Fixed HTTP Digest backend unauthenticated user being added as reviewer issue- Bug-4929

 






 

 


  Review Request #11980
  —
  Created Jan. 22, 2022 and updated  — Latest diff uploaded 

 


















 

  

   Information

  





 
 

  sheenaNg
 









 
 

  Review Board
 









 
 

  release-4.0.x
 









 
 

  
 









 
 

  
 






 




 

  

   Reviewers

  





 
 

  reviewboard
 









 
 

  
 






 








 





  


 
 

  
Currently, non-existing username is allowed to be added as a reviewer in Review Board review request even though the username does not exist in the HTTP Digest .htpasswd file. 

The fix involves creating a new helper function that checks if the username is found in the .htpasswd file and have both the authenticate and get_or_create_user functions call this helper function. It will not create a user if the username is not found, and hence it will not allow non-existing username to be added as a reviewer.

 








  


 
 

  
Added a test suite for the HTTPDigestBackend class that covers the three methods in the class.


As for manual checking, I attached a couple of files to show the output on the review request.

The first screenshot shows error when adding non-exsiting user as a reviewer. 

The second screenshot shows that an existing user is added as a reviewer successfully. 

The third screenshot shows all the users I have on the list.

 







 









 





  








 




 







   

    
    
Diff Revision 7 (Latest)



    

 

 

 

 
orig
1
2
3
4
5
6
7

 



    


    

      
Commits

      

 

 

  
   First
   Last
  
  Summary
  ID
  Author
 



 
  
   
  
  
   
  
 
 
  
   
    
Fixed HTTP Digest backend unauthenticated user being added as reviewer issue

   
  		
  d3f72f29b4240371814453c4871c6b4222765b9f
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Removed commented-out code

   
  		
  e94f5aaafab924bb77e19a0d9e5fe7dbd040698f
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Fixed styling issues

   
  		
  22357e51b94a85c0140cc1deb396a0d7451e21d4
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    

     Changed the argument name to match what
     
is used in the method definition

    

   
  		
  ee394285fea704e661d3bf31d5c6e46cfc27c7d7
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Changed method name

   
  		
  f9b8b3d225be7264488ef766d7a05f98545510ac
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Added docstrings to htpasswd_get_user method

   
  		
  9090a5b60a84f135d00d8dfc6528025c6daae068
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Deleted unecessary text in docstrings

   
  		
  53eb03ab994f835fc785b4247d3e1ffbcd3488de
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Added unit test suite for HTTPDigestBackend class

   
  		
  e0266bb57abd53ec55051eb42ab936c478b2d94e
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Fixed over-indented linting issue

   
  		
  48f095c6203d7c074de8ac61498efb922be7c1d0
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Addressed code review feedback

   
  		
  b7239042929242c264824f95dfd3cdcdbc1eafd9
  sng06
 


 
  
   
  
  
   
  
 
 
  
   
    
Changed the htpassword_user_info type to dict in the method parameter

   
  		
  12be423a6edd6f4869f4fbf748dc7d317137bf84
  sng06
 




    


    
    

   

  

 









 

  

   
    

     
      
      reviewboard/accounts/backends/http_digest.py
     
    

   
  

 



 

  

   
    

     
      
      reviewboard/accounts/tests/test_http_digest_auth_backend.py
     
    

   
  

 










     

    

   

  

  

   
   Loading...