Bug 1007106

Summary: Register in Zanata failed if using openId with same username as existing user.
Product: [Retired] Zanata Reporter: Alex Eng <aeng>
Component: SecurityAssignee: Carlos Munoz <camunoz>
Status: CLOSED CURRENTRELEASE QA Contact: Ding-Yi Chen <dchen>
Severity: high Docs Contact:
Priority: high    
Version: 3.0CC: dchen, zanata-bugs
Target Milestone: ---   
Target Release: 3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 3.0.3-SNAPSHOT (20130913-0020) Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-27 03:24:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Alex Eng 2013-09-11 22:56:04 UTC
Description of problem:
Registration failed if using openId that has the same username as existing user. 

Version-Release number of selected component (if applicable):
3.0

How reproducible:
Always

Steps to Reproduce:
1. Look for an existing username in zanata. (Login as admin)
2. Try to signup using any openId Zanata support that has the same username.

Actual results:
Registration failed, user redirect to error page.

Expected results:
User being register and asked to choose a different username.

Additional info:

Comment 1 Carlos Munoz 2013-09-12 03:38:29 UTC
The problem presents itself when a Zanata username (as in internal authentication) matches exactly an open id username (i.e. 'user' in zanata and 'http://user.openidprovider.org').

I removed some of the logic that tries to pre-populate names and usernames from openids, as it might not yield nice results.

We should think about refactoring our security system to remove some of the bloat that makes it difficult to easily find these things.

This bug should be tested in both release and master branches.

See:
https://github.com/zanata/zanata-server/pull/178

Comment 2 Ding-Yi Chen 2013-09-16 08:07:21 UTC
VERIFIED with Zanata version 3.1-SNAPSHOT (20130913-1232)

Comment 3 Ding-Yi Chen 2013-09-17 00:55:44 UTC
Also VERIFIED with Zanata version 3.0.3-SNAPSHOT (20130913-0020)

Comment 4 Sean Flanigan 2013-11-27 03:14:31 UTC
Closing VERIFIED bugs for Zanata versions <= 3.1.

Comment 5 Sean Flanigan 2013-11-27 03:16:17 UTC
Closing VERIFIED bugs for Zanata versions <= 3.1.

Comment 6 Sean Flanigan 2013-11-27 03:17:55 UTC
Closing VERIFIED bugs for Zanata versions <= 3.1.

Comment 7 Sean Flanigan 2013-11-27 03:24:13 UTC
Closing VERIFIED bugs for Zanata versions <= 3.1.

Comment 8 Sean Flanigan 2013-11-27 03:32:33 UTC
Closing VERIFIED bugs for Zanata versions <= 3.1.

Comment 9 Sean Flanigan 2013-11-27 03:34:49 UTC
Closing VERIFIED bugs for Zanata versions <= 3.1.