We have a customer reporting that the group (with name included with +) information is not getting retrieved via RestAPI calls. In order to reproduce the scenario, I have created a group in Artifactory instance with a name test+test. When I try to retrieve the group information via RestAPI call, it is not retrieving the data and returns 404.
➜ curl -uadmin:password -X GET "http://localhost:8081/artifactory/api/security/groups/test+test"
"errors" : [
Even I have tried to escape + from the URI while triggering the RestAPI call with %2B and it didn’t help.
➜ curl -uadmin:password -X GET "http://localhost:8081/artifactory/api/security/groups/test%2Btest"
"errors" : [
Artifactory version 6.8 release notes mention that we have fixed the issue in which Artifactory allowed to create users and groups even if the name is included with illegal characters (/\:|?*"<>). Artifactory now validates that the username and group name only include legal characters as is done when creating a user or a group through the UI.
When I try to create the group name included with any of the illegal characters as mentioned UI is returning an error. Whereas creating a group with + is not returning any error but the group information retrieval fails via RestAPI.
Steps to reproduce the scenario
1. Create a group named test+test in Artifactory.
2. Create another group named testtest.
3. Now, use the below command to retrieve the group information.
curl -uadmin:password -X GET "http://localhost:8081/artifactory/api/security/groups/test+test"
curl -uadmin:password -X GET "http://localhost:8081/artifactory/api/security/groups/testtest"
While triggering the RestAPI calls as above, the first command will return a 404 error whereas the second call will reveal the group information.