Validate username for basic auth with PAT (!74175) · Merge requests · GitLab.org / GitLab

Igor Drozdov requested to merge id-validate-basic-auth-username into master Nov 10, 2021

What does this MR do and why?

Currently, a user can provide any username with a PAT and, for example, clone a repo. It has a minor security implication but let's fix it to be consistent: if we require a username it must match.

Closes: #212953

Validate username for basic auth with PAT

What does this MR do and why?

Merge request reports