Bug 1022498 - When creating username with nonstandard characters inside, Sat6 user is created, but KatelloForemanEngine exception occurs
When creating username with nonstandard characters inside, Sat6 user is creat...
Product: Red Hat Satellite 6
Classification: Red Hat
Component: WebUI (Show other bugs)
Unspecified Unspecified
unspecified Severity low (vote)
: Unspecified
: --
Assigned To: Katello Bug Bin
Katello QA List
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2013-10-23 08:22 EDT by Adam Saleh
Modified: 2014-07-02 10:05 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-07-02 10:05:41 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Adam Saleh 2013-10-23 08:22:39 EDT
Description of problem:

When trying to create user with username "foo foo" it gets created but then this exception appears.

Failed to perform additional action KatelloForemanEngine::Actions::UserCreate: 422 Unprocessable Entity

Login in as this user works fine.

Version-Release number of selected component (if applicable):


Expected results:
User \w whitespace shouldn't be allowed to be created
Comment 1 RHEL Product and Program Management 2013-10-23 08:45:43 EDT
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 3 Adam Saleh 2013-10-23 08:56:07 EDT
After aditional investigation I have encountered same behavior when trying to input usernames <a href=localhost>test</a>, or '';!--"<XSS>=&{()} 

The exception is

Failed to perform additional action KatelloForemanEngine::Actions::UserCreate: 500 Internal Server Error

Expected result:

User-creation in Sat6 should be compatible with Foreman.
Comment 4 Bryan Kearney 2014-05-23 13:43:35 EDT
The following example all result in invalid users messages when attempting to create them:

<a href=localhost>test</a>
foo foo
Comment 5 Adam Saleh 2014-06-10 09:42:50 EDT
Tried in api, looks good.
Comment 6 Bryan Kearney 2014-07-02 10:05:41 EDT
This was delivered with 6.0.3, which is the Satellite 6 Beta.

Note You need to log in before you can comment on or make changes to this bug.