Closed stlaz closed 3 years ago
@stlaz: This pull request references Bugzilla bug 1874322, which is invalid:
Comment /bugzilla refresh
to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: stlaz
The full list of commands accepted by this bot can be found here.
The pull request process is described here
/refresh
/retest impossibru, the unit test shouldn't fail
/bugzilla refresh
@stlaz: This pull request references Bugzilla bug 1874322, which is invalid:
Comment /bugzilla refresh
to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.
/bugzilla refresh
@stlaz: This pull request references Bugzilla bug 1874322, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.
/retest
I don't think this will actually resolve the bug since the bug is about the possibility to store passwords in sha1, not the requirement to do so.
Also, why do we attempt to verify passwords in this proxy at all? That doesn't make much sense to me.
@deads2k we can't remove the sha1-logins as that would break everyone who is using those, unfortunately.
This is not exactly password verification for the oauth-users, it is a htpasswd config that allows to bypass the oauth-login. I think it might be thought about as kind of a service-account idp for the proxy.
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
/remove-lifecycle stale for now
agreed with @stlaz, this just adds the bcrypt capability, while not removing sha1
/lgtm
/retest
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: s-urbaniak, stlaz
The full list of commands accepted by this bot can be found here.
The pull request process is described here
/retest
/retest
Please review the full test history for this PR and help us cut down flakes.
/test e2e-component
@stlaz: All pull requests linked via external trackers have merged:
Bugzilla bug 1874322 has been moved to the MODIFIED state.
[ART PR BUILD NOTIFIER]
This PR has been included in build golang-github-openshift-oauth-proxy-container-v4.8.0-202311261141.p0.g3fc0d89.assembly.stream for distgit golang-github-openshift-oauth-proxy. All builds following this will include this PR.
The PR is based on https://github.com/bitly/oauth2_proxy/commit/008ffae3bb5f1d068f2ea4dddb88ea80a6697297 with the expection of not including the
$2b$
prefix based on https://svn.apache.org/viewvc/apr/apr/trunk/crypto/crypt_blowfish.c?view=markup#l580