Issue 1420: forge committer bypassed
Status:  Submitted
Owner: ----
Closed:  Jun 2012
Reported by adam....@gmail.com, Jun 2, 2012
************************************************************
***** NOTE: THIS BUG TRACKER IS FOR GERRIT CODE REVIEW *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, INTERNAL *****
***** ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.    *****
***** THOSE ISSUE BELONG IN DIFFERENT ISSUE TRACKERS!  *****
************************************************************

Affected Version: 2.4

What steps will reproduce the problem?
1. make sure you don't have the "forge committer" permission
2. commit new changes
3. push changes directly to a branch, for example `git push origin HEAD:testbranch`.


What is the expected output? What do you see instead?

 In version 2.3, if I didn't have the "forge committer" permission, I would receive an error and not be able to push others' commits. In version 2.4, the behavior is the same when pushing changes for review. However, when pushing directly to a branch, I receive only part of the error and I am able to push others' commits.

The difference
version 2.3:  ! [remote rejected] HEAD -> sandbox/<user name>/asdasd22 (invalid committer)
version 2.4:  b57d732..46fc704  HEAD -> sandbox/<user name>/asdasd22


Please provide any additional information below.

version 2.3
$ git push origin HEAD:sandbox/<user name>/asdasd22
Counting objects: 5, done.
Writing objects: 100% (3/3), 233 bytes, done.
Total 3 (delta 0), reused 0 (delta 0)
remote:
remote: ERROR:  In commit 46fc704732f958efdccfdb7309fb97a7d3e406bb
remote: ERROR:  committer email address <other email>
remote: ERROR:  does not match your user account.
remote: ERROR:
remote: ERROR:  The following addresses are currently registered:
remote: ERROR:    <my email>
remote: ERROR:
remote: ERROR:  To register an email address, please visit:
remote: ERROR:  <gerrit url>/#/settings/contact
remote:
remote:
To ssh://<user name>@<gerrit url>/test.git
 ! [remote rejected] HEAD -> sandbox/<user name>/asdasd22 (invalid committer)


version 2.4
$ git push origin HEAD:sandbox/<user name>/asdasd22
Counting objects: 5, done.
Writing objects: 100% (3/3), 233 bytes, done.
Total 3 (delta 0), reused 0 (delta 0)
remote:
remote: ERROR:  In commit 46fc704732f958efdccfdb7309fb97a7d3e406bb
remote: ERROR:  committer email address <other email>
remote: ERROR:  does not match your user account.
remote: ERROR:
remote: ERROR:  The following addresses are currently registered:
remote: ERROR:    <my email>
remote: ERROR:
remote: ERROR:  To register an email address, please visit:
remote: ERROR:  <gerrit url>/#/settings/contact
remote:
remote:
To ssh://<user name>@<gerrit url>/test.git
 b57d732..46fc704  HEAD -> sandbox/<user name>/asdasd22

Jun 4, 2012
Project Member #1 edwin.ke...@gmail.com
I believe this issue was introduced by [1].

[1] https://gerrit-review.googlesource.com/32554
Status: Accepted
Jun 12, 2012
#2 adam....@gmail.com
Why is this considered a minor bug? Shouldn't security issues be a high priority?
Jun 12, 2012
Project Member #3 edwin.ke...@gmail.com
Fixed by [1].

[1] https://gerrit-review.googlesource.com/35773
Status: Submitted
Labels: -Priority-Minor Priority-Major FixedIn-2.4.1
Jun 12, 2012
#4 adam....@gmail.com
thank you