Bug 681632

Summary: User can paste multibyte characters in as a password, but cannot actually type them.
Product: [Other] RHQ Project Reporter: Corey Welton <cwelton>
Component: Core UIAssignee: Charles Crouch <ccrouch>
Status: CLOSED WONTFIX QA Contact: Mike Foley <mfoley>
Severity: low Docs Contact:
Priority: low    
Version: 4.0.0.B02CC: hbrock, ian.springer, jshaughn
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-26 22:27:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 677420    

Description Corey Welton 2011-03-02 19:14:39 UTC 
Description of problem:

This is a bit of a nitpick.
If one tries to edit a user password and enter multibyte characters, s/he cannot.  However, they can be pasted into the box.  (Likewise, on the login screen, user cannot enter them but they can be pasted in)

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.  Administration > Users > $user
2.  In the Password field, using an IME, attempt to enter the characters "一二三一二三"  note that you probably cannot enter these -- you see a dot entered for each character you've typed, instead.
3.  Attempt to paste in the same string to password/verify password fields.
4.  Attempt to login as said user, using the methods listed in steps 2 and 3 above.
  
Actual results:
User cannot use IME to enter multibyte chars into password fields.  They can, however, paste said characters

Expected results:
I'm really not sure we necessarily want/need to allow them to enter such characters - but if we decide to block it, we should parse password strings prior to submittal to disallow such characters as well.

Additional info:

This very well could be a limitation of the toolkit, browser, or even the IME on the system (Fedora in this case).  And I am fine with disallowing multibyte characters as passwords.  But if we do so, we should make sure they cannot be entered in myriad other ways.
Comment 1 Corey Welton 2011-03-02 19:15:53 UTC 
btw if you want to try this on fedora, assure ibus-daemon is installed and you have the Mandarin pinyin pack installed.  To enter the characters, enable the IME and start typing, "yi er san yi er san".  It should probably figure out what you're trying to do.
Comment 2 Ian Springer 2011-03-09 21:28:29 UTC 
Charles, do we want to allow multi-byte characters in passwords?