Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-11723

Prevent updating attributes of non-local users

    XMLWordPrintable

    Details

    • Edition:
      Community
    • Production Notes:
      None

      Description

      Description

      Even when you have delegated authentication to an external system (which becomes the source of truth for username, e-mail, name, and sometimes groups) it is still possible to overwrite this information in the Administration UI.

      The next time the user logs in, this information is wiped away. This confuses users who don’t really understand how our implementation of Delegated Authentication works. To them, it mostly looks like a bug.

      It would be great if, in the UI, it was not possible to edit the attributes (e-mail, name) of non-local users, and not possible to edit the groups a non-local user belongs to, if group mapping is enabled.

      Technical details

      UI

      In Administration -> Security -> Users, it should not be possible to update the name and the email of external user (field local is false in response of api/users/search).
      It should still be possible to edit his SCM accounts.

      Web services

      The web service api/users/update should fail with a 400 error when trying to update the name and email of an external user (users having column USER_DTO#USER_LOCAL to false).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              pierre.guillot Pierre Guillot
              Reporter:
              julien.lancelot Julien Lancelot
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: