You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by GitBox <gi...@apache.org> on 2022/06/10 09:59:33 UTC

[GitHub] [jackrabbit-oak] mbaedke opened a new pull request, #590: OAK-9773: DefaultSyncContext#syncMembership() compares external ids c…

mbaedke opened a new pull request, #590:
URL: https://github.com/apache/jackrabbit-oak/pull/590

   …ase-sensitively.
   
   Fixed.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] mbaedke merged pull request #590: OAK-9773: DefaultSyncContext#syncMembership() compares external ids c…

Posted by GitBox <gi...@apache.org>.

mbaedke merged PR #590:
URL: https://github.com/apache/jackrabbit-oak/pull/590


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] mbaedke commented on a diff in pull request #590: OAK-9773: DefaultSyncContext#syncMembership() compares external ids c…

Posted by GitBox <gi...@apache.org>.

mbaedke commented on code in PR #590:
URL: https://github.com/apache/jackrabbit-oak/pull/590#discussion_r897941049


##########
oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java:
##########
@@ -522,7 +522,7 @@ protected void syncMembership(@NotNull ExternalIdentity external, @NotNull Autho
         while (grpIter.hasNext()) {
             Group grp = grpIter.next();
             if (isSameIDP(grp)) {
-                declaredExternalGroups.put(grp.getID(), grp);
+                declaredExternalGroups.put(grp.getID().toLowerCase(), grp);

Review Comment:
   Hi @anchela, I don't understand. Your code would do nothing, because declaredExternalGroups is empty initially.
   Re spamming: the warnings will stay, because the ids do not change in the repo or in the LDAP.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] anchela commented on a diff in pull request #590: OAK-9773: DefaultSyncContext#syncMembership() compares external ids c…

Posted by GitBox <gi...@apache.org>.

anchela commented on code in PR #590:
URL: https://github.com/apache/jackrabbit-oak/pull/590#discussion_r894492915


##########
oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java:
##########
@@ -522,7 +522,7 @@ protected void syncMembership(@NotNull ExternalIdentity external, @NotNull Autho
         while (grpIter.hasNext()) {
             Group grp = grpIter.next();
             if (isSameIDP(grp)) {
-                declaredExternalGroups.put(grp.getID(), grp);
+                declaredExternalGroups.put(grp.getID().toLowerCase(), grp);

Review Comment:
   it is an implementation detail that the default user management in oak is not case-sensitive.
   therefore, at the very least this code should log a huge warning if the map already contained a previous value which would be replaced by this call.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] mbaedke commented on a diff in pull request #590: OAK-9773: DefaultSyncContext#syncMembership() compares external ids c…

Posted by GitBox <gi...@apache.org>.

mbaedke commented on code in PR #590:
URL: https://github.com/apache/jackrabbit-oak/pull/590#discussion_r894616218


##########
oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java:
##########
@@ -522,7 +522,7 @@ protected void syncMembership(@NotNull ExternalIdentity external, @NotNull Autho
         while (grpIter.hasNext()) {
             Group grp = grpIter.next();
             if (isSameIDP(grp)) {
-                declaredExternalGroups.put(grp.getID(), grp);
+                declaredExternalGroups.put(grp.getID().toLowerCase(), grp);

Review Comment:
   Done. Whoever has this issue will be spammed with warnings, but I guess they have to live with that.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [jackrabbit-oak] anchela commented on a diff in pull request #590: OAK-9773: DefaultSyncContext#syncMembership() compares external ids c…

Posted by GitBox <gi...@apache.org>.

anchela commented on code in PR #590:
URL: https://github.com/apache/jackrabbit-oak/pull/590#discussion_r896866667


##########
oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java:
##########
@@ -522,7 +522,7 @@ protected void syncMembership(@NotNull ExternalIdentity external, @NotNull Autho
         while (grpIter.hasNext()) {
             Group grp = grpIter.next();
             if (isSameIDP(grp)) {
-                declaredExternalGroups.put(grp.getID(), grp);
+                declaredExternalGroups.put(grp.getID().toLowerCase(), grp);

Review Comment:
   hi @mbaedke , i am not sure i can follow you on this one..... what is the new group-ids list for? and why would someone get spammed with warnings? sorry.... i don't get it.
   
   what i had in mind is something along the following lines:
   ```
   Group previous = declaredExternalGroups.put(grp.getID().toLowerCase(), grp);
   if (previous != null) {
        log.warn("Replacing group '{}' with same case-insensitive name '{}'", previous.getId(), grp.getID());
   }
   
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org