Details
-
Bug
-
Resolution: Fixed
-
Low
-
4.2.2, 4.3
-
1
-
Description
The fix for CONF-22553 prevents the user search failing if usernames have been retrieved from the search index which don't exist in an Embedded Crowd directory (cache, cwd_user) anymore.
The bug manifests as
java.lang.NullPointerException at com.atlassian.confluence.plugins.rest.entities.builders.PersonalInformationContentEntityBuilder.setThumbnailLink(PersonalInformationContentEntityBuilder.java:47) at com.atlassian.confluence.plugins.rest.entities.builders.PersonalInformationContentEntityBuilder.setUserProperties(PersonalInformationContentEntityBuilder.java:91) at com.atlassian.confluence.plugins.rest.entities.builders.PersonalInformationContentEntityBuilder.build(PersonalInformationContentEntityBuilder.java:84) at com.atlassian.confluence.plugins.rest.service.DefaultRestSearchService.toSearchResultEntity(DefaultRestSearchService.java:218) at com.atlassian.confluence.plugins.rest.service.DefaultRestSearchService.makeSearchResultsEntityList(DefaultRestSearchService.java:190) at com.atlassian.confluence.plugins.rest.service.DefaultRestSearchService.userSearch(DefaultRestSearchService.java:61) at com.atlassian.confluence.plugins.rest.resources.SearchService.doUserSearch(SearchService.java:187)
and was caused by CONF-25470.
The fix was to put the following check into com.atlassian.confluence.plugins.rest.entities.builders.PersonalInformationContentEntityBuilder.setThumbnailLink(ContentEntity, String):
User user = userAccessor.getUser(username); if (user == null) { user = new UnknownUser(username); } contentEntity.setTitle(user.getFullName());
This approach is unsatisfactory, as it will return users which are irrelevant for the search (see unknown-user.png).
One does not want to share a page with a non-existent user, and also not with a user who does not have use permission (unless you want him to send an invite URL).
Imo we should not perform a search for users in that context on the search index. The point being is that the database is the source of truth, and the index could potentially be out of sync anyway. For a user search, the relevant columns are lower_user_name, lower_display_name, lower_email_address, lower_first_name and lower_last_name in the cwd_user table. All of these columns have indices (see cwd_user-indices.png). This information should probably be joined/scoped to users who have use permission for Confluence and view permission for the page to share in question (probably better to select them as well but tell the reason why sharing a page with them would not make sense).
Attachments
Issue Links
- is caused by
-
CONFSERVER-22553 Confluence share page feature tries to autocomplete username to LDAP users who no longer exist
- Closed
- relates to
-
CONFSERVER-36574 mentions - a bit slow and inaccurate
- Closed