Github user karuturi commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/755#discussion_r38513021
--- Diff: server/src/com/cloud/user/AccountManagerImpl.java ---
@@ -2145,14 +2145,10 @@ private UserAccount getUserAccount(String username,
String password, Long domain
s_logger.debug("Attempting to log in user: " + username + " in
domain " + domainId);
}
UserAccount userAccount = _userAccountDao.getUserAccount(username,
domainId);
- if (userAccount == null) {
- s_logger.warn("Unable to find an user with username " +
username + " in domain " + domainId);
- return null;
- }
boolean authenticated = false;
HashSet<ActionOnFailedAuthentication> actionsOnFailedAuthenticaion
= new HashSet<ActionOnFailedAuthentication>();
- User.Source userSource = userAccount.getSource();
+ User.Source userSource = userAccount != null ?
userAccount.getSource(): User.Source.UNKNOWN;
--- End diff --
I checked that after the discussion yesterday.
Every authenticator checks if a user exists in cloudstack. That
responsibility is with the authenticator. In the earlier case, if the user
doesnt exist, it throws a NPE on line 2155 which is a recent change. Prior to
that change, any cloud provider can write an authenticator which always returns
true even when cloudstack account doesnt exist. But, will break in lot of other
places with NPEs as the rest of the app assumes logged in user has an account
in cloudstack db. I think that needs to be fixed so that anyone can plugin
their own user management system without using native cloudstack users.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
