fix: propagate app_user_email when global context already exists #1590
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When invoke_tool receives an existing plugin_global_context from middleware, the user email was not being propagated to the global context. This caused plugins to receive user: null in their GlobalContext. This fix ensures the user email is always propagated to the global context when available, enabling security plugins to properly track which user made each request. Closes #1550 Supersedes #1551 Co-authored-by: Ilia Manolov <iliamanolov@outlook.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
user: nullinGlobalContextwhen the context is reused from middlewareapp_user_emailis propagated toglobal_context.userwhen availableRoot Cause
In
invoke_tool, when aplugin_global_contextis passed from middleware, the code updatedserver_idbut notuser. This caused security plugins to be unable to track which user made each request.Fix
Added propagation of
app_user_emailtoglobal_context.userin the existing context reuse path, consistent with how the fallback path already sets the user.Attribution
This PR supersedes #1551 by @IliaMManolov from Edison-Watch, which identified the issue correctly but had a minor bug in the condition (checking
gateway_idinstead ofapp_user_email).Closes #1550
Supersedes #1551
Co-authored-by: Ilia Manolov iliamanolov@outlook.com