Issue #4425
closed
It's possible to create a duplicate login if name is different
Description
Hi,
By mistake I've added two users with the same login (oddly Pulp accepted this)
pulp-admin auth user create --login fjorg1 --name anyname1
pulp-admin auth user create --login fjorg1 --name anyname2
and now when I'm trying to remove one them I'm getting the following error message:
pulp-admin auth user delete --login fjorg1
An internal error occurred on the Pulp server:
RequestException: DELETE request
on /pulp/api/v2/users/fjorg1/ failed with 500 - 2 items returned, instead of 1
I have a monolithic installation with the following packages installed:
python-pulp-repoauth-2.18.0-2.el7.noarch
python-pulp-rpm-common-2.18.0-1.el7.noarch
pulp-rpm-plugins-2.18.0-1.el7.noarch
pulp-puppet-tools-2.18.0-1.el7.noarch
pulp-ostree-admin-extensions-1.3.1-1.el7.noarch
python-pulp-deb-common-1.8.0-1.el7.noarch
pulp-docker-plugins-3.2.2-1.el7.noarch
pulp-rpm-admin-extensions-2.18.0-1.el7.noarch
python-pulp-common-2.18.0-2.el7.noarch
python-pulp-oid_validation-2.18.0-2.el7.noarch
python-pulp-python-common-2.0.3-1.el7.noarch
pulp-selinux-2.18.0-2.el7.noarch
pulp-server-2.18.0-2.el7.noarch
pulp-python-plugins-2.0.3-1.el7.noarch
pulp-puppet-admin-extensions-2.18.0-1.el7.noarch
pulp-python-admin-extensions-2.0.3-1.el7.noarch
python-pulp-puppet-common-2.18.0-1.el7.noarch
python-pulp-docker-common-3.2.2-1.el7.noarch
libsolv-0.6.34-2.pulp.el7.x86_64
pulp-deb-plugins-1.8.0-1.el7.noarch
python-pulp-client-lib-2.18.0-2.el7.noarch
pulp-deb-admin-extensions-1.8.0-1.el7.noarch
python-pulp-ostree-common-1.3.1-1.el7.noarch
python2-solv-0.6.34-2.pulp.el7.x86_64
pulp-ostree-plugins-1.3.1-1.el7.noarch
pulp-admin-client-2.18.0-2.el7.noarch
pulp-puppet-plugins-2.18.0-1.el7.noarch
python-pulp-bindings-2.18.0-2.el7.noarch
pulp-docker-admin-extensions-3.2.2-1.el7.noarch
Please, can you help to sort this small issue, which is very important for me because it blocks the user to use the pulp-admin. The user can't login.
Updated by daviddavis about 5 years ago
Thanks for the bug report. Do you have steps on how to produce this error? I tried to create duplicate users but wasn't able to:
$ pulp-admin auth user create --login admin --password tester
A resource with the ID "admin" already exists.
(pulp) [vagrant@pulp2 testrepo]$ pulp-admin -vvvv auth user create --login admin --password tester
2019-02-15 15:49:53,109 - DEBUG - sending POST request to /pulp/api/v2/users/
2019-02-15 15:49:53,243 - INFO - POST request to /pulp/api/v2/users/ with parameters {"login": "admin", "password": "tester", "name": "admin"}
2019-02-15 15:49:53,243 - INFO - Response status : 409
2019-02-15 15:49:53,244 - INFO - Response body :
{
"exception": null,
"traceback": null,
"_href": "/pulp/api/v2/users/",
"resource_id": "admin",
"error_message": "Duplicate resource: admin",
"http_request_method": "POST",
"http_status": 409,
"error": {
"code": "PLP0018",
"data": {
"resource_id": "admin"
},
"description": "Duplicate resource: admin",
"sub_errors": []
}
}
2019-02-15 15:49:53,244 - ERROR - Exception occurred:
href: /pulp/api/v2/users/
method: POST
status: 409
error: Duplicate resource: admin
traceback: None
data: {u'resource_id': u'admin', u'error': {u'code': u'PLP0018', u'data': {u'resource_id': u'admin'}, u'description': u'Duplicate resource: admin', u'sub_errors': []}}
A resource with the ID "admin" already exists.
Updated by daviddavis about 5 years ago
Also, are you using katello or just straight pulp?
Updated by flamarion about 5 years ago
I will update this shortly, I'm on PTO and without access to the environment now.
Some preliminary information:
I'm using Pulp, straight Pulp.
Both users have been added via command pulp-admin, the only difference was the --name parameter.
The first one I've performed the command standalone, to test, the second one was part of a batch where the --login and --name was the same value.
Updated by ipanova@redhat.com about 5 years ago
$ pulp-admin auth user create --login ina --name ina
Warning: path should have mode 0700 because it may contain sensitive information: /home/ipanova/.pulp/
Enter password for user [ina] :
Re-enter password for user [ina]:
Password cannot be empty
Enter password for user [ina] :
Re-enter password for user [ina]:
Passwords do not match
Enter password for user [ina] :
Re-enter password for user [ina]:
User [ina] successfully created
[ipanova@ina pulp_rpm]$ pulp-admin auth user create --login ina --name lala
Warning: path should have mode 0700 because it may contain sensitive information: /home/ipanova/.pulp/
Enter password for user [ina] :
Re-enter password for user [ina]:
User [ina] successfully created
> use pulp_database
switched to db pulp_database
> db.users.find({'login':'ina'})
{ "_id" : ObjectId("5c7014b845ef4860c90098d3"), "login" : "ina", "name" : "lala", "password" : "3sDJdy2Nl9E=,zq95pmfDLDprsLnhpPvRetbRvKc407SiYtj98baRlDY=", "roles" : [ ], "_ns" : "users" }
{ "_id" : ObjectId("5c7014ac45ef4860ca413414"), "login" : "ina", "name" : "ina", "password" : "DQgL9rCTLxQ=,DYFZltiC79LfORURspfA4cwK8xQB0MXLfl5n2BTvCe8=", "roles" : [ ], "_ns" : "users" }
>
[ipanova@ina pulp_rpm]$ pulp-admin auth user delete --login ina
Warning: path should have mode 0700 because it may contain sensitive information: /home/ipanova/.pulp/
An internal error occurred on the Pulp server:
RequestException: DELETE request
on /pulp/api/v2/users/ina/ failed with 500 - 2 items returned, instead of 1
Updated by ttereshc about 5 years ago
- Subject changed from Not possible delete duplicate login to pulp-admin allows to create a duplicate login if name is different
- Description updated (diff)
- Triaged changed from No to Yes
Updated by ttereshc about 5 years ago
- Subject changed from pulp-admin allows to create a duplicate login if name is different to It's possible to create a duplicate login if name is different
Updated by ttereshc about 5 years ago
A source of the problem https://github.com/pulp/pulp/blob/2-master/server/pulp/server/db/model/__init__.py#L1184
Added by ttereshc about 5 years ago
Updated by ttereshc about 5 years ago
- Status changed from NEW to POST
- Sprint set to Sprint 49
Updated by ttereshc about 5 years ago
@flamarion,
The PR in the comment above fixes indexes in the DB, so you can remove a duplicate user manually (see below) and then apply the patch to create a new index.
To remove a duplicated user:
1. Go to the machine where MongoDB is running (or see options for mongo client to connect to a remote host)
2. Find all the duplicated users for your login
$ mongo --eval 'db.users.find({login: "your_login_of_interest"})' pulp_database
3. Remove a user with a specific name
$ mongo --eval 'db.users.remove({login: "your_login_of_interest", name: "name_of_user_to_remove"})' pulp_database
4. On the machine where Pulp is installed and running apply a patch from the PR from the comment above, stop pulp services and run sudo -u apache pulp-manage-db.
If there are no duplicates left, this command will run successfully and the new index will be created.
Alternatively, if you don't want to apply patches, you can create the index manually. On the machine with MongoDB run
$ mongo --eval 'db.users.createIndex({login: 1}, {unique: true, background: false})' pulp_database
Updated by flamarion about 5 years ago
First of all, thank you.
I've applied the index manually and I did manage to remove the duplicated user as well.
mongo --eval 'db.users.find({login: "fjorg1"})' pulp_database
MongoDB shell version v4.0.5
connecting to: mongodb://127.0.0.1:27017/pulp_database?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("83aa4e1f-5d19-411f-a845-aa3f327c684d") }
MongoDB server version: 4.0.5
{ "_id" : ObjectId("5c655d678204e1263792fa0d"), "login" : "fjorg1", "name" : "fjorg1", "password" : "BiRAu2DtSYc=,XSDRI7AN0WUi45RPCcXXiWvSmPpv8IBFuOMTcU/h8SU=", "roles" : [ "super-users" ], "_ns" : "users" }
{ "_id" : ObjectId("5c655af78204e12638d9854b"), "login" : "fjorg1", "name" : "Flamarion Jorge", "password" : "YSwVIg7qJu0=,1GCrJOo3NBOQu37rNfw4uvWYYUdI4p7KGsL3kSjg3Jw=", "roles" : [ "super-users" ], "_ns" : "users" }
mongo --eval 'db.users.remove({login: "fjorg1", name: "fjorg1"})' pulp_database
MongoDB shell version v4.0.5
connecting to: mongodb://127.0.0.1:27017/pulp_database?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("71219f1d-3886-48d3-9672-14d597748210") }
MongoDB server version: 4.0.5
WriteResult({ "nRemoved" : 1 })
mongo --eval 'db.users.createIndex({login: 1}, {unique: true, background: false})' pulp_database
MongoDB shell version v4.0.5
connecting to: mongodb://127.0.0.1:27017/pulp_database?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("ea9583d4-c1d6-49a9-a462-c9f96486e75b") }
MongoDB server version: 4.0.5
{
"createdCollectionAutomatically" : false,
"numIndexesBefore" : 3,
"numIndexesAfter" : 4,
"ok" : 1
}
mongo --eval 'db.users.find({login: "fjorg1"})' pulp_database
MongoDB shell version v4.0.5
connecting to: mongodb://127.0.0.1:27017/pulp_database?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("856d5cb3-cd9a-494f-8e84-7f51c9f60527") }
MongoDB server version: 4.0.5
{ "_id" : ObjectId("5c655af78204e12638d9854b"), "login" : "fjorg1", "name" : "Flamarion Jorge", "password" : "YSwVIg7qJu0=,1GCrJOo3NBOQu37rNfw4uvWYYUdI4p7KGsL3kSjg3Jw=", "roles" : [ "super-users" ], "_ns" : "users" }
Updated by ttereshc about 5 years ago
- Status changed from POST to MODIFIED
Applied in changeset pulp|0afb65cc165172f6ae7d42e88a994b7346c7e3d6.
Updated by ttereshc about 5 years ago
- Sprint/Milestone changed from 2.18.0 to 2.19.0
Updated by ttereshc about 5 years ago
- Status changed from 5 to CLOSED - CURRENTRELEASE
.
Add unique index for login
closes #4425 https://pulp.plan.io/issues/4425