Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport: mfa: fix startup crash when SSO users with MFA expire #6833

Merged
merged 2 commits into from
May 12, 2021
Merged

Backport: mfa: fix startup crash when SSO users with MFA expire #6833

merged 2 commits into from
May 12, 2021

Conversation

awly
Copy link
Contributor

@awly awly commented May 12, 2021

Backport of #6779 into v6

mfa: fix startup crash when SSO users with MFA expire (#6779)
f4024f3 
The user loading code is kind of convoluted: it loads all the separate
backend items from the `/web/users/` prefix into a struct. That struct
is then converted to a full `types.User` object.

For each user there are 3 kinds of backend items:
- `/params` which is the main one, containing a marshalled `types.User`
  object
- `/pwd` which contains the hashed password for local users
- `/mfa/...` which contain registered MFA devices

When an SSO user expires, we delete the first two items but not
`/mfa/...`. This is intentional, to persist MFA devices across logins.
The user loading code would fail because the user was "found" (thanks to
MFA items), but didn't have the mandatory `/params` item.

This PR ignores any users that don't have `/params` instead of
hard-failing all `GetUsers` calls.
@awly awly enabled auto-merge (squash) May 12, 2021 16:15
russjones
russjones approved these changes May 12, 2021
View reviewed changes
Copy link
Contributor

@russjones russjones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bot.

@awly awly merged commit a2d20c0 into branch/v6 May 12, 2021
@awly awly deleted the andrew/v6/startup-crash-mfa branch May 12, 2021 18:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@russjones russjones russjones approved these changes

@klizhentas klizhentas Awaiting requested review from klizhentas klizhentas is a code owner

@r0mant r0mant Awaiting requested review from r0mant r0mant is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@awly @russjones