Fixed HTTP Digest backend unauthenticated user being added as reviewer issue- Bug-4929

 






 

 


  Review Request #11980
  —
  Created Jan. 22, 2022 and updated  — Latest diff uploaded 

 


















 

  

   Information

  





 
 

  sheenaNg
 









 
 

  Review Board
 









 
 

  release-4.0.x
 









 
 

  
 









 
 

  
 






 




 

  

   Reviewers

  





 
 

  reviewboard
 









 
 

  
 






 








 





  


 
 

  
Currently, non-existing username is allowed to be added as a reviewer in Review Board review request even though the username does not exist in the HTTP Digest .htpasswd file. 

The fix involves creating a new helper function that checks if the username is found in the .htpasswd file and have both the authenticate and get_or_create_user functions call this helper function. It will not create a user if the username is not found, and hence it will not allow non-existing username to be added as a reviewer.

 








  


 
 

  
Added a test suite for the HTTPDigestBackend class that covers the three methods in the class.


As for manual checking, I attached a couple of files to show the output on the review request.

The first screenshot shows error when adding non-exsiting user as a reviewer. 

The second screenshot shows that an existing user is added as a reviewer successfully. 

The third screenshot shows all the users I have on the list.

 







 









 





  








 




 







   

    
    
Diff Revision 6


This is not the most recent revision of the diff. The latest diff is revision 7. See what's changed.

    

 

 

 

 
orig
1
2
3
4
5
6
7

 



    


    

      
Commits

      

 

 

  
   First
   Last
  
  Summary
  ID
  Author
 



 
  
   
  
  
   
  
 
 
  
   
    
Fixed HTTP Digest backend unauthenticated user being added as reviewer issue

   
  		
  d13eacca0a862c1e23fa36110fc74e98c33b7978
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Removed commented-out code

   
  		
  56e8ccaaa2f9c367f53fd7349c3c16e7bb9f9b53
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Fixed styling issues

   
  		
  e2ea3e38d38548a6f869ef16a48466dac8cfd862
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    

     Changed the argument name to match what
     
is used in the method definition

    

   
  		
  7cb6fc6f995d4609066500d96e293487c5eda816
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Changed method name

   
  		
  a076a4b7ac8d58361c7ab1c96886a2cc59cad47d
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Added docstrings to htpasswd_get_user method

   
  		
  01fa738db6f34ec5b875a66896be9866d2e982c4
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Deleted unecessary text in docstrings

   
  		
  b9c005b75065fabe4c4ee4133c603a76f376a240
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Added unit test suite for HTTPDigestBackend class

   
  		
  381c2575d9abaeeab18a9e873b6fb4bca912bf2f
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Fixed over-indented linting issue

   
  		
  ba6b5d054bde6c084726791dd29abb96529fb716
  sng06
 




    


    
    

   

  

 









 

  

   
    

     
      
      reviewboard/accounts/backends/http_digest.py
     
    

   
  

 



 

  

   
    

     
      
      reviewboard/accounts/tests/test_http_digest_auth_backend.py
     
    

   
  

 










     

    

   

  

  

   
   Loading...