Details
-
Bug
-
Resolution: Fixed
-
Low
-
6.2.7, 7.3.3
-
6.02
-
1
-
Severity 3 - Minor
-
Description
Steps to reproduce:
- Create a user with a certain username (such as dave)
- Change the user's username to dave!
- Add a custom avatar to this user's profile
- Create a new user with the username dave
- After a hard refresh, the avatar for dave! is broken
The reason is because the ViewUserAvatarServlet fetches users by username instead of key:
public class ViewUserAvatarServlet extends AbstractAvatarServlet { @Override protected void defaultDoGet(HttpServletRequest request, HttpServletResponse response, String ownerId, Long avatarId, Avatar.Size size) throws IOException, ServletException { final AvatarService avatarService = ComponentAccessor.getAvatarService(); final ApplicationUser avatarUser = getUserUtil().getUserByName(ownerId); final ApplicationUser remoteUser = getAuthenticationContext().getLoggedInUser(); if (avatarUser != null && remoteUser != null && avatarService.isUsingExternalAvatar(remoteUser, avatarUser)) { redirectToExternalAvatar(response, ownerId, size); return; } super.defaultDoGet(request, response, ownerId, avatarId, size); }
Expected Results
The avatar should display correctly.
Actual Results
The avatar is displayed as a broken image. Attempting to navigate to the avatar directly produces a circular redirect error.
Symptoms:
- The original username appears in the avatar table, and points to the correct avatar. Permissions on the disk are correct for the avatar.
- The original username appears twice in the app_user table - one row contains the value in user_key and the other contains the value in lower_user_name
Example:
id user_key lower_user_name ----- -------- --------------- 10105 dave dave! 10106 ID10106 dave
Workaround
You can attempt to remove the value for the lower_user_name that shares the original username:
- Shut down JIRA
- Perform a database backup
- Delete the row from app_user
- Start JIRA again