fix: reviewer lease release passes remote alias to _authenticated_username #578

Closed
opened 2026-07-09 09:13:50 -05:00 by jcwalker3 · 1 comment
Owner

Problem

gitea_release_reviewer_pr_lease (and related lease acquire/adopt/gate paths) call _authenticated_username(remote) with the remote alias (prgs / dadeschools) instead of the resolved host.

_authenticated_username expects a host for get_auth_header / gitea_url. With a remote alias, identity resolves empty, so same-identity release across sessions fail-closes as unauthorized even when the authenticated user is the lease owner.

Impact

After REQUEST_CHANGES, orphaned reviewer leases block author conflict-fix pushes. Reviewer sessions that share the same identity but not the original session_id cannot release the lease until TTL/reclaim.

Observed on open queue #455/#456/#457/#516: local conflict-fixes ready, push gate returns active reviewer lease blocks, and release returns unauthorized despite whoami matching the lease owner.

Fix

Pass resolved host h from _resolve(...) into _authenticated_username(h) in:

  • _reviewer_pr_lease_gate
  • gitea_acquire_reviewer_pr_lease
  • gitea_adopt_merger_pr_lease
  • gitea_release_reviewer_pr_lease

Acceptance

  • Same-identity release succeeds across different session_ids
  • Regression test proves identity is resolved with host, not remote alias
  • Foreign-identity leases remain unauthorized until reclaim/expire
## Problem `gitea_release_reviewer_pr_lease` (and related lease acquire/adopt/gate paths) call `_authenticated_username(remote)` with the remote alias (`prgs` / `dadeschools`) instead of the resolved host. `_authenticated_username` expects a host for `get_auth_header` / `gitea_url`. With a remote alias, identity resolves empty, so same-identity release across sessions fail-closes as unauthorized even when the authenticated user is the lease owner. ## Impact After REQUEST_CHANGES, orphaned reviewer leases block author conflict-fix pushes. Reviewer sessions that share the same identity but not the original session_id cannot release the lease until TTL/reclaim. Observed on open queue #455/#456/#457/#516: local conflict-fixes ready, push gate returns active reviewer lease blocks, and release returns unauthorized despite whoami matching the lease owner. ## Fix Pass resolved host `h` from `_resolve(...)` into `_authenticated_username(h)` in: - `_reviewer_pr_lease_gate` - `gitea_acquire_reviewer_pr_lease` - `gitea_adopt_merger_pr_lease` - `gitea_release_reviewer_pr_lease` ## Acceptance - Same-identity release succeeds across different session_ids - Regression test proves identity is resolved with host, not remote alias - Foreign-identity leases remain unauthorized until reclaim/expire
jcwalker3 added the status:in-progress label 2026-07-09 11:11:12 -05:00
Author
Owner

Issue claim heartbeat

<!-- gitea-issue-claim-heartbeat:v1 --> **Issue claim heartbeat** - kind: claim - issue: #578 - branch: fix/issue-578-reviewer-lease-identity - phase: claimed - profile: prgs-author - pr: none - blocker: none - next_action: create worktree and begin implementation
jcwalker3 added status:pr-open and removed status:in-progress labels 2026-07-09 11:13:21 -05:00
Sign in to join this conversation.
No labels status:pr-open
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#578