Skip to content

Draft: Sessionless activity does not need to allow owner without session

Drew Blessing requested to merge dblessing_session_enforcer_changes into master

What does this MR do and why?

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After
Screenshot_2024-05-02_at_6.09.16_PM Screenshot_2024-05-02_at_6.10.23_PM

How to set up and validate locally

  1. Ensure Group SAML is set up locally
  2. Create a top-level group test-group
  3. Enable SAML SSO for test-group ; set default role to Maintainer (or anything except Owner )
  4. Enable Enforce SSO-only authentication for Git and Dependency Proxy activity for test-group
  5. Create a sub-group test-group test-subgroup
  6. Create a project in test-subgroup and ensure it is initialized with a README : test-group test-subgroup test-subgroup-project
  7. Use SSO to sign in as user1
  8. Add an SSH key for user1 - you may need to create a second SSH key if you use your primary ssh key for root : ssh-keygen -t ed25519 -C "secondary@example.com" -f /Users/myusername/.ssh/secondary_ed25519
  9. Clone the project using the new SSH key: GIT_SSH_COMMAND='ssh -i /Users/myusername/.ssh/secondary_ed25519 -o IdentitiesOnly=yes' git clone ssh://git@gdk.test:2222/test-group/test-subgroup/test-subgroup-project.git
  10. Sign out as user1 in your web browser to ensure the SSO session is cleared
  11. Sign back in as root
  12. Navigate to test-subgroup Members
  13. Invite user1 as a direct member with Owner role
  14. In the project git repo, update README.md with some text: echo "\nDo capybaras make good pets?\n" >> README.md
  15. Commit the update: git add README.md && git commit -m 'asking important questions'
  16. Push the update: GIT_SSH_COMMAND='ssh -i /Users/myusername/.ssh/secondary_ed25519 -o IdentitiesOnly=yes' git push
  17. You should receive the error: ERROR: Cannot find valid SSO session.
  18. If you like, switch GitLab to the master branch; you should be able to push the commit without any errors
Edited by Andrew Evans

Merge request reports