Remove untrusted Bitbucket identities and related fallback (!155094) · Merge requests · GitLab.org / GitLab

Bogdan Denkovych requested to merge bdenkovych-issue-456424-remove-fallback-and-untrusted-bitbucket-identities into master Jun 03, 2024

What does this MR do and why?

In #452426 (closed) we discovered that GitLab used Bitbucket account's username instead of uuid to connect with GitLab account. We fixed that, see https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3962. To reduce the number of impacted users by the fix, we added a temporary fallback that lets existing users with Bitbucket identity to sign in into their account if their Bitbucket and GitLab accounts have the same email. Also, the fallback automatically updates the Bitbucket identity extern_uid and mark it as trusted. We agreed to keep the temporary fallback until May 30, 2024.

This MR removes untrusted Bitbucket identities and related fallback.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Edited Jun 05, 2024 by Bogdan Denkovych

Remove untrusted Bitbucket identities and related fallback

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports