This is an automated email from the ASF dual-hosted git repository.
arm pushed a commit to branch arm
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/arm by this push:
new 76a4b9e1 Validate LDAP account of the initiating user when a task is
started. Closes #663.
76a4b9e1 is described below
commit 76a4b9e13a88defb122d44aaf0a5c3b9f0dbb392
Author: Alastair McFarlane <[email protected]>
AuthorDate: Tue Feb 17 11:30:36 2026 +0000
Validate LDAP account of the initiating user when a task is started. Closes
#663.
---
atr/worker.py | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/atr/worker.py b/atr/worker.py
index 190945b3..3d0b007e 100644
--- a/atr/worker.py
+++ b/atr/worker.py
@@ -35,6 +35,7 @@ from typing import Any, Final
import sqlmodel
import atr.db as db
+import atr.ldap as ldap
import atr.log as log
import atr.models.results as results
import atr.models.sql as sql
@@ -229,6 +230,11 @@ async def _task_process(task_id: int, task_type: str,
task_args: list[str] | dic
task_results: results.Results | None
try:
+ if asf_uid != "system":
+ user_account = await ldap.account_lookup(asf_uid)
+ if user_account is None or ldap.is_banned(user_account):
+ raise RuntimeError(f"Account '{asf_uid}' is banned or does not
exist")
+
handler = tasks.resolve(task_type_member)
sig = inspect.signature(handler)
params = list(sig.parameters.values())
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
