Remove untrusted Bitbucket identities and related fallback
What does this MR do and why?
In #452426 (closed) we discovered that GitLab used Bitbucket account's username
instead of uuid
to connect with GitLab account. We fixed that, see https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3962. To reduce the number of impacted users by the fix, we added a temporary fallback that lets existing users with Bitbucket identity to sign in into their account if their Bitbucket and GitLab accounts have the same email. Also, the fallback automatically updates the Bitbucket identity extern_uid
and mark it as trusted. We agreed to keep the temporary fallback until May 30, 2024
.
This MR removes untrusted Bitbucket identities and related fallback.
Related to https://gitlab.com/gitlab-org/gitlab/-/issues/456424
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.