Bug 1070730

Summary: User email validation doesn't exactly match specification
Product: Red Hat Satellite Reporter: Ales Dujicek <adujicek>
Component: Users & RolesAssignee: Christine Fouant <cfouant>
Status: CLOSED ERRATA QA Contact: Tazim Kolhar <tkolhar>
Severity: low Docs Contact:
Priority: low    
Version: NightlyCC: bkearney, cwelton, dcleal, sthirugn
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/5811
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-12 05:08:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ales Dujicek 2014-02-27 13:02:16 UTC
Description of problem:

hammer accepts invalid email addresses when creating users:

for example:
# hammer user create --auth-source-id 1 --password testing --login user1 --mail "specialchars():;@example.com"
User created

# hammer user create --auth-source-id 1 --password testing --login user2 --mail 's p a c e s'
User created

# hammer user create --auth-source-id 1 --password testing --login user3 --mail 'dots..'
User created

# hammer user list
ID  | LOGIN | NAME       | EMAIL 
163 | user1 |            | specialchars():;@example.com
165 | user2 |            | spaces          
166 | user3 |            | dots..          


and it also accepts empty string as email address:
# hammer user create --login user4 --mail '' --auth-source-id 1 --password pass
User created


and does not accept (unusual) valid addresses (see http://en.wikipedia.org/wiki/Email_address#Valid_email_addresses):
e.g.:
# hammer user create --login user5 --mail '"very.unusual.@.unusual.com"@example.com' --auth-source-id 1 --password pass
Could not create the user:
  Email address is invalid



Version-Release number of selected component (if applicable):
foreman-postgresql-1.5.0-0.develop.201402250936git8cf1033.el6.noarch
foreman-release-1.5.0-0.develop.201402250936git8cf1033.el6.noarch
dell-pem710-01.rhts.eng.bos.redhat.com-foreman-proxy-1.0-1.noarch
foreman-proxy-1.5.0-0.develop.201402201704gita25e7b9.el6.noarch
dell-pem710-01.rhts.eng.bos.redhat.com-foreman-client-1.0-1.noarch
rubygem-foreman_api-0.1.11-1.el6.noarch
foreman-1.5.0-0.develop.201402250936git8cf1033.el6.noarch
rubygem-hammer_cli_foreman-0.0.18-1.el6.noarch
foreman-selinux-1.5.0-0.develop.201401221845git5f25c33.el6.noarch
rubygem-hammer_cli-0.0.18-1.el6.noarch
rubygem-hammer_cli_katello-0.0.3-1.el6.noarch


How reproducible:
always

Comment 2 Bryan Kearney 2014-03-28 20:37:31 UTC
Spaces are removed by foreman by default. That explains the first two issues. The current code does not catch .. as an invalid email.

Comment 4 Dominic Cleal 2014-05-20 12:25:48 UTC
Permitting user creation with no e-mail address is expected behaviour, as it forces the user to set one on first login.

Comment 5 Dominic Cleal 2014-05-20 12:26:18 UTC
Created redmine issue http://projects.theforeman.org/issues/5811 from this bug

Comment 7 Christine Fouant 2014-09-17 17:48:53 UTC
Okay, I've worked out a regular expression that would handle all of wiki's current definition of valid email addresses. However, I don't know that we want to accept all of these forms: specifically, the "quoted string form" which allows for special characters like spaces, backslash, etc. Essentially, we would have to get rid of the normalize_mail method if we want to do the quoted string form. It makes the validation extremely messy, and think it's such an unusual format that it is highly unlikely it would be encountered anyhow. 

I also think ignoring the direct IP address as input for the domain of the email address is wise. However, I'd like some feedback before moving forward on the code input.

Comment 8 Dominic Cleal 2014-09-18 07:13:39 UTC
This is the wrong place to request feedback - ask in the upstream community, either in a pull request or on the -dev mailing list or IRC channel.

Comment 9 Bryan Kearney 2014-09-25 16:01:34 UTC
Moving to POST since upstream bug http://projects.theforeman.org/issues/5811 has been closed
-------------
Christine Fouant
Applied in changeset commit:bd6b42715d2052c99f285dac9b919c27b36453a4.

Comment 10 Tazim Kolhar 2014-10-10 10:27:24 UTC
VERIFIED

*** This bug is verified in upstream.  This fix should eventually land in future downstream builds ***

# rpm -qa | grep foreman
foreman-gce-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch
ruby193-rubygem-foreman_discovery-1.4.0-0.1.rc4.el7.noarch
hp-bl420cgen8-01.rhts.eng.bos.redhat.com-foreman-proxy-1.0-1.noarch
foreman-compute-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch
ruby193-rubygem-foreman_hooks-0.3.7-2.el7.noarch
rubygem-hammer_cli_foreman_tasks-0.0.3-2.201409091410git163c264.git.0.988ca80.el7.noarch
foreman-release-1.7.0-0.develop.201410071158git54141ab.el7.noarch
foreman-proxy-1.7.0-0.develop.201410081229git52f0bac.el7.noarch
hp-bl420cgen8-01.rhts.eng.bos.redhat.com-foreman-client-1.0-1.noarch
foreman-ovirt-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch
ruby193-rubygem-foreman-tasks-0.6.9-1.el7.noarch
foreman-selinux-1.7.0-0.develop.201409301113git2f345de.el7.noarch
foreman-postgresql-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch
foreman-vmware-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch
ruby193-rubygem-foreman_bootdisk-4.0.0-1.el7.noarch
foreman-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch
foreman-libvirt-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch
rubygem-hammer_cli_foreman-0.1.3-1.201409191432gitc38f9c8.el7.noarch

# hammer user create --auth-source-id 1 --password testing --login user1 --mail "specialchars():;@example.com"
[Foreman] username: admin
[Foreman] password for admin: 
Could not create the user:
  Email address is invalid

# hammer user create --auth-source-id 1 --password testing --login user1 --mail 'a c e s'
[Foreman] username: admin
[Foreman] password for admin: 
Could not create the user:
  Email address is invalid


hammer user create --auth-source-id 1 --password testing --login user1 --mail 'dots..'
[Foreman] username: admin
[Foreman] password for admin: 
Could not create the user:
  Email address is invalid

Comment 11 Bryan Kearney 2015-08-11 13:31:09 UTC
This bug is slated to be released with Satellite 6.1.

Comment 12 errata-xmlrpc 2015-08-12 05:08:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:1592