Skip to content

Commit

Permalink
admin/security: Unescape characters in username path params
Browse files Browse the repository at this point in the history 
- `DELETE /v1/security/users/{user}`
- `PUT /v1/security/users/{user}`

(cherry picked from commit 93d575f)
  • Loading branch information
@oleiman
oleiman committed Dec 4, 2023
1 parent 0d5fd0c commit 48ecc94
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions src/v/redpanda/admin_server.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1656,7 +1656,12 @@ admin_server::delete_user_handler(std::unique_ptr<ss::httpd::request> req) {
throw co_await redirect_to_leader(*req, model::controller_ntp);
}

auto user = security::credential_user(req->param["user"]);
ss::sstring user_v;
if (!ss::http::internal::url_decode(req->param["user"], user_v)) {
throw ss::httpd::bad_param_exception{fmt::format(
"Invalid parameter 'user' got {{{}}}", req->param["user"])};
}
auto user = security::credential_user(user_v);

if (!_controller->get_credential_store().local().contains(user)) {
vlog(logger.debug, "User '{}' already gone during deletion", user);
Expand All @@ -1683,7 +1688,12 @@ admin_server::update_user_handler(std::unique_ptr<ss::httpd::request> req) {
throw co_await redirect_to_leader(*req, model::controller_ntp);
}

auto user = security::credential_user(req->param["user"]);
ss::sstring user_v;
if (!ss::http::internal::url_decode(req->param["user"], user_v)) {
throw ss::httpd::bad_param_exception{fmt::format(
"Invalid parameter 'user' got {{{}}}", req->param["user"])};
}
auto user = security::credential_user(user_v);

auto doc = parse_json_body(*req);

Expand Down

0 comments on commit 48ecc94

Please sign in to comment.