Bug #20515

User searching by login in code does not find the user because of missing unscoped

Added by Marek Hulán 4 months ago. Updated 4 months ago.

Status:Closed
Priority:Normal
Assigned To:Marek Hulán
Category:Organizations and Locations
Target version:Team Marek backlog
Difficulty: Bugzilla link:
Found in release:nightly Pull request:https://github.com/theforeman/foreman/pull/4723
Story points-
Velocity based estimate-
Release1.15.3Release relationshipAuto

Description

While reviewing PR improving roles registration from plugins I found and issue that basically disables roles creation from plugins. The condition return false if pending_migrations || Rails.env.test? || User.find_by_login(User::ANONYMOUS_ADMIN).nil? is always false because the User can never be found if User.current is nil. The same issue seems to be in ldap sync function. I think this is a good candidate for 1.15.3 since the error was introduced by #16982


Related issues

Related to Foreman - Bug #16982: CVE-2016-7078 - User with no organizations or locations c... Closed 10/18/2016

Associated revisions

Revision d3fd7441
Added by Marek Hulán 4 months ago

Fixes #20515 - always find user by login

Revision aa6a30b8
Added by Marek Hulán 4 months ago

Fixes #20515 - always find user by login

(cherry picked from commit d3fd7441f2c442467fdbea2fa30718e02f193988)

History

#1 Updated by Marek Hulán 4 months ago

  • Related to Bug #16982: CVE-2016-7078 - User with no organizations or locations can see all resources added

#2 Updated by The Foreman Bot 4 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/4723 added

#3 Updated by Anonymous 4 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF