[#AAA-158] Repeated user creation fails with SQL query error

[AAA-158] Repeated user creation fails with SQL query error Created: 25/Jan/18 Updated: 08/Feb/18 Resolved: 08/Feb/18
Status:	Resolved
Project:	aaa
Component/s:	None
Affects Version/s:	Nitrogen-SR1
Fix Version/s:	Nitrogen-SR1

Type:

Bug

Priority:

High

Reporter:

Jan Srnicek

Assignee:

Ryan Goulding

Resolution:

Done

Votes:

Labels:

security

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Description

While attempting to create user that allready exist trough http://localhost:8181/auth/v1/users

following is showed

{ "message": "There was an internal error creating the user", "details": "org.opendaylight.aaa.h2.persistence.StoreException: SQL Exception : org.h2.jdbc.JdbcSQLException: Unique index or primary key violation: \"PRIMARY_KEY_4D ON PUBLIC.USERS(USERID) VALUES ('test_user@xy', 3)\"; SQL statement:\ninsert into users (userid,domainid,name,email,password,description,enabled,salt) values(?,?,?,?,?,?,?,?) [23505-191]" }

This is problem for two reasons

This error is not exactly user friendly, all the user needs to know here is "You are attemtping to create allready existing user"
And the more important, it directly exposes which schema/table contains user credentials.

Comments

Comment by Ryan Goulding [ 07/Feb/18 ]

Fine, fine. It is also open source and the table creation is in plain text and viewable by anyone with a browser . Here is a fix though:

https://git.opendaylight.org/gerrit/#/c/68034/

Generated at Wed Feb 07 19:08:47 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.

[AAA-158] Repeated user creation fails with SQL query error Created: 25/Jan/18 Updated: 08/Feb/18 Resolved: 08/Feb/18