Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disabling users includes realm in same-user validation #86473

Merged
merged 14 commits into from
May 6, 2022
Merged

Disabling users includes realm in same-user validation #86473

merged 14 commits into from
May 6, 2022

Conversation

n1v0lg
Copy link
Contributor

@n1v0lg n1v0lg commented May 5, 2022
edited
Loading

A validation check prevents users from disabling themselves. The check
is incorrect since it does not factor in realms. Users can have
overlapping usernames across realms, and should be able to disable
same-named users in other realms, authorization provided. This PR
tweaks the validation check to account for the source realm.

@n1v0lg n1v0lg changed the title Account for realms in set enabled user action validation Account for realms in set enabled user action May 5, 2022
@n1v0lg n1v0lg self-assigned this May 5, 2022
@n1v0lg n1v0lg added the Team:Security Meta label for security team label May 5, 2022
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@n1v0lg n1v0lg added :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) >bug labels May 5, 2022
@elasticsearchmachine
Copy link
Collaborator

Hi @n1v0lg, I've created a changelog YAML for you.

@n1v0lg n1v0lg changed the title Account for realms in set enabled user action Setting enabled user status accounts for source realm May 5, 2022
@n1v0lg n1v0lg changed the title Setting enabled user status accounts for source realm Disabling users includes realm in same-user validation May 5, 2022
@n1v0lg n1v0lg requested a review from ywangd May 5, 2022 15:53
ywangd
ywangd approved these changes May 6, 2022
View reviewed changes
Copy link
Member

@ywangd ywangd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@n1v0lg n1v0lg added the auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) label May 6, 2022
@elasticsearchmachine elasticsearchmachine merged commit 313893d into master May 6, 2022
@elasticsearchmachine elasticsearchmachine deleted the fix/set-enabled-same-user-check branch May 6, 2022 09:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ywangd ywangd ywangd approved these changes

Assignees

@n1v0lg n1v0lg

Labels
auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) >bug :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team v8.3.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@n1v0lg @elasticmachine @elasticsearchmachine @ywangd