/graylog2-server

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add user role name with slash "/" #3569

Closed
crazydavidoff opened this Issue Mar 6, 2017 · 0 comments

Comments

Assignees

@dennisoelkers dennisoelkers

Labels
Projects
None yet
Milestone
  2.2.3
4 participants
@crazydavidoff @joschi @dennisoelkers @jalogisch
@crazydavidoff

crazydavidoff commented Mar 6, 2017
edited by jalogisch

If add user role name with "/" you cannot delete it.

Expected Behavior

Current Behavior

There was an error fetching a resource: cannot GET http://172.16.20.58:9000/api/roles/%20Stream/Dashboard%20Editor/members (404). Additional information: HTTP 404 Not Found

t @ plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.3256fc68b6ac83634199.js:1
plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.3256fc68b6ac83634199.js:55 Unhandled rejection Error: cannot GET http://172.16.20.58:9000/api/roles/%20Stream/Dashboard%20Editor/members (404)
    at new t (http://example.com/assets/plugin/org.graylog.plugins.pipelineprocessor.Pr…s.pipelineprocessor.PipelineProcessorPlugin.3256fc68b6ac83634199.js:1:2770)
    at http://example.com/assets/plugin/org.graylog.plugins.pipelineprocessor.Pr…s.pipelineprocessor.PipelineProcessorPlugin.3256fc68b6ac83634199.js:1:4196
From previous event:
    at h.r.then (http://example.com/assets/plugin/org.graylog.plugins.pipelineprocessor.Pr…ipelineprocessor.PipelineProcessorPlugin.3256fc68b6ac83634199.js:257:20641)
    at e.value (http://example.com/assets/plugin/org.graylog.plugins.pipelineprocessor.Pr…s.pipelineprocessor.PipelineProcessorPlugin.3256fc68b6ac83634199.js:1:3714)
    at i (http://example.com/assets/plugin/org.graylog.plugins.pipelineprocessor.Pr…s.pipelineprocessor.PipelineProcessorPlugin.3256fc68b6ac83634199.js:1:1711)
    at s (http://example.com/assets/plugin/org.graylog.plugins.pipelineprocessor.Pr…s.pipelineprocessor.PipelineProcessorPlugin.3256fc68b6ac83634199.js:1:1782)
    at Object.getMembers (http://example.com/assets/plugin/org.graylog.plugins.pipelineprocessor.Pr…ipelineprocessor.PipelineProcessorPlugin.3256fc68b6ac83634199.js:143:20338)
    at n._deleteRole (http://example.com/assets/38.38.037df0c3d824b82fe316.js:1:9159)
    at onClick (http://example.com/assets/38.38.037df0c3d824b82fe316.js:1:7245)
    at Object.r.invokeGuardedCallback (http://example.com/assets/vendor.js:29:11002)
    at i (http://example.com/assets/vendor.js:33:26673)
    at Object.s [as executeDispatchesInOrder] (http://example.com/assets/vendor.js:33:26920)
    at f (http://example.com/assets/vendor.js:8:11906)
    at M (http://example.com/assets/vendor.js:8:12032)
    at Array.forEach (native)
    at n (http://example.com/assets/vendor.js:29:18772)
    at Object.processEventQueue (http://example.com/assets/vendor.js:8:13329)
    at o (http://example.com/assets/vendor.js:35:7775)
    at Object.handleTopLevel [as _handleTopLevel] (http://example.com/assets/vendor.js:35:7880)
    at i (http://example.com/assets/vendor.js:35:8329)
    at a (http://example.com/assets/vendor.js:35:8143)
    at o.perform (http://example.com/assets/vendor.js:8:25971)
    at Object.batchedUpdates (http://example.com/assets/vendor.js:29:4842)
    at Object.a [as batchedUpdates] (http://example.com/assets/vendor.js:7:19906)
    at dispatchEvent (http://example.com/assets/vendor.js:35:9220)
O @ plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.3256fc68b6ac83634199.js:55

Possible Solution

Steps to Reproduce (for bugs)

Context

Your Environment

  • Graylog Version:2.2.1
  • Elasticsearch Version: 2.4.4
  • MongoDB Version: 3.4
  • Operating System:
  • Browser version: Chrome

@joschi joschi added the bug label Mar 6, 2017

@dennisoelkers dennisoelkers self-assigned this Mar 6, 2017

dennisoelkers added a commit that referenced this issue Mar 6, 2017

@dennisoelkers
Escaping username component to allow usernames with slash. 
Fixes #3569.
Verified
This commit was signed with a verified signature.
@dennisoelkers dennisoelkers Dennis Oelkers
GPG key ID: 26B2C114209DC497 Learn about signing commits
Loading status checks…
e14a89f

@dennisoelkers dennisoelkers referenced this issue Mar 6, 2017

Merged

Escaping username/roles parameters to allow usernames/roles with special characters. #3570

3 of 9 tasks complete

@dennisoelkers dennisoelkers added the in progress label Mar 6, 2017

@jalogisch jalogisch added the triaged label Mar 6, 2017

dennisoelkers added a commit that referenced this issue Mar 7, 2017

@dennisoelkers
Escaping username component to allow usernames with slash. 
Fixes #3569.
Verified
This commit was signed with a verified signature.
@dennisoelkers dennisoelkers Dennis Oelkers
GPG key ID: 26B2C114209DC497 Learn about signing commits
03dd11f

@joschi joschi closed this in #3570 Mar 7, 2017

joschi added a commit that referenced this issue Mar 7, 2017

@dennisoelkers @joschi
Properly escape username/roles in web interface (#3570) 
* Escaping username component to allow usernames with slash.
* Allowing to handle deletion/updates of roles with special characters.
* Allowing editing/updating/deleting users with special characters in name
* Using proper route methods, escaping username in CurrentUserStore.

Fixes #3569
Loading status checks…
34446c2

@joschi joschi removed the in progress label Mar 7, 2017

dennisoelkers added a commit that referenced this issue Mar 7, 2017

@dennisoelkers
Properly escape username/roles in web interface (#3570) 
* Escaping username component to allow usernames with slash.
* Allowing to handle deletion/updates of roles with special characters.
* Allowing editing/updating/deleting users with special characters in name
* Using proper route methods, escaping username in CurrentUserStore.

Fixes #3569

(cherry picked from commit 34446c2)
Verified
This commit was signed with a verified signature.
@dennisoelkers dennisoelkers Dennis Oelkers
GPG key ID: 26B2C114209DC497 Learn about signing commits
Loading status checks…
63cb44a

@dennisoelkers dennisoelkers referenced this issue Mar 7, 2017

Merged

Properly escape username/roles in web interface (#3570) #3588

3 of 9 tasks complete

@joschi joschi added this to the 2.2.3 milestone Mar 7, 2017

joschi added a commit that referenced this issue Mar 7, 2017

@dennisoelkers @joschi
Properly escape username/roles in web interface (#3588) 
* Escaping username component to allow usernames with slash.
* Allowing to handle deletion/updates of roles with special characters.
* Allowing editing/updating/deleting users with special characters in name
* Using proper route methods, escaping username in CurrentUserStore.

Fixes #3569

(cherry picked from commit 34446c2 / PR #3570)
Loading status checks…
f9a9d2b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment