passbolt_api
passbolt_api copied to clipboard
passbolt
Invalid link generated by recover_user command
Invalid link generated by recover_user command
- Passbolt Version: 4.4.2
- Platform and Target: docker.io/passbolt/passbolt:4.4.2-1-ce -- Operating system: Ubuntu
What you did
- run docker instance of passbolt
- create 2+ users
- run
recover_usercommand in console for each user
What happened
links contains invalid user_id
recover_user command builds invalid SQL query without username filter:
MariaDB General Query Log>
SELECT
`Users`.`id` AS `Users__id`,
`Users`.`role_id` AS `Users__role_id`,
`Users`.`username` AS `Users__username`,
`Users`.`active` AS `Users__active`,
`Users`.`deleted` AS `Users__deleted`,
`Users`.`disabled` AS `Users__disabled`,
`Users`.`created` AS `Users__created`,
`Users`.`modified` AS `Users__modified`
FROM `users` `Users`
WHERE (`Users`.`deleted` = 0 AND `Users`.`active` = 1 AND ((`Users`.`disabled`) IS NULL OR `Users`.`disabled` > '2023-12-19 09:03:25'))
ORDER BY `Users`.`created` ASC LIMIT 1
Than creates token for random user returned by this query, instead of --username option specified.
BUG:
https://github.com/passbolt/passbolt_api/blob/bc93285dc311c66c6ff30922904437c99e9a5571/src/Command/RecoverUserCommand.php#L69C29-L69C29
it's not filter trait, I think it must be activeNotDeleted(found in traits), tested, works correctly.
Thank you for the hint @rokiden . I could reproduce it, this will be fixed in the coming v4.5.
👋🏼 Hey @rokiden, this issue has been fixed and released with v4.5.0. Feel free to try it out and let us know if it persists.
