github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 21:17:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit from fork

Browse Source 
GHSA-c9p4-xwr9-rfhx

authN/authZ creds are added to the request context so that they can be
tracked and enforced in the various subsystems. However, it was
previously a appended list (incorrectly); consequently, even if the user
has been removed from the group configuration, the user could still
log in.

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
This commit is contained in:
Ramkumar Chinchani
2025-01-17 01:52:22 -08:00
committed by GitHub
parent fba695adb9
commit 002ac62d8a
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/meta/boltdb/boltdb.go
+1 -1
View File
@@ -1662,7 +1662,7 @@ func (bdw *BoltDB) SetUserGroups(ctx context.Context, groups []string) error {
return err
}
userData.Groups = append(userData.Groups, groups...)
userData.Groups = groups
err = bdw.setUserData(userid, tx, userData)
pkg/meta/dynamodb/dynamodb.go
+1 -1
View File
@@ -1647,7 +1647,7 @@ func (dwr DynamoDB) SetUserGroups(ctx context.Context, groups []string) error {
return err
}
userData.Groups = append(userData.Groups, groups...)
userData.Groups = groups
return dwr.SetUserData(ctx, userData)
}