Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 3858 by seide.al...@gmail.com: rbt post --username does not always authenticate properly
https://code.google.com/p/reviewboard/issues/detail?id=3858

*** READ THIS BEFORE POSTING!
***
*** You must complete this form in its entirety, or your bug report will be
*** rejected.
***
*** If you have a security issue to report, please send it confidentially
to
*** secur...@reviewboard.org. Posting security-related issues to this bug
*** tracker causes us to have to do an emergency release.
***
*** For customer support, please post to reviewbo...@googlegroups.com
***
*** If you have a patch, please submit it to
http://reviews.reviewboard.org/
***
*** This bug tracker is public. Please check that any logs or other
information
*** that you include has been stripped of confidential information.


What version are you running?

ReviewBoard 2.0.15
RBtools 0.7.2


What's the URL of the page containing the problem?

NA

What steps will reproduce the problem?

If you already have a valid cookie, you still get prompted for a password, but you can enter anything and it will be accepted.

Here is an example session that illustrates the problem.

$ rm ~/.rbtools-cookies
$ rbt post --username sallan 824

Please log in to the Review Board server at localhost.
Password: bogus_password
ERROR: Unexpected API Error: The username or password was not correct (HTTP 401, API Error 104)

$ rbt post --username sallan 824

Please log in to the Review Board server at localhost.
Password: correct_password
Generating diff for pending changeset 824
Review request #10 posted.

http://localhost/r/10/
http://localhost/r/10/diff/

$ rbt post --username sallan 824

Please log in to the Review Board server at localhost.
Password: bogus_password
Generating diff for pending changeset 824
Review request #10 posted.

http://localhost/r/10/
http://localhost/r/10/diff/


Note that after I logged in and received a ticket, I still get prompted, but the bad password is now accepted.

What is the expected output? What do you see instead?

Ideally, I would not get prompted for a password if I already have a valid cookie. But if I am prompted, I expect a bad password to be rejected.

What operating system are you using? What browser?

CentOS6, Mac
FF, Safari, Chrome

Please provide any additional information below.


--
You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard-issues+unsubscr...@googlegroups.com.
To post to this group, send email to reviewboard-issues@googlegroups.com.
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/d/optout.

Reply via email to