New and Improved 3.13 Beta. Highlights: Shareable filters and dashboards and lots of other goodies. Any feedback can be raised as JIRA issues in the JIRA project.
Issue Details (XML | Word | Printable)

Key: CONF-9117
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Matthew Jensen [Atlassian]
Reporter: Gary Weaver
Votes: 1
Watchers: 2
Operations

If you were logged in you would be able to see more operations.
Confluence

Confluence API supports adding user with null password, but users will null passwords produce NullPointerException when using the osuser to atlassian-user migration utility jsp

Created: 07/Aug/07 08:42 AM   Updated: 02/Oct/07 07:21 PM
Component/s: Users & Groups
Affects Version/s: 2.5.4
Fix Version/s: 2.5.8, 2.6.0, 2.7

Time Tracking:
Not Specified

Environment: Confluence 2.5.4 massive, Java 1.5, Linux
Issue Links:
Reference
 

Participants: Gary Weaver, Matt Ryall [Atlassian] and Matthew Jensen [Atlassian]
Since last comment: 51 weeks, 2 days ago
Resolution Date: 02/Oct/07 07:21 PM
Labels:


 Description  « Hide
In https://support.atlassian.com/browse/CSP-10738 it was stated that the solution for the NullPointerException when migrating users with null passwords from osuser to atlassian-user was to populate the password field with some arbitrary value. The reason those users had null passwords, is that the confluence API allows them to be created with null passwords, so this is definitely a bug in the migration utility, because the migration utility must be able to migrate users that were created with the confluence API (specifically com.atlassian.user.UserManager in this case, but am pretty sure userAccessor in user-atlassian API also lets you create users without a password).

Support issue relating to bug: https://support.atlassian.com/browse/CSP-10738

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Matt Ryall [Atlassian] added a comment - 03/Sep/07 05:53 PM
The following workaround has been tested and applied successfully in a situation where the user's password field isn't used (such as with a custom authenticator).

Sample SQL for this fix is:

UPDATE os_user SET passwd = 'something' WHERE passwd IS NULL

This fix assumes that your authenticator doesn't care at all what is in the passwd column. Since the value of this column (passwd) is a hash, if you put in a non-hash value like "apple", it will likely not match any password, even if the authenticator got switched back to the default.


[ Permlink | « Hide ]
Gary Weaver added a comment - 04/Sep/07 08:22 AM
Understood and fix applied previously, thanks!

The reason for this ticket was to make sure that this gets fixed in the migration utility. It shouldn't NPE on this, because null passwords are allowed both in the old osuser schema and in atlassian-user and creation of users with null passwords is supported by the Confluence atlassian-user API.
Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13_beta1-#328) - Bug/feature request - Atlassian news - Contact Administrators