(We are using Stash 3.7.1)
We have a user called X Y Z (actually has three names, but this probably does not matter). Until now, his .gitconfig contained the correct name, but an incorrect e-mail address (email@example.com instead of firstname.lastname@example.org) and was able to push commits to a repo which is not public and is configured (in the project) to accept commits only from a group (that he does belong to). The pushes succeeded because the username/password used for the HTTP authentication correctly mapped to the user.
I would like to avoid this kind of situation in the future. Is there a way to make Stash reject pushes containing commits which do not map to valid Stash users? (Or, preferably, Stash users with write permissions to the repo.)
It's a case of examining the information for each commit, and attempting to look up the email address provided in the commit with a StashUser, then verifying that user has write permission to the repository.
Stash makes this relatively easy... if you example the author property of each commit, it will either be a Person (someone not in the system), or a StashUser (someone in the system).
It can be done with a pre-commit hook but I'm not sure it's worth it depending on what you are trying to achieve. If it's just accidental misconfiguration or someone inadvertently pushing someone's changes to a repo they don't have access to, then, yeah. But if it's for audit or security reasons, this can only work properly with signed commits imho, because anyone can change their git config.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs