[jira] [Closed] (JAMES-3948) Authorized users listed as users

Fri, 27 Oct 2023 01:14:07 -0700 


     [ 
https://issues.apache.org/jira/browse/JAMES-3948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Benoit Tellier closed JAMES-3948.
---------------------------------
    Resolution: Fixed

> Authorized users listed as users
> --------------------------------
>
>                 Key: JAMES-3948
>                 URL: https://issues.apache.org/jira/browse/JAMES-3948
>             Project: James Server
>          Issue Type: Bug
>          Components: cassandra, data
>    Affects Versions: 3.8.0, 3.8.1
>            Reporter: Benoit Tellier
>            Priority: Major
>             Fix For: 3.9.0
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Authorized users, even when they do not correspond as an existing user (which 
> makes sense to manage accesses using external authentication like OIDC or 
> certificates) are none the less listed in active users, which should not be 
> the case.
> {code:java}
> $ curl -XGET http://172.19.0.7:8000/users
> []
> $ docker exec -ti james james-cli adduser bob@localhost 123456
> AddUser command executed sucessfully in 545 ms.
> $ curl -XGET http://172.19.0.7:8000/users
> [{"username":"bob@localhost"}]
> $ docker exec -ti james james-cli adduser alice@localhost 123456
> AddUser command executed sucessfully in 314 ms.
> $ curl -XGET http://172.19.0.7:8000/users
> [{"username":"bob@localhost"},{"username":"alice@localhost"}]hp@hp-HP-ProBook-440-G5:~/Documents/james-project/server/apps/distributed-app$
>  
> $ 
> $ curl -XPUT 
> http://172.19.0.7:8000/users/bob@localhost/authorizedUsers/virtual
> $ curl -XGET http://172.19.0.7:8000/users/bob@localhost/authorizedUsers
> ["virtual"]
> $ curl -XGET http://172.19.0.7:8000/users
> [{"username":"bob@localhost"},{"username":"alice@localhost"},{"username":"virtual"}]
> {code}
> This is because a row tracking the delegations the user have access to is 
> included even if the user do not exist, creating a partial user raw tricking 
> James into thinking the user exist.
> Definition of done: unit test reproducing the issue that should be eventually 
> fixed.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to