Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsanitize user and org names in DB #4762

Merged
merged 30 commits into from
Feb 12, 2025
Merged

Unsanitize user and org names in DB #4762

merged 30 commits into from
Feb 12, 2025

Conversation

pat-s
Copy link
Contributor

@pat-s pat-s commented Jan 23, 2025
edited by anbraten
Loading

fix #3614

As discussed in chat, preferred to use non-sanitized values everywhere.

  • Store user and org names using the casing provided by the forge
  • Allow to search for users / orgs using case insensitive names
  • Removed all sanitation in the code
  • AFAICS only the org names were stored sanitized in the DB. User names and repo names are not affected

@pat-s pat-s added bug Something isn't working server labels Jan 23, 2025
@codecov Codecov
Copy link

codecov bot commented Jan 23, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 40.00000% with 18 lines in your changes missing coverage. Please review.

Project coverage is 28.28%. Comparing base (fac744d) to head (e638c62).
Report is 11 commits behind head on main.

Files with missing lines Patch % Lines
...ore/migration/024_unsanitize_org_and_user_names.go 39.28% 14 Missing and 3 partials ⚠️
server/store/datastore/migration/common.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4762      +/-   ##
==========================================
- Coverage   28.29%   28.28%   -0.01%     
==========================================
  Files         398      399       +1     
  Lines       28295    28318      +23     
==========================================
+ Hits         8005     8011       +6     
- Misses      19580    19594      +14     
- Partials      710      713       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@pat-s pat-s changed the title Sanitize user names in DB to match org names Unsanitize user and org names in DB Jan 23, 2025
@pat-s pat-s mentioned this pull request Jan 23, 2025
Closed
2 tasks
pat-s and others added 5 commits January 23, 2025 16:52
@pat-s @xoxys
Update server/store/datastore/migration/024_unsanitize_org_and_user_n…
c0264f8 
…ames.go

Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
@pat-s @xoxys
Update server/store/datastore/migration/024_unsanitize_org_and_user_n…
fd289fa 
…ames.go

Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
@pat-s @xoxys
Update server/store/datastore/migration/024_unsanitize_org_and_user_n…
d05055b 
…ames.go

Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
@pat-s @xoxys
Update server/store/datastore/migration/024_unsanitize_org_and_user_n…
0df49fa 
…ames.go

Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
@pat-s
chore: remove org test
1c3f31e
@xoxys
Copy link
Member

xoxys commented Jan 23, 2025

Tests are failing.

anbraten
anbraten reviewed Jan 23, 2025
View reviewed changes
@xoxys
Copy link
Member

xoxys commented Jan 24, 2025
edited
Loading

After thinking of it again, I'm not sure if thats the best approach. Cant really say why but I see a lot of potential for issues and corner cases. Looks like this issue only occurs with forgejo/gitea and the api returns mixed capitalization while the forge only supports case-insensitive values. What do you think?

Edit: Tested it. You can create an org "Foo" in gitea and in that case its even displayed as "Foo" in the url.... But you cant create "foo" with the error "The organization name is already taken." This is a somewhat inconsistent behavior upstream, however I think we should switch back to the initial approach from @pat-s

@pat-s
Copy link
Contributor Author

pat-s commented Jan 27, 2025

If all users are sanitized, the user list in the UI would also reflect a non-optimal state.

The simplest fix which also wouldn't require a migration would probably be to just sanitize the comparison call of user.Login and org.Name?

@qwerty287
Copy link
Contributor

Why does the license header of the migration start with // Excerpt from:?

@pat-s @xoxys
Update server/api/login.go
90df661 
Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
@pat-s pat-s mentioned this pull request Feb 6, 2025
Closed
pat-s
pat-s commented Feb 6, 2025
View reviewed changes
@xoxys
Copy link
Member

xoxys commented Feb 6, 2025

This is worrisome. Can you check which forge ID got assigned to the user org? Actually, tests should catch this.

woodpecker_server=# select * from orgs;
 id | forge_id |    name    | is_user | private 
----+----------+------------+---------+---------
  1 |        0 | woodpecker | t       | f

forge_id is 0 while only one forge exists with id 1:

woodpecker_server=# select * from forges;
 id | type  |             url              |                client                |                      client_secret                       | skip_verify | oauth_host | additional_options 
----+-------+------------------------------+--------------------------------------+----------------------------------------------------------+-------------+------------+--------------------
  1 | gitea | http://woodpecker-gitea:3000 | **** | **** | f           |            | {}
(1 row)

@anbraten
Copy link
Member

anbraten commented Feb 6, 2025
edited
Loading

Strange, I started to add a method to the storage interface to directly get an org by name and forge-id, that might prevent such cases. Forge-id 0 sounds like not set at all (gos default for not setting a number).

@xoxys
Copy link
Member

xoxys commented Feb 6, 2025

Yeah maybe we mixed in too much different fixes into this PR? Can we revert it to focus on the sanitizing issue and move other improvements to another PR?

I have a backup of the DB before the migration from this PR so I can also re-test this PR.

@anbraten
Copy link
Member

anbraten commented Feb 7, 2025

Yeah maybe we mixed in too much different fixes into this PR? Can we revert it to focus on the sanitizing issue and move other improvements to another PR?

Extracted most other changes to #4817

@xoxys xoxys mentioned this pull request Feb 7, 2025
Merged
qwerty287
qwerty287 reviewed Feb 10, 2025
View reviewed changes
@pat-s
Copy link
Contributor Author

pat-s commented Feb 10, 2025

I don't know where this PR stands now and what there is do to - appreciated if somebody could clarify or apply the necessary actions.

@xoxys
Copy link
Member

xoxys commented Feb 11, 2025
edited
Loading

As more changes are required for #4817, can we revert those changes here so we can merge it?

@pat-s pat-s requested review from xoxys and anbraten February 11, 2025 21:56
xoxys
xoxys reviewed Feb 12, 2025
View reviewed changes
pat-s and others added 2 commits February 12, 2025 13:30
@pat-s @xoxys
Update org.go
455da60 
Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
@xoxys
Merge branch 'main' into fix/sanitize-usernames-db
63b11e7
@pat-s
Copy link
Contributor Author

pat-s commented Feb 12, 2025

@xoxys Will you test this again after merge? Is a patch release planned after merge?

@xoxys
Copy link
Member

xoxys commented Feb 12, 2025

Tested the PR already. Can login again but had no time to test fresh install and migration again.

@qwerty287
Copy link
Contributor

I don't think we need a patch, we can just release 3.1.0. This bug is present in most older versions anyways...

@Zubairrahman11

This comment was marked as spam.

Sign in to view
@Zubairrahman11

This comment was marked as spam.

Sign in to view
@pat-s pat-s merged commit a6e468a into main Feb 12, 2025
6 of 7 checks passed
@pat-s pat-s deleted the fix/sanitize-usernames-db branch February 12, 2025 20:41
@pat-s
Copy link
Contributor Author

pat-s commented Feb 12, 2025
edited
Loading

Appreciated if somebody could release 3.1.0 when it fits. Thanks for getting this merged.

@woodpecker-bot woodpecker-bot mentioned this pull request Feb 12, 2025
Merged
1 task
@BrewTestBot BrewTestBot mentioned this pull request Feb 13, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qwerty287 qwerty287 qwerty287 left review comments

@xoxys xoxys xoxys approved these changes

@anbraten anbraten Awaiting requested review from anbraten

Assignees
No one assigned
Labels
bug Something isn't working server
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CamelCase usernames get added as lower-case into DB and result in access issues
6 participants
@pat-s @xoxys @qwerty287 @anbraten @woodpecker-bot @Zubairrahman11