4929: Bug in list users API

kosta

What version are you running?

4.0.1

What's the URL of the page containing the problem?

reviewboard_address/api/users/

What steps will reproduce the problem?

  1. Once the API is quried with start + max-results > users count, an error 500 is returned from the server.
    So basically there is no way to fetch the last piece of the users list.

  2. When making paginated calls to list all, you will get the error as well-

...

rbt api-get reviewboard_address/api/users/ --start=50 --max-results=25

returned ok response with the following next link-

"next": {"href": "reviewboard_address/api/users/?start=75&max-results=25", "method": "GET"}


Calling next gives- 

rbt api-get reviewboard_address/api/users/ --start=75 --max-results=25

ERROR: Could not retrieve the requested resource: HTTP 500

What is the expected output? What do you see instead?

Should be able to list all users

What operating system are you using? What browser?

Ubuntu 18, Chrome

Please provide any additional information below.

chipx86
#1 chipx86

I'm not able to reproduce this. Are you an admin on the server? If so, can you get me a copy of the backtrace from the reviewboard.log file?

  • -New
    +NeedInfo
#2 kosta

Thanks for looking into this matter,
I was able to figure out the root cause for this issue, had a username with unsupported characters.

I am unable to figure out how to prevent users from adding such usernames by accident.
I.e., when publishing a review request, if by mistake one adds a non existing username in the people field, this username is automatically added as a new user. Is this a bug? is there a way to prevent this matter?

chipx86
#3 chipx86

Interesting. That should only be able to happen when Review Board is connected to LDAP or Active Directory. If an unknown user is referenced on a review request, Review Board will ask the LDAP/AD server if it's aware of the user. If the server says it is, Review Board creates a local entry. Sounds like that's what's happening, for some reason.

Are you using LDAP/AD? If so, is that username present in it?

Can you show me what the invalid characters are?

#4 kosta

Hello,

I was looking into this issue some more, as it constantly created more and more users following typos.

So we are using HTTP Digest authentication method.
Steps to reproduce,

  1. In a review request, unders reviewers/people, enter a non-existing username.
  2. Click "OK" to close the edit box.
  3. The non-existing username is added as a reviewboard user, despite the fact that this username does not exist in the server's .htpasswd file.

Thanks,
Kosta.

#5 kosta

Hi,

Could somebody please assist with this matter?

david
#6 david

This is an issue with the HTTP Digest backend. We should be able to get a fix in soon.

david
#7 david
  • -NeedInfo
    +Confirmed
  • +EasyFix