Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix ssh deploy and user key constraints (#1357) (#5939) #5966

Merged
merged 1 commit into from
Feb 4, 2019
Merged

Fix ssh deploy and user key constraints (#1357) (#5939) #5966

merged 1 commit into from
Feb 4, 2019

Conversation

zeripath
Copy link
Contributor

@zeripath zeripath commented Feb 4, 2019

Backport of #5939

  1. A key can either be an ssh user key or a deploy key. It cannot be both.
  2. If a key is a user key - it can only be associated with one user.
  3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
  4. If a repository is deleted, its deploy keys must be deleted too.

We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:

  • You should not be able to add the same user key as another user
  • You should not be able to add a ssh user key which is being used as a deploy key
  • You should not be able to add a ssh deploy key which is being used as a user key
  • If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
  • If you delete a repository you must delete all its deploy keys.

Fix #1357

@zeripath
Fix ssh deploy and user key constraints (go-gitea#1357) (go-gitea#5939)
7ec6e93 
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.

We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:

- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.

Fix go-gitea#1357
@zeripath zeripath added this to the 1.7.2 milestone Feb 4, 2019
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Feb 4, 2019
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 4, 2019
@zeripath zeripath merged commit 6416f06 into go-gitea:release/v1.7 Feb 4, 2019
@zeripath zeripath deleted the backport-5939 branch February 4, 2019 21:41
@zeripath zeripath mentioned this pull request Feb 17, 2019
Closed
6 tasks
@zeripath zeripath mentioned this pull request Apr 20, 2019
Closed
7 tasks
@zeripath zeripath mentioned this pull request Aug 20, 2019
Closed
7 tasks
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@techknowlogick techknowlogick techknowlogick approved these changes

@lafriks lafriks lafriks approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug
Projects
None yet
Milestone
1.7.2
Development

Successfully merging this pull request may close these issues.
4 participants
@zeripath @techknowlogick @lafriks @GiteaBot