Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OAuth strategy and authorization by user role #3

Merged
merged 13 commits into from
Jul 11, 2024
Merged

OAuth strategy and authorization by user role #3

merged 13 commits into from
Jul 11, 2024

Conversation

fblupi
Copy link
Member

@fblupi fblupi commented Jul 10, 2024

Fixes #1
Fixes #2

Copy link

gitguardian bot commented Jul 10, 2024

⚠️ GitGuardian has uncovered 5 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
9774313 Triggered Generic Password ae738db .github/workflows/lint.yml View secret
9774313 Triggered Generic Password ae738db .github/workflows/lint.yml View secret
9774313 Triggered Generic Password ae738db .github/workflows/test.yml View secret
9774313 Triggered Generic Password 31852dc .github/workflows/test.yml View secret
9774313 Triggered Generic Password 31852dc .github/workflows/test.yml View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider


🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@fblupi fblupi force-pushed the feat/oauth branch 4 times, most recently from 766e692 to b06e77f Compare July 10, 2024 08:19
@fblupi fblupi requested a review from HHassig July 10, 2024 16:42
@fblupi fblupi marked this pull request as ready for review July 10, 2024 16:42
Copy link
Collaborator

@HHassig HHassig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Further testing on a live server needed, approving to continue investigating on staging server.

@HHassig HHassig merged commit 252f0d2 into main Jul 11, 2024
3 checks passed
@fblupi fblupi deleted the feat/oauth branch July 11, 2024 11:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

User verification depending from user type of UB OAuth strategy for UB SSO
2 participants