Revert "Fix the missing DB entry in Gerrit DB"

Authored by David Ostrovsky <david@ostrovsky.org> on Jan 5 2019, 4:04 PM.


Revert "Fix the missing DB entry in Gerrit DB"

This reverts commit fcc90699fdec17b941a473221d228c832a533fc0.

Reason for revert: Security vulnerability for OAuth and OpenID auth

OAuth and OpenID authentication schemes support multiple identity
providers, e.g.: CAS-OAuth2 and GitHub-OAuth2. An attacker can easily
impersonate existing Gerrit user by creating account on a different
provider with exactly the same username as the existing Gerrit account.
Instead of creating a fresh new user, the new account is erroneously
linked to the existing Gerrit account, even though, account linking
feature was not triggered from the Gerrit UI.

The original commit tried to fix intermittent database corruption
problem, with missing record in the database, in the context of single
identity provider (LDAP) where such problem doesn't exist, as there is
no way that one single username can belong to physical different users.
Nevertheless, there should be found another workaround, as trying to
recover on the fly and introducing severe security breach for other auth
schemes supported in Gerrit.

If all else fails, the missing database record has to be inserted
manually and the corresponding account must be re-indexed.

Bug: Issue 7652
Bug: Issue 10242
Change-Id: Icba3452c153b2ae3cc1a4ebc569342641f38c07c

Event Timeline

David Pursehouse <dpursehouse@collab.net> committed rGERRITDEPLOY2afce52141f7: Revert "Fix the missing DB entry in Gerrit DB" (authored by David Ostrovsky <david@ostrovsky.org>).Jan 10 2019, 11:36 PM