rhodecode-enterprise-ce Commit - r5352:77661e7b

fix(user-models): added extra protection against model username changes that would create duplicates

super-admin -

r5352:77661e7b default

parent child

rhodecode/apps/my_account/views/my_account.py

0 +1 0

                      except forms.ValidationFailure as e:
                          c.form = e
                          return self._get_template_context(c)
                      except Exception:
                          log.exception("Exception updating user")
                          h.flash(_('Error occurred during update of user'),

rhodecode/lib/exceptions.py

0 +4 0

                  pass
+             class DuplicateUpdateUserError(Exception):
+                 pass
              class RepositoryCreationError(Exception):
                  pass

rhodecode/model/user.py

0 +5 -1

              from rhodecode.lib.exceptions import (
                  DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
                  UserOwnsUserGroupsException, NotAllowedToCreateUserError,
-                 UserOwnsPullRequestsException, UserOwnsArtifactsException)
+                 UserOwnsPullRequestsException, UserOwnsArtifactsException, DuplicateUpdateUserError)
              from rhodecode.lib.caching_query import FromCache
              from rhodecode.model import BaseModel
              from rhodecode.model.db import (
                          log.debug('Checking for existing account in RhodeCode '
                                    'database with user_id `%s` ', updating_user_id)
                          user = User.get(updating_user_id)
+                         # now also validate if USERNAME belongs to potentially other user
+                         maybe_other_user = User.get_by_username(username, case_insensitive=True)
+                         if maybe_other_user and maybe_other_user.user_id != updating_user_id:
+                             raise DuplicateUpdateUserError(f'different user exists with the {username} username')
                      else:
                          log.debug('Checking for existing account in RhodeCode '
                                    'database with username `%s` ', username)

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages