[MAGNOLIA-3134] User with same User Name can be created Created: 16/Mar/10  Updated: 09/May/13  Resolved: 23/Nov/12

Status: Closed
Project: Magnolia
Component/s: admininterface
Affects Version/s: 4.2, 4.2.1, 4.2.2, 4.2.3, 4.5.6
Fix Version/s: 4.5.7

Type: Bug Priority: Major
Reporter: Benoit Segaert Assignee: Jaroslav Simak
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
is cloned by MAGNOLIA-4650 CLONE - User with same User Name can ... Closed
is cloned by MGNLPUR-75 CLONE - User with same User Name can ... Closed
causality
is causing MAGNOLIA-4881 Can't create user in admin realm when... Closed
relation
is related to DOCU-418 New property allowCrossRealmDuplicate... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

With the current folder structure, it is now possible to create a user with same User Name.
Consequent, it will not be possible to login anymore with these users.

The check is only done in the current folder.

How to reproduce:

  • Create a folder A
  • Create a user "test" on this folder
  • Create a new folder B
  • create a user "test" on this folder. The user can be created and should be "test0".
  • Create a user "test" in root. The user can be created and should be "test0"


 Comments   
Comment by Magnolia International [ 16/Mar/10 ]

I assuming you meant to select 4.3 Beta 1 instead of 4.2 for the affected version ?

Comment by Benoit Segaert [ 17/Mar/10 ]

My version is 4.2.3.
In the info.magnolia.module.admininterface.trees.UserTreeConfiguration (user interface), the "new" menu calls .createNode()

ContextMenuItem menuNew = new ContextMenuItem("new");
menuNew.setLabel(msgs.get("tree.users.menu.new")); //$NON-NLS-1$
menuNew.setIcon(request.getContextPath() + "/.resources/icons/16/pawn_glass_yellow_add.gif"); //$NON-NLS-1$
menuNew.setOnclick(tree.getJavascriptTree() + ".createNode('" //$NON-NLS-1$
+ ItemType.USER.getSystemName()
+ "');");

This function calls a method that check only the name on the same level of the user repository.

Should we create a new function that can validate the user name through the whole repository?

Comment by Benoit Segaert [ 19/Mar/10 ]

It seems that you deployed 2 different versions of the 4.2.3 because the last version (last week) and 1 or 2 months ago is not the same.
So Yes, it is more for version 4.3 unless it exists now in version 4.2.3.

Comment by Magnolia International [ 19/Mar/10 ]

BenoƮt, creating folders has never been possible for users in any 4.2.x versions we released.
This has been introduced in 4.3, since the beta-1.

Nevertheless, it is indeed an issue with 4.3, which we'll hopefully fix in an upcoming bugfix release.

Comment by Jan Haderka [ 09/Nov/12 ]

port to master and 4.4 is missing.

Comment by Jan Haderka [ 09/Nov/12 ]

Not sure how this didn't make checkstyle fail on hudson, but copyright header is missing as well. And since the log var is not used in there, it pbly should not be defined in this supposedly new class at all.

And unless I'm mistaken creation of duplicate by copying node into different folder is not covered either.

Comment by Jan Haderka [ 09/Nov/12 ]

Last but not least. Covering the case where admin tree creates node w/ same name is just one problem. Another one is that MgnlUserManager.validateUsername() doesn't check for users w/ same name.

Comment by Jan Haderka [ 21/Nov/12 ]

UserManager.getUser(String) can throw UnsupportedOperationException your code should not fail in such case. You should perhaps just log a warning that you can't perform user check and continue as if there was no duplicate.

Generated at Mon Feb 12 03:43:31 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.