1022498 – When creating username with nonstandard characters inside, Sat6 user is created, but KatelloForemanEngine exception occurs

Bug 1022498 - When creating username with nonstandard characters inside, Sat6 user is created, but KatelloForemanEngine exception occurs

Summary: When creating username with nonstandard characters inside, Sat6 user is creat...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	WebUI
Sub Component:
Version:	6.0.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	low vote
Target Milestone:	Unspecified
Assignee:	Katello Bug Bin
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-10-23 12:22 UTC by Adam Saleh
Modified:	2019-09-26 13:43 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-07-02 14:05:41 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Adam Saleh 2013-10-23 12:22:39 UTC

Description of problem:

When trying to create user with username "foo foo" it gets created but then this exception appears.

Failed to perform additional action KatelloForemanEngine::Actions::UserCreate: 422 Unprocessable Entity

Login in as this user works fine.

Version-Release number of selected component (if applicable):

1.4.6-40.el6sat


Expected results:
User \w whitespace shouldn't be allowed to be created

Comment 1 RHEL Program Management 2013-10-23 12:45:43 UTC

Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

Comment 3 Adam Saleh 2013-10-23 12:56:07 UTC

After aditional investigation I have encountered same behavior when trying to input usernames <a href=localhost>test</a>, or '';!--"<XSS>=&{()} 

The exception is

Failed to perform additional action KatelloForemanEngine::Actions::UserCreate: 500 Internal Server Error

Expected result:

User-creation in Sat6 should be compatible with Foreman.

Comment 4 Bryan Kearney 2014-05-23 17:43:35 UTC

The following example all result in invalid users messages when attempting to create them:

'';!--"<XSS>=&{()}
<a href=localhost>test</a>
foo foo

Comment 5 Adam Saleh 2014-06-10 13:42:50 UTC

Tried in api, looks good.

Comment 6 Bryan Kearney 2014-07-02 14:05:41 UTC

This was delivered with 6.0.3, which is the Satellite 6 Beta.

Note You need to log in before you can comment on or make changes to this bug.