Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[management-api] User registration fails #1209

Closed
DaspawnW opened this issue Apr 13, 2018 · 2 comments
Closed

[management-api] User registration fails #1209

DaspawnW opened this issue Apr 13, 2018 · 2 comments
Labels
type: bug
Milestone
1.16.0

Comments

@DaspawnW
Copy link

DaspawnW commented Apr 13, 2018
edited
Loading

Registration of a new user fails with No User Found with Username.

11:49:59.555 [gravitee-listener-26] ERROR i.g.m.service.impl.UserServiceImpl - An error occurs while trying to create an internal user with the token <my-registration-token>
java.lang.IllegalStateException: No user found with username [<same username in registration token>]
	at io.gravitee.repository.mongodb.management.MongoUserRepository.update(MongoUserRepository.java:117)
	at io.gravitee.repository.mongodb.management.MongoUserRepository.update(MongoUserRepository.java:39)
	at io.gravitee.management.repository.proxy.UserRepositoryProxy.update(UserRepositoryProxy.java:49)
	at io.gravitee.management.repository.proxy.UserRepositoryProxy.update(UserRepositoryProxy.java:34)
	at io.gravitee.management.service.impl.UserServiceImpl.create(UserServiceImpl.java:265)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
	at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
	at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
	at com.sun.proxy.$Proxy32.create(Unknown Source)
	at io.gravitee.management.rest.resource.UsersResource.createUser(UsersResource.java:92)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:74)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161)
	at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:202)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:388)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:346)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)
	at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:337)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:280)
	at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:316)
	at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1084)
	at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:418)
	at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:372)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1712)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at io.gravitee.management.security.filter.AuthenticationSuccessFilter.doFilter(AuthenticationSuccessFilter.java:128)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at io.gravitee.management.security.filter.JWTAuthenticationFilter.doFilter(JWTAuthenticationFilter.java:114)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:96)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1699)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
	at org.eclipse.jetty.server.Server.handle(Server.java:523)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
	at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
	at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
	at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
	at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
	at java.lang.Thread.run(Thread.java:748)

As I can see in the Sourcecode you are looking for a user by username:
https://github.com/gravitee-io/gravitee-management-rest-api/blob/b70f0b4777936446a9cf069506506a970ef3e6c0/gravitee-management-api-service/src/main/java/io/gravitee/management/service/impl/UserServiceImpl.java#L250

Then you are creating a new user with a new user id:
https://github.com/gravitee-io/gravitee-management-rest-api/blob/b70f0b4777936446a9cf069506506a970ef3e6c0/gravitee-management-api-service/src/main/java/io/gravitee/management/service/impl/UserServiceImpl.java#L256

Then you are saving the new user with an update on the userRepository:
https://github.com/gravitee-io/gravitee-management-rest-api/blob/b70f0b4777936446a9cf069506506a970ef3e6c0/gravitee-management-api-service/src/main/java/io/gravitee/management/service/impl/UserServiceImpl.java#L265

And the update calls the MongoUserRepository in my case. There you are looking for an already existing user, as you see from the previous steps you are overwriting the UUID by a new one. So the find will fail and throw an exception.
https://github.com/gravitee-io/gravitee-repository-mongodb/blob/fbc2aacae118fe53100204181547bfc896bf3aae/src/main/java/io/gravitee/repository/mongodb/management/MongoUserRepository.java#L114

Expected Behavior

Registration will be finished with new user

Current Behavior

Login fails with described exception.

Possible Solution

Remove the line 256 from the UserServiceImpl.java class or check if it has already an id then call update otherwise create on the userRepository.
Not really nice, but I think this will work:

            if (checkUser.isPresent()) {
                user.setId(checkUser.get().getId());
                user = userRepository.update(user);
            } else {
                user.setId(UUID.toString(UUID.random()));
                user = userRepository.create(user);
            }

Steps to Reproduce (for bugs)

  1. Use MongoDB as Secure backend
  2. Register and receive the token
  3. Try to set the password for the user

Context

No possibility to register

Your Environment

  • Version used: graviteeio/management-api:1.15.1
  • Docker Container
@brasseld brasseld added this to the 1.15.2 milestone Apr 13, 2018
@brasseld brasseld changed the title User registration fails [management-api] User registration fails Apr 13, 2018
DaspawnW pushed a commit to DaspawnW/gravitee-management-rest-api that referenced this issue Apr 13, 2018
fix(bug): User registration fails
045fd3d 
Closes gravitee-io/issues#1209
@DaspawnW DaspawnW mentioned this issue Apr 13, 2018
Merged
@DaspawnW
Copy link
Author

There are two ideas how to handle it.
The current implementation accepts that there is no user, something like you can register via an JWToken without any userinformation in database.
The other solution could be to disallow this step by simply checking if user is not present and then returning an exception.

DaspawnW pushed a commit to DaspawnW/gravitee-management-rest-api that referenced this issue May 3, 2018
fix(bug): User registration fails
94dd2f3 
Closes gravitee-io/issues#1209
aelamrani pushed a commit to gravitee-io/gravitee-management-rest-api that referenced this issue May 3, 2018
@aelamrani
fix(bug): User registration fails
6f1f50b 
Closes gravitee-io/issues#1209
@aelamrani
Copy link
Member

Closed by gravitee-io/gravitee-management-rest-api#390

@aelamrani aelamrani modified the milestones: 1.15.2, 1.16.0 May 3, 2018
@brasseld brasseld mentioned this issue May 8, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug
Projects
None yet
Milestone
1.16.0
Development

No branches or pull requests
4 participants
@brasseld @NicolasGeraud @aelamrani @DaspawnW