You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Alexander Klimetschek (JIRA)" <ji...@apache.org> on 2016/12/15 01:40:58 UTC
[jira] [Updated] (OAK-5304)
DefaultSyncContext.sync(ExternalIdentity) does not verify same identity
provider
[ https://issues.apache.org/jira/browse/OAK-5304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexander Klimetschek updated OAK-5304:
---------------------------------------
Description:
Since OAK-4224, the external IDP should be verified to be the same, but {{DefaultSyncContext.sync(ExternalIdentity)}} doesn't do that, as it only looks at {{ExternalIdentityRef.getProviderName()}}, but never at the {{rep:externalId}} of the (existing) authorizable.
Assume there is
* a user with the authorizable id "frank"
* a {{rep:externalId}} with provider "alpha" or no such property (because locally created)
* a sync {{context}} using provider "beta"
Calling by id:
{code:java}
context.sync("frank") => result has Status.FOREIGN
{code}
Calling by external id:
{code:java}
ExternalIdentity externalId = ...
// externalId.getId() => "frank"
// externalId.getExternalId().getProviderName() => "beta"
context.sync(externalId) => result has Status.UPDATE
{code}
was:
Since OAK-4224, the external IDP should be verified to be the same, but {{DefaultSyncContext.sync(ExternalIdentity)}} doesn't do that, as it only looks at {{ExternalIdentityRef.getProviderName()}}, but never at the {{rep:externalId}} of the (existing) authorizable.
Assume there is
* a user with the authorizable id "frank"
* a {{rep:externalId}} with provider "alpha" or no such property (because locally created)
* a sync {{context}} using provider "beta"
Calling by id:
{code:java}
context.sync("frank") => result has Status.FOREIGN
{code}
Calling by ref:
{code:java}
ExternalIdentity externalId = ...
// externalId.getId() => "frank"
// externalId.getExternalId().getProviderName() => "beta"
context.sync(externalId) => result has Status.UPDATE
{code}
> DefaultSyncContext.sync(ExternalIdentity) does not verify same identity provider
> --------------------------------------------------------------------------------
>
> Key: OAK-5304
> URL: https://issues.apache.org/jira/browse/OAK-5304
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: auth-external
> Affects Versions: 1.5.15, 1.4.11
> Reporter: Alexander Klimetschek
>
> Since OAK-4224, the external IDP should be verified to be the same, but {{DefaultSyncContext.sync(ExternalIdentity)}} doesn't do that, as it only looks at {{ExternalIdentityRef.getProviderName()}}, but never at the {{rep:externalId}} of the (existing) authorizable.
> Assume there is
> * a user with the authorizable id "frank"
> * a {{rep:externalId}} with provider "alpha" or no such property (because locally created)
> * a sync {{context}} using provider "beta"
> Calling by id:
> {code:java}
> context.sync("frank") => result has Status.FOREIGN
> {code}
> Calling by external id:
> {code:java}
> ExternalIdentity externalId = ...
> // externalId.getId() => "frank"
> // externalId.getExternalId().getProviderName() => "beta"
> context.sync(externalId) => result has Status.UPDATE
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)