Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 3858 by [email protected]: rbt post --username does not
always authenticate properly
https://code.google.com/p/reviewboard/issues/detail?id=3858
*** READ THIS BEFORE POSTING!
***
*** You must complete this form in its entirety, or your bug report will be
*** rejected.
***
*** If you have a security issue to report, please send it confidentially
to
*** [email protected]. Posting security-related issues to this bug
*** tracker causes us to have to do an emergency release.
***
*** For customer support, please post to [email protected]
***
*** If you have a patch, please submit it to
http://reviews.reviewboard.org/
***
*** This bug tracker is public. Please check that any logs or other
information
*** that you include has been stripped of confidential information.
What version are you running?
ReviewBoard 2.0.15
RBtools 0.7.2
What's the URL of the page containing the problem?
NA
What steps will reproduce the problem?
If you already have a valid cookie, you still get prompted for a password,
but you can enter anything and it will be accepted.
Here is an example session that illustrates the problem.
$ rm ~/.rbtools-cookies
$ rbt post --username sallan 824
Please log in to the Review Board server at localhost.
Password: bogus_password
ERROR: Unexpected API Error: The username or password was not correct (HTTP
401, API Error 104)
$ rbt post --username sallan 824
Please log in to the Review Board server at localhost.
Password: correct_password
Generating diff for pending changeset 824
Review request #10 posted.
http://localhost/r/10/
http://localhost/r/10/diff/
$ rbt post --username sallan 824
Please log in to the Review Board server at localhost.
Password: bogus_password
Generating diff for pending changeset 824
Review request #10 posted.
http://localhost/r/10/
http://localhost/r/10/diff/
Note that after I logged in and received a ticket, I still get prompted,
but the bad password is now accepted.
What is the expected output? What do you see instead?
Ideally, I would not get prompted for a password if I already have a valid
cookie. But if I am prompted, I expect a bad password to be rejected.
What operating system are you using? What browser?
CentOS6, Mac
FF, Safari, Chrome
Please provide any additional information below.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/d/optout.
