Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix username collision #6

Merged
merged 11 commits into from
Oct 30, 2023
Merged

Fix username collision #6

merged 11 commits into from
Oct 30, 2023

Conversation

Ph0tonic
Copy link
Contributor

@Ph0tonic Ph0tonic commented Oct 3, 2023

This is a PR to document the solution proposed here jupyterhub/oauthenticator#459 and to discuss it.

@Ph0tonic
Fix username collision
5f8431f 
Signed-off-by: Bastien Wermeille <[email protected]>
@Ph0tonic Ph0tonic mentioned this pull request Oct 3, 2023
Closed
sgaist added 3 commits October 5, 2023 10:44
@sgaist
fix: add username_prefix property
cf92f54 
Built from the either the service name if present or the login service.
@sgaist
refactor: ensure checks are properly done
4b66a1d 
The first step is to ensure that the user has the proper prefix otherwise
the removeprefix function will just return the same value and thus the
check can continue. Hence if the wrong prefix is present, do not allow
the user at all.
@sgaist
feat: add dev extra so that people have a proper development setup
c40918f 
The test extra only installs test related dependencies and thus
pre-commit is missing.
@sgaist
Copy link
Member

sgaist commented Oct 5, 2023

@Ph0tonic Thanks for the PR !

I have done some improvements with regards to the prefix handling.

@manics can you take a look at the latest implementation ?

@manics
Copy link
Contributor

manics commented Oct 7, 2023

There's an extreme corner case where if the login service name has a colon in this would behave incorrectly. Perhaps the easiest solution is to require that username_prefix can't contain a :, and raise an exception if it does?

@sgaist
Copy link
Member

sgaist commented Oct 7, 2023

@manics do you mean not use any separator between the prefix and the original username ?

@manics
Copy link
Contributor

manics commented Oct 7, 2023

Sorry, I meant ensure that login_service doesn't contain a :- this should ensure the first : is the separator between the authenticator and the username

@sgaist
Copy link
Member

sgaist commented Oct 7, 2023

@manics no worries, it's all good now.

manics
manics reviewed Oct 8, 2023
View reviewed changes
multiauthenticator/multiauthenticator.py Outdated Show resolved Hide resolved
multiauthenticator/multiauthenticator.py Outdated Show resolved Hide resolved
multiauthenticator/tests/test_multiauthenticator.py Outdated Show resolved Hide resolved
@sgaist
Copy link
Member

sgaist commented Oct 8, 2023
edited
Loading

@manics thanks for the suggestions !

I just realized something, I may have over-engineered service_name. login_service is part of the OAuthenticator class and not something than can be modified through traitlets hence the warning that appears during the tests. But it can be set afterward. Thinking about this, I was wondering whether we could not simply re-use that name as well for the other authenticators in the context of the MultiAuthenticator and thus remove the special handling being currently done.

That would be something to be done in a different MR though.

@manics
Copy link
Contributor

manics commented Oct 8, 2023

I can think of arguments both ways. Using an existing property means less configuration, whereas using a new property means admins can customise the resulting username (e.g. they may prefer a short prefix instead of the longer name), and makes it easier to add Authenticators that aren't related to OAuthenticator.

sgaist added 3 commits October 9, 2023 09:49
@sgaist
fix(test): user service_name to customize OAuth based oauthenticator
f6bb19b 
login_service is to a configurable traits hence service_name is more
adequate. The alternative is to create a subclass and change login_service
there.
@sgaist
fix(test): remove non existing configuration value check
dec922e 
This is wrong and rightfully triggers a warning that the user shall fix
in their code. There's no reason to check the behaviour for it in this
class.
@sgaist
refactor(test): improve invalid prefix tests
ad15cd5 
The two cases have been separated and tested for the various way an
invalid name can be created and set.
@sgaist
Copy link
Member

sgaist commented Oct 9, 2023

@manics good points, I have refactored and improved the tests with that in mind.

@sgaist sgaist merged commit ad9a2ed into idiap:main Oct 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manics manics manics left review comments

@sgaist sgaist sgaist left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Ph0tonic @sgaist @manics