Uploaded image for project: 'aaa'
  1. aaa
  2. AAA-120

idmtool doesn't handle invalid user input

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: Magnesium, Sodium SR2, Neon SR3
    • Component/s: General
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • External issue ID:
      8119

      Description

      The existing idmtool doesn't really read the response of the HTTP request it makes. For example, if you do "./idmtool admin change-password xxx", where xxx is an invalid user id. The server returns an error with message "user not found". However, the idmtool doesn't check the message but assuming the userid is correct, so it will throw exception as expected fields are not there:

      bin/idmtool admin change-password user
      Password:
      Traceback (most recent call last):
      File "./idmtool", line 313, in <module>
      change_password(user, password, args.userid[0])
      File "./idmtool", line 228, in change_password
      del existing['salt']
      KeyError: 'salt'

        Attachments

        # Subject Branch Project Status CR V

          Activity

            People

            Assignee:
            gvrangan Venkatrangan
            Reporter:
            kevinxw Kevin Wang
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: