fvigotti opened a new issue, #537: URL: https://github.com/apache/pulsar-manager/issues/537
v 0.4.0 ( from the official docker image docker.io/apachepulsar/pulsar-manager:v0.4.0 ) this endpoint is not idempotent : ``` CSRF_TOKEN=$(curl http://127.0.0.1:7750/pulsar-manager/csrf-token) curl \ -H "X-XSRF-TOKEN: $CSRF_TOKEN" \ -H "Cookie: XSRF-TOKEN=$CSRF_TOKEN;" \ -H 'Content-Type: application/json' \ -X PUT http://127.0.0.1:7750/pulsar-manager/users/superuser \ -d '{"name": "test", "password": "apachepulsar", "description": "test", "email": "[email protected]"}' ``` nor is safe to use , it allow two same-name username creation which then crash the login services which expect unique usernames : ``` r 2023-10-24 09:52:05.296 INFO 31 --- [pool-8-thread-1] o.a.p.m.s.impl.BrokerStatsServiceImpl : Start clearing stats from broker 2023-10-24 09:52:14.577 ERROR 31 --- [http-nio-7750-exec-7] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.mybatis.spring.MyBatisSystemException: nested exception is org.apache.ibatis.exceptions.TooManyResultsException: Expected one result (or null) to be returned by selectOne(), but found: 2] with root cause org.apache.ibatis.exceptions.TooManyResultsException: Expected one result (or null) to be returned by selectOne(), but found: 2 at org.apache.ibatis.session.defaults.DefaultSqlSession.selectOne(DefaultSqlSession.java:80) ~[mybatis-3.5.4.jar:3.5.4] at sun.reflect.GeneratedMethodAccessor122.invoke(Unknown Source) ~[na:na] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_342] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_342] at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:426) ~[mybatis-spring-2.0.4.jar:2.0.4] at com.sun.proxy.$Proxy203.selectOne(Unknown Source) ~[na:na] at org.mybatis.spring.SqlSessionTemplate.selectOne(SqlSessionTemplate.java:159) ~[mybatis-spring-2.0.4.jar:2.0.4] at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:87) ~[mybatis-3.5.4.jar:3.5.4] ``` changing username works again , but again if you use the curl twice the error come up again .. during automated setup with timeout and retry functions where a curl that setup the account could hit twice is painful to handle also this problem which require to reset the all users accounts to be able to login again with the same users ( mistakenly duplicated by the endpoint ) those two functions ( user creation and user login ) should be made consistent about "username" uniqueness -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
