Bug 1610660 - New user can be created with Update user API call
Summary: New user can be created with Update user API call
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat Storage
Component: web-admin-tendrl-api
Version: rhgs-3.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: RHGS 3.4.z Batch Update 1
Assignee: Jeff Brown
QA Contact: Elena Bondarenko
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-08-01 07:15 UTC by Filip Balák
Modified: 2018-11-29 10:21 UTC (History)
6 users (show)

Fixed In Version: tendrl-api-1.6.3-7.el7rhgs
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-31 08:45:18 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github Tendrl api issues 355 0 None None None 2018-08-01 07:15:22 UTC
Red Hat Bugzilla 1654623 0 unspecified CLOSED Edited user can't log in 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHBA-2018:3427 0 None None None 2018-10-31 08:45:44 UTC

Internal Links: 1654623

Description Filip Balák 2018-08-01 07:15:22 UTC 
Description of problem:
When username and email that differ from the current one is set in update user api call [1] then new user is created. When only different username is set then there is response `is taken` for email.

Version-Release number of selected component (if applicable):
tendrl-ansible-1.6.3-5.el7rhgs.noarch
tendrl-api-1.6.3-4.el7rhgs.noarch
tendrl-api-httpd-1.6.3-4.el7rhgs.noarch
tendrl-commons-1.6.3-9.el7rhgs.noarch
tendrl-grafana-plugins-1.6.3-7.el7rhgs.noarch
tendrl-grafana-selinux-1.5.4-2.el7rhgs.noarch
tendrl-monitoring-integration-1.6.3-7.el7rhgs.noarch
tendrl-node-agent-1.6.3-9.el7rhgs.noarch
tendrl-notifier-1.6.3-4.el7rhgs.noarch
tendrl-selinux-1.5.4-2.el7rhgs.noarch
tendrl-ui-1.6.3-8.el7rhgs.noarch

How reproducible:
100%

Steps to Reproduce:
1. Login to WA:
$ curl -H 'Content-Type: application/json' -d '{"username":"admin", "password": "adminuser"}' <server>/api/1.0/login
{"access_token":<token>}
2. Create new user:
curl -H 'Content-Type: application/json' -H 'Authorization: Bearer <token>' -XPOST -d '{"name":"Tom Hardy", "username":"thardy", "email":"thardy", "role":"admin", "password":"pass1234", "email_notifications": false}' <server>/api/1.0/users
3. Set different username and email to thardy user:
curl -H 'Content-Type: application/json' -H 'Authorization: Bearer <token>' -XPUT -d '{"username":"thardy2", "email":"thardy2"}' <server>/api/1.0/users/thardy
4. List users:
curl -H 'Content-Type: application/json' -H 'Authorization: Bearer f486f3e0e816ddb9eb508bb78c19d78d42bbbfd82b741064cb88920b12e0f0e2' -XGET http://fbalak-usm1-server.usmqe.lab.eng.brq.redhat.com/api/1.0/users

Actual results:
There are 3 users: admin, thardy and thardy2.

Expected results:
thardy2 user should not be created. Either thardy username should be changed to thardy2 or this operation should not be allowed.

Additional info:

[1] https://github.com/Tendrl/api/blob/master/docs/users.adoc#update-user
Comment 2 Anand Paladugu 2018-09-07 01:55:31 UTC 
Description / steps and expected result look good to me.
Comment 4 Nishanth Thomas 2018-09-12 10:23:29 UTC 
Fixed via https://github.com/Tendrl/api/pull/443
Comment 6 Elena Bondarenko 2018-09-26 06:48:14 UTC 
Changing a username is not allowed anymore.
Comment 9 errata-xmlrpc 2018-10-31 08:45:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3427
Note You need to log in before you can comment on or make changes to this bug.