Bug 1007106 - Register in Zanata failed if using openId with same username as existing user.
Summary: Register in Zanata failed if using openId with same username as existing user.
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Zanata
Classification: Retired
Component: Security
Version: 3.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 3.0
Assignee: Carlos Munoz
QA Contact: Ding-Yi Chen
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-09-11 22:56 UTC by Alex Eng
Modified: 2013-11-27 03:34 UTC (History)
2 users (show)

Fixed In Version: 3.0.3-SNAPSHOT (20130913-0020)
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-27 03:24:13 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Alex Eng 2013-09-11 22:56:04 UTC 
Description of problem:
Registration failed if using openId that has the same username as existing user. 

Version-Release number of selected component (if applicable):
3.0

How reproducible:
Always

Steps to Reproduce:
1. Look for an existing username in zanata. (Login as admin)
2. Try to signup using any openId Zanata support that has the same username.

Actual results:
Registration failed, user redirect to error page.

Expected results:
User being register and asked to choose a different username.

Additional info:
Comment 1 Carlos Munoz 2013-09-12 03:38:29 UTC 
The problem presents itself when a Zanata username (as in internal authentication) matches exactly an open id username (i.e. 'user' in zanata and 'http://user.openidprovider.org').

I removed some of the logic that tries to pre-populate names and usernames from openids, as it might not yield nice results.

We should think about refactoring our security system to remove some of the bloat that makes it difficult to easily find these things.

This bug should be tested in both release and master branches.

See:
https://github.com/zanata/zanata-server/pull/178
Comment 2 Ding-Yi Chen 2013-09-16 08:07:21 UTC 
VERIFIED with Zanata version 3.1-SNAPSHOT (20130913-1232)
Comment 3 Ding-Yi Chen 2013-09-17 00:55:44 UTC 
Also VERIFIED with Zanata version 3.0.3-SNAPSHOT (20130913-0020)
Comment 4 Sean Flanigan 2013-11-27 03:14:31 UTC 
Closing VERIFIED bugs for Zanata versions <= 3.1.
Comment 5 Sean Flanigan 2013-11-27 03:16:17 UTC 
Closing VERIFIED bugs for Zanata versions <= 3.1.
Comment 6 Sean Flanigan 2013-11-27 03:17:55 UTC 
Closing VERIFIED bugs for Zanata versions <= 3.1.
Comment 7 Sean Flanigan 2013-11-27 03:24:13 UTC 
Closing VERIFIED bugs for Zanata versions <= 3.1.
Comment 8 Sean Flanigan 2013-11-27 03:32:33 UTC 
Closing VERIFIED bugs for Zanata versions <= 3.1.
Comment 9 Sean Flanigan 2013-11-27 03:34:49 UTC 
Closing VERIFIED bugs for Zanata versions <= 3.1.
Note You need to log in before you can comment on or make changes to this bug.