[FE-5364] 2LOi requests made from an application that has the username in a different case than FishEye/Crucible aren't authenticated properly even if 'force lowercase' is set

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 3.8.1, 3.9.0
Affects Version/s: 2.2.0, 3.6.4
Component/s: None
Labels:
- oauth
- pse-request
- sal

Bug Fix Policy:
View Atlassian Server bug fix policy

The implementation of com.atlassian.sal.api.user.UserManager#resolve, doesn't consider the 'force lowercase'
setting when processing the username provided in the 2LO request. This will cause the request to continue being processed as anonymous (as the 2lo validation succeeds, but it didn't have a valid username).

This potentially affects other auth methods that try to resolve a username (like trusted apps). 3LO is not affected, as the exact-cased username is stored with the 3LO token when creating the token.

Effects of this might include requests made from other applications with such a configuration to be treated as anonymous requests, and show incomplete or no data, depending on the request type and Fisheye's configuration.

A workaround is to use 3-legged OAuth for such configurations.

Testing discovered

CRUC-6968 Review keys in review title get wrongly shown on JIRA issues matching a substring of the key

Closed

Discovered while testing: JSP-202595 You do not have permission to view this issue

mentioned in: Page Failed to load; Page Failed to load

Owen made changes - 16/Oct/2018 8:16 AM

Workflow

Original: FE-CRUC Bug Workflow [ 2944774 ]

New: JAC Bug Workflow v3 [ 2958812 ]

Owen made changes - 16/Oct/2018 4:43 AM

Workflow

Original: FECRU Development Workflow - Triage - Restricted [ 1518241 ]

New: FE-CRUC Bug Workflow [ 2944774 ]

Owen made changes - 07/Jul/2016 6:38 AM

Workflow

Original: FECRU Development Workflow - Triage [ 944963 ]

New: FECRU Development Workflow - Triage - Restricted [ 1518241 ]

Yit Wei made changes - 26/Jan/2016 7:25 AM

Affects Version/s

New: 3.6.4 [ 50800 ]

Piotr Swiecicki made changes - 17/Aug/2015 1:42 PM

Workflow

Original: FECRU Development Workflow (Triage) [ 751930 ]

New: FECRU Development Workflow - Triage [ 944963 ]

Antonio Cerezo Iglesias added a comment - 16/Jun/2015 2:21 PM

Great news! Thank you for the update!

For now we've applied the suggested workaround and it works.

Thanks and regards,
Antonio

Antonio Cerezo Iglesias added a comment - 16/Jun/2015 2:21 PM Great news! Thank you for the update! For now we've applied the suggested workaround and it works. Thanks and regards, Antonio

Lukasz Pater made changes - 16/Jun/2015 12:14 PM

Story Points

New: 2

Lukasz Pater made changes - 16/Jun/2015 12:13 PM

Sprint

Original: 3.9-bug-anihilation [ 2271 ]

New: 3.9-m4 [ 2216 ]

Lukasz Pater made changes - 16/Jun/2015 12:13 PM

Resolution		New: Fixed [ 1 ]
Status	Original: Quality Review [ 10029 ]	New: Closed [ 6 ]

Lukasz Pater added a comment - 16/Jun/2015 12:13 PM

This will be included in the upcoming 3.8.1 release

Lukasz Pater added a comment - 16/Jun/2015 12:13 PM This will be included in the upcoming 3.8.1 release

Assignee:: Lukasz Pater

Reporter:: Lukasz Pater

Affected customers:: 2 This affects my team

Watchers:: 7 Start watching this issue

Created:: 16/Oct/2014 11:00 AM

Updated:: 26/Jan/2016 7:41 AM

Resolved:: 16/Jun/2015 12:13 PM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Antonio Cerezo Iglesias added a comment - 16/Jun/2015 2:21 PM

Expand comment: Antonio Cerezo Iglesias added a comment - 16/Jun/2015 2:21 PM

Collapse comment: Lukasz Pater added a comment - 16/Jun/2015 12:13 PM

Expand comment: Lukasz Pater added a comment - 16/Jun/2015 12:13 PM

People

Dates