Fixed HTTP Digest backend unauthenticated user being added as reviewer issue- Bug-4929
Review Request #11980 — Created Jan. 22, 2022 and updated — Latest diff uploaded
Currently, non-existing username is allowed to be added as a reviewer in Review Board review request even though the username does not exist in the HTTP Digest .htpasswd file.
The fix involves creating a new helper function that checks if the username is found in the .htpasswd file and have both the authenticate and get_or_create_user functions call this helper function. It will not create a user if the username is not found, and hence it will not allow non-existing username to be added as a reviewer.
Added a test suite for the HTTPDigestBackend class that covers the three methods in the class.
As for manual checking, I attached a couple of files to show the output on the review request.
The first screenshot shows error when adding non-exsiting user as a reviewer.
The second screenshot shows that an existing user is added as a reviewer successfully.
The third screenshot shows all the users I have on the list.