Details
-
Improvement
-
Resolution: Won't Fix
-
Minor
-
COmanage Registry 3.2.2 (Oyster Pearl MR2)
-
None
Description
The GitHub API used by COmanage does not support repository invitations:
https://github.com/KnpLabs/php-github-api/issues/713
This means that there's a race condition when removing unknown users, as if the user is added to a team, but removed before they accept the invitation, their invite is still pending and they can join the team. This will be fixed the next time the group is synced, but to prevent a security hole the GitHub organization admin has to manually check this and remove pending invitations of removed group members.