Bug 1126731

Summary: UI should throw proper validation error while updating some params with any random value(like utf-8 or -ve values)
Product: Red Hat Satellite 6 Reporter: Sachin Ghai <sghai>
Component: SettingsAssignee: Ondřej Pražák <oprazak>
Status: CLOSED NEXTRELEASE QA Contact: Sanket Jagtap <sjagtap>
Severity: low Docs Contact:
Priority: medium    
Version: 6.0.4CC: bkearney, dcleal, sjagtap, zhunting
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/6924
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 19:57:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
param 'libvirt_default_console_address' and 'remote_addr' updated with utf8 chars
none
parameters whose value should be an url can contain utf8 chars
none
Trusted Puppet master screenshot
none
more options that requires checks (email) none

Description Sachin Ghai 2014-08-05 07:25:42 UTC
Created attachment 924115 [details]
param 'libvirt_default_console_address' and 'remote_addr' updated with utf8 chars

Description of problem:
I'm bit confused with the validation around the parameter those should contain a valid URL as a value or an IP address as a value.

For example:

if I update "unattended_url" parameter under provisioning tab with utf8 characters then UI throws error "Value must be a valid URI"

Similarly, If I update following params, with any value, UI doesn't raise any error:

- login_delegation_logout_url : accepts all values (-ve value, null values, utf-8, latin-1, html etc)

- signo_url: accepts all values (-ve value, null values, utf-8, latin-1, html etc)

- trusted_puppetmaster_hosts : Since its accepts value in an array, so I can add any value (-ve, null, html) between [].


Also, the parameters whose value can be a IP address should also be validated before accepting the value.

libvirt_default_console_address: accepts all values (-ve value, null values, utf-8, latin-1, html etc)

remote_addr: accepts all values (-ve value, null values, utf-8, latin-1, html etc)


Version-Release number of selected component (if applicable):
sat6 GA snap3

How reproducible:
always

Steps to Reproduce:
1. update all above mentioned parameters under settings menu with some unknown random value.
2.
3.

Actual results:
No validation around above parameters. User can edit all these parameters with any value. A parameter whose value should be only a URL can accept anything. or a param whose value should be an IP address can accept utf8 characters. 

Expected results:
Proper validation needs to be placed for parameters. As soon as user input any value, it should be validated by UI and user should get an error message if its a invalid value.

Additional info:

Comment 1 Sachin Ghai 2014-08-05 07:30:22 UTC
Created attachment 924116 [details]
parameters whose value should be an url can contain utf8 chars

Comment 3 Dominic Cleal 2014-08-05 08:00:18 UTC
Created redmine issue http://projects.theforeman.org/issues/6924 from this bug

Comment 4 Bryan Kearney 2015-08-25 17:59:50 UTC
Upstream bug component is Provisioning

Comment 5 Bryan Kearney 2015-09-02 17:23:09 UTC
Upstream bug component is Settings

Comment 6 Bryan Kearney 2016-03-14 18:14:02 UTC
Moving to POST since upstream bug http://projects.theforeman.org/issues/6924 has been closed
-------------
Ondřej Pražák
Applied in changeset commit:7339369dc896aa9eb3c0bdc1af7992dd6268acfd.

Comment 7 Sanket Jagtap 2016-06-01 11:30:02 UTC
Created attachment 1163585 [details]
Trusted Puppet master screenshot

Issue still persists in Trusted Puppet master hosts options.
No validation for parameters.

and other options that were not validated are 

Administrator email address
Email reply address
root password in provisioning settings

attached screenshots of the same.

Comment 8 Sanket Jagtap 2016-06-01 11:31:10 UTC
Created attachment 1163586 [details]
more options that requires checks (email)

Comment 9 Sanket Jagtap 2016-06-01 11:32:09 UTC
Build :Satellite 6.2 snap13.1

Comment 10 Ondřej Pražák 2016-06-02 11:08:59 UTC
Could you elaborate on what characters should be accepted in the root password? Should it be ascii only?

Comment 11 Sanket Jagtap 2016-06-06 15:51:53 UTC
Sorry for hasty comment ,
rechecked the facts , root password can contain other char-set.

Comment 12 Ondřej Pražák 2016-06-10 07:49:00 UTC
Pending PR for upstream that validates Administrator email address, Email reply address and Trusted puppetmaster hosts:

https://github.com/theforeman/foreman/pull/3583

Comment 14 Zach Huntington-Meath 2016-07-21 18:33:20 UTC
As the upstream commit has been merged I'm going to change the status to Post.

Comment 16 Bryan Kearney 2017-08-01 19:57:43 UTC
The fix to this bug will be delivered with release 6.3 of Satellite.