Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[17.0][IMP] auth_saml: only write value that changes #726

Open
wants to merge 1 commit into
base: 17.0
Choose a base branch
from

Conversation

vincent-hatakeyama
Copy link
Contributor

When using mapping, not writing the value systematically avoids getting security mail on login/email changes when there is no change. Also use SQL for blanking passwords avoids the security update mails.

@vincent-hatakeyama vincent-hatakeyama force-pushed the feature/17.0/auth-saml/write-only-necessary-fields branch 2 times, most recently from b1dc23b to 2468d5e Compare November 12, 2024 12:12
When using mapping, not writing the value systematically avoids getting
security mail on login/email changes when there is no change.
Also use SQL for blanking passwords avoids the security update mails.
@vincent-hatakeyama vincent-hatakeyama force-pushed the feature/17.0/auth-saml/write-only-necessary-fields branch from 2468d5e to d481a04 Compare January 21, 2025 08:57
@vincent-hatakeyama
Copy link
Contributor Author

@OCA/tools-maintainers Any chance for a review?

It needs to be ported in 16 and 18 and I’d rather have a review first.

@thomaspaulb
Copy link
Contributor

@vincent-hatakeyama If you can try to do review trades with other PR authors, that would be preferable, and then can ping us PSC's for a merge.

# when login/email changes (from mail module)
vals = {}
for key, value in validation.get("mapped_attrs", {}).items():
if not isinstance(value, str) or getattr(user, key) != value:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if not isinstance(value, str) or getattr(user, key) != value:
if not isinstance(value, str) or user[key] != value:

is it granted that value will be compatible w/ the field type? Eg: what if you have a boolean field and you compare False with 0?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants