[
https://issues.apache.org/jira/browse/OAK-4224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15246220#comment-15246220
]
angela edited comment on OAK-4224 at 4/18/16 6:17 PM:
------------------------------------------------------
alternatively, we might return a {{SyncResult}} with status {{FOREIGN}} along
with an appropriate {{SyncedIdentity}} instead of throwing... performing the
verification upfront looked straight forward to me in particular as I would
consider it a bug of the caller if it passed an {{ExternalIdentity}} from a
different IDP.
was (Author: anchela):
alternatively, we might return a {{SyncResult}} with status {{FOREIGN}} instead
of throwing... i don't have a strong preference here.
> DefaultSyncContext.sync(ExternalIdentity) should verify IDP
> -----------------------------------------------------------
>
> Key: OAK-4224
> URL: https://issues.apache.org/jira/browse/OAK-4224
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: auth-external
> Reporter: angela
> Priority: Minor
> Attachments: OAK-4224.patch
>
>
> while writing more test for {{DefaultSyncContext}} i realized that the
> implementation of {{sync(ExternalIdentity)}} doesn't verify that the given
> external identity belongs to the same IDP than the one associated with the
> context instance.
> IMHO this would be needed and useful particularly when multiple IDPs are
> combined. also, the {{DefaultSyncContext}} is a public exposed class, I
> would prefer if it would guard against mixing up sync of external identities
> from different sources.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
