Recached

hluk / waiverdb

Repo Added 02 May 2022 06:52AM UTC

Token FGaogxfc451EsLs4fYqx2NtYxBARlHcMv regen

Build 258 Last

Files 48

Badge

Embed ▾

LAST BUILD ON BRANCH unbind-ldap-connection
branch: SELECT

CHANGE BRANCH
x

Sync Branches

No branch selected

add-image-expiration

auth-errors

avoid-updating-python-version

bump-base-image

dependabot/pip/cryptography-37.0.2

dependabot/pip/cryptography-37.0.4

dependabot/pip/cryptography-38.0.1

dependabot/pip/cryptography-38.0.3

dependabot/pip/flask-migrate-4.0.0

dependabot/pip/flask-migrate-4.0.3

dependabot/pip/mock-5.0.0

dependabot/pip/mock-5.0.1

dependabot/pip/pip-22.3.1

dependabot/pip/setuptools-67.0.0

dependabot/pip/sphinx-6.0.0

dependabot/pip/sphinx-6.1.2

dependabot/pip/sphinx-6.1.3

dependabot/pip/sphinxcontrib-httpdomain-1.8.1

dependabot/pip/sqlalchemy-1.4.37

dependabot/pip/sqlalchemy-1.4.39

dependabot/pip/sqlalchemy-1.4.40

dependabot/pip/sqlalchemy-1.4.41

dependabot/pip/sqlalchemy-1.4.42

dependabot/pip/sqlalchemy-1.4.44

dependabot/pip/sqlalchemy-1.4.45

dependabot/pip/sqlalchemy-1.4.46

dependabot/pip/stomp-py-8.1.0

dependabot/pip/werkzeug-lt-2.3

dependabot/pip/wheel-0.38.4

docker-compose-sync

drop-flask-restful

drop-waiverdb-cli

fix-about-version

fix-docs-build

fix-duplicate-session

fix-example-subject-type

fix-flaky-test

fix-lock-file-maintenance-schedule

fix-migrations

fix-new-sqlalchemy

fix-oidc-groups

fix-oidc-token

fix-stomp-version

fix-tests

fix-tox

fix-tracing

fix-werkzeug

hatch

kafka

keycloak

konflux

ldap-gssapi

master

monthly-renovate

oidc-groups

oidc-login-form

onboard-konflux

pdm

permission-include-following

poetry

postgres-update

pydantic2

python-3.11

python-3.12-for-renovatebot

python-3.13

refactor-oidc-token

renovate

renovate-lock

revert-werkzeug

secure-cookies

show-permissions-warning

simplify-log-config

split-permission-users-groups

sync-with-greenwave

unbind-ldap-connection

update

update-authlib

update-dependencies

update-dependencies-monthly

update-opentelemetry

update-otel

update-pydantic

update-readthedocs

uv

uv-3

Committed 24 Apr 2026 12:22PM UTC coverage: 83.734%. First build

Build # 24889349661

Build Type

push

github

Committed by

hluk

Commit Message

Unbind LDAP connections to prevent file descriptor leaks

ldap.initialize() connections were never explicitly closed, relying on
garbage collection to call ldap_unbind_ext. Add finally blocks to
ensure unbind_s() is called even when exceptions occur.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Coverage Stats

264 of 368 branches covered (71.74%)

Branch coverage included in aggregate %.

13 of 13 new or added lines in 1 file covered. (100.0%)

2104 of 2460 relevant lines covered (85.53%)

0.86 hits per line

Relevant lines Covered

2460 RELEVANT LINES 2104 COVERED LINES

0.86 HITS PER LINE

Source Files on master

Recent builds

Builds	Branch	Commit	Type	Ran	Committer	Via	Coverage
24889349661	unbind-ldap-connection	Unbind LDAP connections to prevent file descriptor leaks ldap.initialize() connections were never explicitly closed, relying on garbage collection to call ldap_unbind_ext. Add finally blocks to ensure unbind_s() is called even when exceptions occ...	push	24 Apr 2026 12:26PM UTC	hluk	github	83.73
24714794508	ldap-gssapi	Drop authlib.jose and use uv sync in Dockerfile Replace authlib.jose.jwt.decode + create_load_key() with simple base64 JWT payload extraction for reading OIDC access token claims. The token was already verified during the OIDC login flow, so cryp...	push	21 Apr 2026 09:29AM UTC	hluk	github	83.71
24710457935	ldap-gssapi	Migrate LDAP to new server with GSSAPI authentication Some groups are only available in LDAP, so we cannot rely solely on OIDC token groups. Migrate to new IPA LDAP server with GSSAPI authentication, following the same approach as product-listing...	push	21 Apr 2026 07:46AM UTC	hluk	github	83.71
24400463849	ldap-gssapi	Migrate LDAP to new server with GSSAPI authentication Some groups are only available in LDAP, so we cannot rely solely on OIDC token groups. Migrate to new IPA LDAP server with GSSAPI authentication, following the same approach as product-listing...	push	14 Apr 2026 01:04PM UTC	hluk	github	83.54
23886806496	fix-oidc-groups	Fall back to decoded access token for OIDC group extraction When authenticating via the OIDC browser login, the ID token may not include group claims (realm_access.roles) depending on the Keycloak mapper configuration. Decode the access token JWT...	push	02 Apr 2026 06:14AM UTC	hluk	github	83.6
23852426946	fix-oidc-groups	Fall back to decoded access token for OIDC group extraction When authenticating via the OIDC browser login, the ID token may not include group claims (realm_access.roles) depending on the Keycloak mapper configuration. Decode the access token JWT...	push	01 Apr 2026 01:59PM UTC	Lukas Holecek	github	83.6
23845723617	fix-oidc-groups	Fall back to decoded access token for OIDC group extraction When authenticating via the OIDC browser login, the ID token may not include group claims (realm_access.roles) depending on the Keycloak mapper configuration. Decode the access token JWT...	push	01 Apr 2026 11:13AM UTC	Lukas Holecek	github	83.65
23800653172	fix-oidc-groups	Fall back to decoded access token for OIDC group extraction When authenticating via the OIDC browser login, the ID token may not include group claims (realm_access.roles) depending on the Keycloak mapper configuration. Decode the access token JWT...	push	31 Mar 2026 01:47PM UTC	hluk	github	83.43
23799209579	fix-oidc-groups	Fall back to session ID token for OIDC group extraction When authenticating via the OIDC browser login, the userinfo endpoint may not include provider-specific group claims. This change: - Requests the 'roles' OIDC scope so Keycloak includes rea...	push	31 Mar 2026 01:15PM UTC	Lukas Holecek	github	83.39
23795864800	fix-oidc-groups	Fall back to session ID token for OIDC group extraction When authenticating via the OIDC browser login, the userinfo endpoint may not include provider-specific group claims. Try the decoded ID token stored in the session as a fallback before atte...	push	31 Mar 2026 11:54AM UTC	hluk	github	84.03

See All Builds (145)

Badge your Repo: waiverdb

We detected this repo isn’t badged! Grab the embed code to the right, add it to your repo to show off your code coverage, and when the badge is live hit the refresh button to remove this message.

Embed ▾

Refresh

hluk / waiverdb

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH
x

Relevant lines Covered

Source Files on master

Recent builds

Badge your Repo: waiverdb

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

hluk / waiverdb

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH x

Relevant lines Covered

Source Files on master

Recent builds

Badge your Repo: waiverdb

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

README BADGES
x

CHANGE BRANCH
x

README BADGES
x