Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-9257

Cockpit: User operation log view breaks with non-case-sensitive login

    Details

    • Type: Bug Report
    • Status: Closed
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: 7.10.0-alpha3
    • Fix Version/s: 7.10.0, 7.9.5, 7.10.0-alpha4
    • Component/s: webapp
    • Labels:
      None

      Description

      Context:

      • When using LDAP (at least in some setups), the user name is not treated as case-sensitive when making a user query, i.e. user names demo and DEMO both identify the same user
      • When making an LDAP user query, the result contains the actual case-correct user id, i.e. either demo or DEMO (or deMO or whatever)

      Problem description

      1. The actual user id is demo
      2. I log into Cockpit with user name DEMO
      3. I create user operation logs as that user => persisted user id is DEMO
      4. I switch to the user operation log view
      5. Cockpit cannot display the user operation log and creates a Javascript exception

      Problem explanation:

      • Cockpit raises an exception in the user operation log view, because for each operation log entry it fetches the user and (correctly) assumes that the user ids of that response and the id in the log entry match (case-sensitive)

      Expected behavior:

      • User operation logs should not be created with the user name that was used for log in (here DEMO), but with the actual user name provided by the user datasource (here demo)
      • This id should be stored in the session and used for IdentityService#setAuthenticatedUser etc.

      Side notes:

      • There is a related problem with authorizations: If I create authorizations for user demo in the above scenario, then these authorizations have no effect if the user decides to log using DEMO

        Issue Links

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              michael.schoettes Michael Schoettes
              Reporter:
              thorben.lindhauer Thorben Lindhauer
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development