CBG-5311: [4.0.5 backport] Cleanup for GetUser#8261
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Backport of upstream “Cleanup for GetUser” changes to make auth/session and REST auth flows safer when GetUser/GetRole can return (nil, nil), and to normalize concurrent registration behavior.
Changes:
- Hardened multiple call sites against
GetUser/GetRolereturningnil(avoid nil dereferences; return appropriate auth errors). - Updated
RegisterNewUserto treat CAS-race “user already created” as success (return existing user withnilerror) and simplified callers accordingly. - Improved error handling/logging paths where user data was previously referenced via potentially-nil principals.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| rest/session_api.go | Simplifies registration error handling to align with updated RegisterNewUser CAS-race semantics. |
| rest/handler.go | Ensures GetUser returning nil after principal updates results in ErrInvalidLogin instead of leaving h.user nil. |
| rest/diagnostic_api.go | Avoids dereferencing user.Name() when GetUser returns an error by using the requested username string. |
| db/database.go | Skips missing roles/users during sequence regeneration to avoid nil principal usage. |
| db/crud.go | Handles GetUser returning nil when reloading the active user, with a warning. |
| auth/session.go | Treats missing user as invalid session (prevents nil deref on user.GetSessionUUID()). |
| auth/auth.go | casUpdatePrincipal returns not-found when a principal disappears during CAS retries; RegisterNewUser returns existing user with nil error on CAS-race. |
Comment on lines
+974
to
+977
| if existing == nil { | ||
| return nil, err | ||
| } | ||
| return existing, nil |
Comment on lines
+75
to
77
| if user == nil || session.SessionUUID != user.GetSessionUUID() { | ||
| base.InfofCtx(auth.LogCtx, base.KeyAuth, "Session no longer valid for user %s", base.UD(session.Username)) | ||
| return nil, base.HTTPErrorf(http.StatusUnauthorized, "Session no longer valid for user") |
bbrks
approved these changes
May 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CBG-5311
Backports #8259
Pre-review checklist
fmt.Print,log.Print, ...)base.UD(docID),base.MD(dbName))docs/apiDependencies (if applicable)
Integration Tests