core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon owncloud

Remove session-handing from loadApps

Open IljaN opened this issue 3 years ago • 8 comments

Description

Remove auth code from loadApps as this shouldn't be handled there. From what we can see the code is not needed.

Related Issue

  • Fixes https://github.com/owncloud/core/issues/34524
  • Fixes https://github.com/owncloud/enterprise/issues/4950

Motivation and Context

Before this PR a unique constraint violation can be caused with SAML. Continuation of https://github.com/owncloud/core/pull/31782

How Has This Been Tested?

  • test environment:
  • test case 1:
  • test case 2:
  • ...

Types of changes

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Database schema changes (next release will require increase of minor version instead of patch)
  • [ ] Breaking change (fix or feature that would cause existing functionality to change)
  • [x] Technical debt
  • [ ] Tests only (no source changes)

Checklist:

  • [x] Code changes
  • [ ] Unit tests added
  • [ ] Acceptance tests added
  • [ ] Documentation ticket raised:
  • [ ] Changelog item, see TEMPLATE

IljaN avatar May 17 '22 06:05 IljaN

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

update-docs[bot] avatar May 17 '22 06:05 update-docs[bot]

Should we re-add this? https://github.com/owncloud/core/pull/31761/commits/310ddc805b27f824cc9034bf2f7acacd37ba6584

IljaN avatar May 17 '22 06:05 IljaN

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

sonarqubecloud[bot] avatar May 17 '22 07:05 sonarqubecloud[bot]

From my pov this code exists for a reason ... removing is kind of scary ...

The critical path here is that getToken and createToken are not atomic operations on db.

The solution would be to merge this into one function like getOrCreateToken so that we can implement this as an atomic operation on sql

DeepDiver1975 avatar May 19 '22 09:05 DeepDiver1975

The solution would be to merge this into one function like getOrCreateToken so that we can implement this as an atomic operation on sql

Yes also thought about the "upsert" idea, could there be security issue from your pov?

IljaN avatar May 19 '22 10:05 IljaN

Any news here?

cdamken avatar Jul 27 '22 12:07 cdamken

@IljaN @DeepDiver1975 see ping above ^

phil-davis avatar Jul 27 '22 14:07 phil-davis

Didn't work on this anymore

IljaN avatar Jul 27 '22 14:07 IljaN