[ 
https://issues.apache.org/jira/browse/OAK-4224?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

angela updated OAK-4224:
------------------------
    Attachment: OAK-4224_2.patch

Alternative patch that returns a {{SyncResult}} with status {{FOREIGH}} instead 
of throwing {{SyncException}}.

To me having a {{null}} value for {{SyncResult.getIdentity()}} seemed to be the 
right choice here but I wasn't totally sure I properly interpreted the API 
contract, which isn't too specific here.
[~tripod], may I kindly ask you to review this and let me know if building a 
result without a synced-id is correct and the expected outcome if no attempt 
was may to synchronize (nor testing if there existed an authorizable with the 
given ID). If not, I would appreciate if you could elaborate on the API 
contract in particular under which circumstances {{SyncResult.getIdentity}}  is 
expected to return {{null}}. Thanks a lot.

If you'd prefer throwing {{SyncException}} as proposed earlier I would be 
equally fine... just let me know your preference.

> DefaultSyncContext.sync(ExternalIdentity) should verify IDP
> -----------------------------------------------------------
>
>                 Key: OAK-4224
>                 URL: https://issues.apache.org/jira/browse/OAK-4224
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: auth-external
>            Reporter: angela
>            Priority: Minor
>         Attachments: OAK-4224.patch, OAK-4224_2.patch
>
>
> while writing more test for {{DefaultSyncContext}} i realized that the 
> implementation of {{sync(ExternalIdentity)}} doesn't verify that the given 
> external identity belongs to the same IDP than the one associated with the 
> context instance.
> IMHO this would be needed and useful particularly when multiple IDPs are 
> combined. also, the  {{DefaultSyncContext}} is a public exposed class, I 
> would prefer if it would guard against mixing up sync of external identities 
> from different sources.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to