Bug 663722

Summary: passwords do not seem to allow special characters?
Product: [Other] RHQ Project Reporter: John Mazzitelli <mazz>
Component: Core UIAssignee: Charles Crouch <ccrouch>
Status: CLOSED CURRENTRELEASE QA Contact: Mike Foley <mfoley>
Severity: medium Docs Contact:
Priority: high    
Version: 4.0.0.B02CC: hbrock, sdharane
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-03 17:00:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 729848, 730796    

Description John Mazzitelli 2010-12-16 16:50:38 UTC
Create a new user and make the password: ~!@#$%^&*()_+

(just hold the shift key and move left-to-right along the top row of a US keyboard)

Try to log in as the new user with that new password. It fails to log in for me.

Now change the password to something simple (I used six 'a' characters: aaaaaa).

Try to log in again. This is OK for me and logs me in successfully.

Something might be wrong with special characters in a password???

Comment 1 John Mazzitelli 2010-12-16 16:51:57 UTC
assigning to ips since he knows all about the new gwt add-user functionality

Comment 2 Ian Springer 2011-08-18 15:15:05 UTC
[master fe95a5a] fixes this. In LoginView.login(), we needed to URL-encode the username and password in the body of the POST request sent to authenticate with portal-war.

To QA this, try changing some user's password to "%%%%%%" and then trying to login as that user.

Comment 3 John Mazzitelli 2011-08-19 13:48:56 UTC
(In reply to comment #2)
> To QA this, try changing some user's password to "%%%%%%" and then trying to
> login as that user.

QA should not just test with that one special character. Test with my replication procedure to test that we support all those special characters (or more if QA wants):

"Create a new user and make the password: ~!@#$%^&*()_+
(just hold the shift key and move left-to-right along the top row of a US
keyboard)"

Comment 4 Venkat 2011-08-19 14:05:06 UTC
Tested on the build#306(Version: 4.1.0-SNAPSHOT Build Number: c5c70b8)

Created a new user with the password: ~!@#$%^&*()_+     and tried to login with the user created. It's not allowing me to login to RHQ. It shows a message "The username or password provided does not match our records." at login screen.

Moving to ON_DEV.

Comment 5 Ian Springer 2011-08-19 14:50:08 UTC
Good call, Mazz. I was using URL.encode() to encode the username and password, but should have been using URL.encodeComponent(), which also encodes URL delimiters such as '?' and '&'. [master a2489d6] should put this to bed.

Comment 7 Heiko W. Rupp 2013-09-03 17:00:54 UTC
Bulk closing of old issues that are in VERIFIED state.