Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-2474

Crowd REST client's isUserNestedGroupMember always returns true for any group if the username is empty ("")

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Medium
    • 2.5.2
    • None
    • None
    • None

    • Embedded Crowd in JIRA Standalone Edition 4.3

    Description

      RestCrowdClient client = ...;
client.isUserNestedGroupMember(username, group);

      always return true for any group, if the username is the empty string "".

      RestCrowdClient client = ...;
assertTrue(client.isUserNestedGroupMember("", "jira-users"));
assertTrue(client.isUserNestedGroupMember("", "non-existing-group"));
assertTrue(client.isUserNestedGroupMember("", "abc"));
...

      This is probably because the Crowd REST API exposes the same URL with and without the username: 

      /group/user/nested?groupname=GROUPNAME   GET  Retrieves the users that are nested members of the specified group	 200 (OK) if the group is found, otherwise 404 (Not Found)	 List of users
/group/user/nested?groupname=GROUPNAME&username=USERNAME  GET  Retrieves the user that is a nested member of the specified group	 200 (OK) if the group and user are found, otherwise 404 (Not Found)

      If the first end point is used when the username is empty, the 200 response with the list of users will be perceived as 200 OK: the user exists.

      Attachments

        Activity

          People

            jwalton joe
            pepoirot Pierre-Etienne Poirot (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: