriks lafriks mentioned this pull request May 2, 2018
Merged
lafriks added a commit that referenced this pull request May 2, 2018
@lafriks
Do not allow inactive users to access repositories using private keys (
e35d7ae 
…#3887) (#3889)
@lenidh lenidh mentioned this pull request May 12, 2018
Closed
7 tasks
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug

5 participants

@lafriks @lunny @codecov-io @sapk @bkcsoft