[pve-devel] applied: [PATCH pve-access-control] fix #5190: access-control: openid acr format regex

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Feb 8 18:27:25 CET 2024

Am 06/02/2024 um 11:11 schrieb Gabriel Goller:
> Restrict the acr-value regex a little bit so as to align the behavior
> with PBS. The openid documentation says that the acr-value *should* be
> an URI [0]. Added a regex that loosely disallows some of the reserved URI
> characters specified in the RFC [1].
> Values like:
>  * "urn:mace:incommon:iap:silver"
>  * "urn:comsolve.nl:idp:contract:rba:location"
> SHOULD work, but values like:
>  * "urn:#ace:incommon:iap:silver"
>  * "urn:"omsolve.nl:idp:contract:rba:location"
> should NOT work.
> [0]: https://openid.net/specs/openid-connect-core-1_0.html
> [1]: https://www.rfc-editor.org/rfc/rfc2396.txt
> Signed-off-by: Gabriel Goller <g.goller at proxmox.com>
> ---
>  src/PVE/Auth/OpenId.pm | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

applied, thanks!

But I had to reword the commit message to actually mention the PBS fix,
I also moved the reference to the bug #5190 down in the commit message
body, as we do not fix that bug here so it doesn't make sense to state
so in the subject.

I also dropped the "access-control" tag from the commit subject, we're
already in the pve-**access-control** repo, so that's a given, see:

> Don't add tags for things that are already clear from context, for
> example, adding a qemu tag for a patch in the qemu-server repository
> has no use. 

-- https://pve.proxmox.com/wiki/Developer_Documentation#Commits_and_Commit_Messages

More information about the pve-devel mailing list