Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[stable-3.0] Disabled user can still access their files #7087

Closed
SwikritiT opened this issue Aug 22, 2023 · 4 comments
Closed

[stable-3.0] Disabled user can still access their files #7087

SwikritiT opened this issue Aug 22, 2023 · 4 comments
Labels
Type:Bug

Comments

@SwikritiT
Copy link
Contributor

Describe the bug

Disabled user can still access their files.

Note this only exists in stable-3.0 branch

Steps to reproduce

Steps to reproduce the behavior:

  1. Create user Alice
curl -u admin:admin -X POST https://localhost:9200/graph/v1.0/users -H "Content-Type: application/json" -d '{"onPremisesSamAccountName":"Alice","passwordProfile":{"password":"123456"},"displayName":"Alice Hansen","mail":"[email protected]","accountEnabled":true}' -vk
  1. As user Alice upload a file with some content
 curl -u Alice:123456 -X PUT https://localhost:9200/remote.php/webdav/textfile0.txt -d "hello world" -vk
  1. Disable user Alice
curl -u admin:admin -X PATCH https://localhost:9200/graph/v1.0/users/<user-id-of-alice>-H "Content-Type: application/json" -d '{"accountEnabled":false}' -vk
  1. Download the file as user Alice
curl -u Alice:123456 -X GET https://localhost:9200/remote.php/webdav/textfile0.txt -vk

Expected behavior

The request should fail with 401. (this is the behaviour in master)

Actual behavior

the request is successful with 200. The disabled user can create files as well.

Setup

Branch = stable-3.0
commit id = 7c20b18

Additional context

Add any other context about the problem here.
@SwikritiT
Copy link
Contributor Author

I've created this issue because some tests are failing in the stable branch because of this and the test pass in the master.
If this is something that we don't want to fix for the stable branch then I can close this issue and skip the tests for the stable branch.

cc @micbar

@rhafer
Copy link
Contributor

rhafer commented Aug 22, 2023

Backporting this would be the fix I think: #6516

Note: This issue only affects basic auth, which is disabled by default.

@SwikritiT
Copy link
Contributor Author

Backporting this would be the fix I think: #6516

Note: This issue only affects basic auth, which is disabled by default.

If this only affects the basic auth should I just skip the tests in the stable branch? or would it be okay to backport the fix to stable as well? I can skip the test if the bug is not that big of an issue because the tests do pass in master.

@SwikritiT SwikritiT mentioned this issue Aug 22, 2023
Closed
9 tasks
@SwikritiT
Copy link
Contributor Author

since we already release ocis-4.0 this issue is no longer relevant so closing this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type:Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rhafer @SwikritiT