Bug 909475

Summary: [RFE] Username field should have special character restrictions
Product: [Retired] Subscription Asset Manager Reporter: sthirugn <sthirugn>
Component: katelloAssignee: Katello Bug Bin <katello-bugs>
Status: CLOSED WONTFIX QA Contact: sthirugn <sthirugn>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.2CC: jsherril, mmccune
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-26 20:33:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description sthirugn@redhat.com 2013-02-08 21:16:43 UTC 
Description of problem:
Username is accepting all special characters.  There should be some restriction on the type of special characters it can take.

Version-Release number of selected component (if applicable):
* candlepin-0.7.23-1.el6_3.noarch
* candlepin-cert-consumer-qeblade6.rhq.lab.eng.bos.redhat.com-1.0-1.noarch
* candlepin-tomcat6-0.7.23-1.el6_3.noarch
* elasticsearch-0.19.9-5.el6_3.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.2.1-1h.el6_3.noarch
* katello-cli-1.2.1-12h.el6_3.noarch
* katello-cli-common-1.2.1-12h.el6_3.noarch
* katello-common-1.2.1-15h.el6_3.noarch
* katello-configure-1.2.3-3h.el6_3.noarch
* katello-glue-candlepin-1.2.1-15h.el6_3.noarch
* katello-headpin-1.2.1-15h.el6_3.noarch
* katello-headpin-all-1.2.1-15h.el6_3.noarch
* katello-selinux-1.2.1-2h.el6_3.noarch
* thumbslug-0.0.28-1.el6_3.noarch
* thumbslug-selinux-0.0.28-1.el6_3.noarch

How reproducible:
Always

Steps to Reproduce:
1. Create a new user 
  
Actual results:
Observe the Username field accepting all special characters like comma, ', ", <, >, ~, etc

Expected results:
There should be restriction in type of special characters the username can accept.

Additional info:
Suggestion: It is good to block any special characters other than . or @ for Usernames
Note: This bug was introduced with https://bugzilla.redhat.com/show_bug.cgi?id=813291
Comment 2 Justin Sherrill 2013-02-12 21:50:00 UTC 
So email address can contain a good number of 'special characters'  we should validate it against that set.  It looks like '<' & '>'  are not valid, but many others are.
Comment 3 sthirugn@redhat.com 2013-03-27 15:45:46 UTC 
Verified.  Now, there is a restriction on user names to be created with the html special characters: < > /

Version Tested:
* candlepin-0.7.24-1.el6_3.noarch
* candlepin-selinux-0.7.24-1.el6_3.noarch
* candlepin-tomcat6-0.7.24-1.el6_3.noarch
* elasticsearch-0.19.9-5.el6_3.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.2.1-1h.el6_3.noarch
* katello-cli-1.2.1-12h.el6_3.noarch
* katello-cli-common-1.2.1-12h.el6_3.noarch
* katello-common-1.2.1.1-1h.el6_4.noarch
* katello-configure-1.2.3.1-4h.el6_4.noarch
* katello-glue-candlepin-1.2.1.1-1h.el6_4.noarch
* katello-headpin-1.2.1.1-1h.el6_4.noarch
* katello-headpin-all-1.2.1.1-1h.el6_4.noarch
* katello-selinux-1.2.1-2h.el6_3.noarch
* thumbslug-0.0.28.1-1.el6_4.noarch
* thumbslug-selinux-0.0.28.1-1.el6_4.noarch
Comment 4 Bryan Kearney 2017-06-26 20:33:51 UTC 
The release of Satellite 5.8 we are deprecating the support of Subscription Asset Manager. The release notes for 5.8 can be found at https://access.redhat.com/documentation/en-us/red_hat_satellite/5.8/pdf/release_notes/Red_Hat_Satellite-5.8-Release_Notes-en-US.pdf.

I am therefore closing out this bug as WONTFIX. If you believe this to be an error, please feel free tor each out to either Rich Jerrido or Bryan Kearney. Thank you!