Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #36699 - Reject invalid expiration dates for PATs #9811

Merged
merged 1 commit into from
Aug 28, 2023
Merged

Fixes #36699 - Reject invalid expiration dates for PATs #9811

merged 1 commit into from
Aug 28, 2023

Conversation

adamruzicka
Copy link
Contributor

Previously invalid dates were silently discarded, resulting into PATs being created without expiration dates.

@theforeman-bot
Copy link
Member

Issues: #36699

ekohl
ekohl previously approved these changes Aug 24, 2023
View reviewed changes
Copy link
Member

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small nits to use a more precise assertion, but otherwise 👍

test/models/personal_access_token_test.rb Outdated Show resolved Hide resolved
test/models/personal_access_token_test.rb Outdated Show resolved Hide resolved
@pondrejk
Copy link
Contributor

Checked using the related test in robottelo automation against patched stream build:

pytest tests/foreman/cli/test_user.py::TestPersonalAccessToken::test_negative_personal_access_token_invalid_date
============================================= test session starts =============================================
                                                             
tests/foreman/cli/test_user.py .                                                                        [100%]

============================================= 1 passed in 28.59s ==============================================

@adamruzicka adamruzicka force-pushed the pat-dates branch 2 times, most recently from 52d0cea to 33bc3d7 Compare August 25, 2023 10:15
ofedoren
ofedoren reviewed Aug 28, 2023
View reviewed changes
app/models/personal_access_token.rb Outdated

def expires_at_in_future
if changes.key?('expires_at') && expires_at.present? && expires_at < Time.zone.now
errors.add(:expires_at, "cannot be in the past")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't we translate the errors?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, fixed

@adamruzicka
Fixes #36699 - Reject invalid expiration dates for PATs
5d48af7 
Previously invalid dates were silently discarded, resulting into PATs being
created without expiration dates.
ofedoren
ofedoren approved these changes Aug 28, 2023
View reviewed changes
Copy link
Member

@ofedoren ofedoren left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @adamruzicka, checked with hammer.
Before:

$ hammer user access create --user user --name name --expires-at 2021-12-12
Personal access token [name] created:
cMDyzdVNTMpOG8FI1cZALw

$ hammer user access create --user user --name name --expires-at 2024-44-44
Personal access token [name] created:
iavA1FNNMtoSQkvV8TtoZA

After:

$ hammer user access create --user user --name name --expires-at 2021-12-12
Could not create personal access token:
  Expires at cannot be in the past
  
 $ hammer user access create --user user --name name --expires-at 2024-44-44
Could not create personal access token:
  Expires at Could not parse timestamp '2024-44-44'

Side-note: currently the issue seems to appear only for API/hammer side. In UI we do these checks, so the PAT won't be created unless it's valid per there checks as well.

@ofedoren ofedoren merged commit 943c9f4 into theforeman:develop Aug 28, 2023
5 checks passed
@adamruzicka adamruzicka deleted the pat-dates branch January 4, 2024 12:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pondrejk pondrejk pondrejk approved these changes

@ofedoren ofedoren ofedoren approved these changes

@ekohl ekohl ekohl left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@adamruzicka @theforeman-bot @pondrejk @ekohl @ofedoren