Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
5.1.7, 5.2, 6.1.5, 6.3.15, 6.4.5, 6.4.11, 7.0.0, 7.6.6, 7.6.7
-
5.01
-
25
-
Severity 3 - Minor
-
2
-
Description
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
Summary
There are a few constants that are used for user searching. E.g. current user, no reporter, unassigned ...
If a user uses these as a username, weird things happen like, searching for an issue reported by a user with the username "issue_current_user" shows all issues reported by the current user.
Steps to Reproduce
- Start JIRA
- Create user with username unassigned
Expected Results
JIRA will deny creating invalid username.
Actual Results
JIRA accepts invalid username and this leads to JQL search issues. Also it affects the Agile boards, instead of displaying no icon for unassigned issues, a generic avatar icon is displayed with an "U" and the "workload by assignee" pop-up in scrum plan mode also shows unassigned twice.
Notes
The constants we should avoid are:
public static final String ISSUE_UNASSIGNED = "unassigned"; public static final String ISSUE_NO_AUTHOR = "issue_no_reporter"; public static final String ISSUE_CURRENT_USER = "issue_current_user"; public static final String SPECIFIC_USER = "specificuser"; public static final String SPECIFIC_GROUP = "specificgroup";
We should at least put a check in to ensure people do not create users with these usernames.
Workaround
Important: Please validate these changes in a test environment first to ensure that they perform well. Please back-up your DB before doing changes.
Steps to fix unassigned should like this (please change accordingly for other username):
- Using Jira user Manager find "unassigned" user and rename it to 'unassigned-old' - problem still exists at this stage
- Shutdown JIRA
- Updated app_user table and modify 'unassigned-old' record - problem doesn't exists at this stage
- Check unassigned record:
select * from app_user where user_key ~ 'unassigned'; id | user_key | lower_user_name ---------------------------------- 10178 | unassigned | unassigned-old
- Update user_key
update app_user set user_key = 'unassigned-old' where id = 10178;
- Check unassigned record:
- Updated jiraissue table and set:
- assignee" to "NULL" where "assignee" is "unassigned"
- reporter" to "NULL" where "reporter" is "unassigned"
- creator" to "NULL" where "creator" is "unassigned"
update jiraissue set assignee = NULL where assignee = 'unassigned'; update jiraissue set creator = NULL where assignee = 'unassigned'; update jiraissue set reporter = NULL where assignee = 'unassigned';
- Check projectroleactor and project tables for traces of unassigned:
select * from projectroleactor where roletypeparameter = 'unassigned'; select * from project where lead = 'unassigned';
- Start Jira
- Delete renamed 'unassigned-old' user
- Do full re-index
Attachments
Issue Links
- is duplicated by
-
JRASERVER-30639 Prevent JIRA to create an user account called "unassigned"
- Closed
- relates to
-
JRASERVER-33651 CSV Import external projects creates JIRA-system-defined entities "Unassigned" (User) and "Unresolved" (Resolution)
- Closed
-
JRACLOUD-15923 Users can have usernames that cause weird things to happen
- Closed
-
JRASERVER-69516 Creating a user named "Unassigned" causes issue assignees to be mixed up
- Gathering Impact
- causes
-
PS-25024 Loading...