Skip to content

Hotfix 5.12.4 to master#544

Merged
gregcorbett merged 3 commits intomasterfrom
hotfix-5.12.4
Jul 7, 2025
Merged

Hotfix 5.12.4 to master#544
gregcorbett merged 3 commits intomasterfrom
hotfix-5.12.4

Conversation

@gregcorbett
Copy link
Member

@gregcorbett gregcorbett commented Jul 3, 2025

  • if an identifier is passed that doesn't correspond to an API credential, $authEnt is an empty array, not null.
  • updateLastUseTime does not fail if $authEnt does not exist.
  • this had the affect of authorising all identifiers, which meant having an identifier is sufficient to access level 3 methods.

Testing done

Behaviour in 5.12.3, credentials vs access to endpoints

Credential Level 1 (i.e. get_service_types) Level 2 (i.e. get_cert_status_date) Level 3 (i.e. get_user)
None Y N N
Provided (User) Y Y Y*
Provided (Host) Y Y Y*
Registered (User) Y Y Y
Registered (Host) Y Y Y

* erroneous behaviour, that is addressed by this fix.

Behaviour in 5.12.4, credentials vs access to endpoints

Credential Level 1 (i.e. get_service_types) Level 2 (i.e. get_cert_status_date) Level 3 (i.e. get_user)
Missing Y N N
Provided (User) Y Y N
Provided (Host) Y Y N
Registered (User) Y Y Y
Registered (Host) Y Y Y

@gregcorbett
Fix bug in handling API credentials
1349ddf 
- if an identifier is passed that doesn't correspond to an API
  credential, $authEnt is an empty array, not `null`.
- updateLastUseTime does not fail if $authEnt does not exist.
- this had the affect of authorising all identifiers, which meant
  having an identifier is suffcient ot access level 3 methods
- it looks like this check was introduced after the restrictions
  on personal data were introduced, so the original change
  (b6c4101) may not have been as
  tested / reviewed to exhaustion as the initial restrictions
  were.
- it's also possible the upgrade to Rocky8, PHP 7.4 and newer
  newer versions of ORM changed behaviour subtly. I can't find any
  documentation to support this, and to confirm behaviour of GOCDB
  prior to the above upgrades would involve spinning up an
  SL7/PHP5 GOCDB instance.
@gregcorbett
Version bump to GOCDB 5.12.4-rc.1
c6a9d3f
@gregcorbett gregcorbett requested a review from a team as a code owner July 3, 2025 09:14
@gregcorbett gregcorbett added the bug label Jul 3, 2025
@gregcorbett gregcorbett mentioned this pull request Jul 3, 2025
Merged
Sae126V
Sae126V approved these changes Jul 3, 2025
View reviewed changes
Copy link
Contributor

@Sae126V Sae126V left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

tofu-rocketry
tofu-rocketry reviewed Jul 3, 2025
View reviewed changes
@gregcorbett gregcorbett merged commit de71634 into master Jul 7, 2025
22 checks passed
@gregcorbett gregcorbett deleted the hotfix-5.12.4 branch July 7, 2025 08:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tofu-rocketry tofu-rocketry tofu-rocketry left review comments

@Sae126V Sae126V Sae126V approved these changes

Assignees

No one assigned

Labels

bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gregcorbett @tofu-rocketry @Sae126V