Bug 1007106 - Register in Zanata failed if using openId with same username as existing user.
Register in Zanata failed if using openId with same username as existing user.
Status: CLOSED CURRENTRELEASE
Product: Zanata
Classification: Community
Component: Security (Show other bugs)
3.0
Unspecified Unspecified
high Severity high
: ---
: 3.0
Assigned To: Carlos Munoz
Ding-Yi Chen
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-11 18:56 EDT by Alex Eng
Modified: 2013-11-26 22:34 EST (History)
2 users (show)

See Also:
Fixed In Version: 3.0.3-SNAPSHOT (20130913-0020)
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-26 22:24:13 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Alex Eng 2013-09-11 18:56:04 EDT
Description of problem:
Registration failed if using openId that has the same username as existing user. 

Version-Release number of selected component (if applicable):
3.0

How reproducible:
Always

Steps to Reproduce:
1. Look for an existing username in zanata. (Login as admin)
2. Try to signup using any openId Zanata support that has the same username.

Actual results:
Registration failed, user redirect to error page.

Expected results:
User being register and asked to choose a different username.

Additional info:
Comment 1 Carlos Munoz 2013-09-11 23:38:29 EDT
The problem presents itself when a Zanata username (as in internal authentication) matches exactly an open id username (i.e. 'user' in zanata and 'http://user.openidprovider.org').

I removed some of the logic that tries to pre-populate names and usernames from openids, as it might not yield nice results.

We should think about refactoring our security system to remove some of the bloat that makes it difficult to easily find these things.

This bug should be tested in both release and master branches.

See:
https://github.com/zanata/zanata-server/pull/178
Comment 2 Ding-Yi Chen 2013-09-16 04:07:21 EDT
VERIFIED with Zanata version 3.1-SNAPSHOT (20130913-1232)
Comment 3 Ding-Yi Chen 2013-09-16 20:55:44 EDT
Also VERIFIED with Zanata version 3.0.3-SNAPSHOT (20130913-0020)
Comment 4 Sean Flanigan 2013-11-26 22:14:31 EST
Closing VERIFIED bugs for Zanata versions <= 3.1.
Comment 5 Sean Flanigan 2013-11-26 22:16:17 EST
Closing VERIFIED bugs for Zanata versions <= 3.1.
Comment 6 Sean Flanigan 2013-11-26 22:17:55 EST
Closing VERIFIED bugs for Zanata versions <= 3.1.
Comment 7 Sean Flanigan 2013-11-26 22:24:13 EST
Closing VERIFIED bugs for Zanata versions <= 3.1.
Comment 8 Sean Flanigan 2013-11-26 22:32:33 EST
Closing VERIFIED bugs for Zanata versions <= 3.1.
Comment 9 Sean Flanigan 2013-11-26 22:34:49 EST
Closing VERIFIED bugs for Zanata versions <= 3.1.

Note You need to log in before you can comment on or make changes to this bug.