Issue #761
Updated by bmbouter about 9 years ago
redux of comments: The fix for this should be to disallow the user search from being created in the API, and adding a doc note in the "authentication section":http://pulp.readthedocs.org/en/latest/user-guide/admin-client/authentication.html#users about 'search' being disallowed as a username. I think having the API error is enough, the bindings and CLI should just show that error as a normal server side Pulp error.
Original report from rbarlow:
I noticed that we have a problem with our REST interface's URL structure. In our urls.py, the following two lines are present:
<pre>
<code class="python">
url(r'^v2/users/search/$', users.UserSearchView.as_view(),
name='user_search'),
url(r'^v2/users/(?P<login>[^/]+)/$', users.UserResourceView.as_view(), name='user_resource')
</code>
</pre>
If there were a user named "search", it would be impossible to retrieve that user because the first URL would match and it would be assumed that the REST call was requesting a search, rather than a user named "search".
However, I did not see anything in our user creation code preventing a user named "search" from being created. However, I was unable to test this, due to #760.
.