Bug 1070730 - User email validation doesn't exactly match specification
Summary: User email validation doesn't exactly match specification
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Users & Roles
Version: Nightly
Hardware: Unspecified
OS: Unspecified
low
low vote
Target Milestone: Unspecified
Assignee: Christine Fouant
QA Contact: Tazim Kolhar
URL: http://projects.theforeman.org/issues...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-27 13:02 UTC by Ales Dujicek
Modified: 2017-02-23 21:18 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-12 05:08:00 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1592 normal SHIPPED_LIVE Important: Red Hat Satellite 6.1.1 on RHEL 6 2015-08-12 09:04:35 UTC
Foreman Issue Tracker 5811 None None None 2016-04-22 16:37:45 UTC

Description Ales Dujicek 2014-02-27 13:02:16 UTC
Description of problem:

hammer accepts invalid email addresses when creating users:

for example:
# hammer user create --auth-source-id 1 --password testing --login user1 --mail "specialchars():;@example.com"
User created

# hammer user create --auth-source-id 1 --password testing --login user2 --mail 's p a c e s@example.com'
User created

# hammer user create --auth-source-id 1 --password testing --login user3 --mail 'dots..@example.com'
User created

# hammer user list
ID  | LOGIN | NAME       | EMAIL 
163 | user1 |            | specialchars():;@example.com
165 | user2 |            | spaces@example.com          
166 | user3 |            | dots..@example.com          


and it also accepts empty string as email address:
# hammer user create --login user4 --mail '' --auth-source-id 1 --password pass
User created


and does not accept (unusual) valid addresses (see http://en.wikipedia.org/wiki/Email_address#Valid_email_addresses):
e.g.:
# hammer user create --login user5 --mail '"very.unusual.@.unusual.com"@example.com' --auth-source-id 1 --password pass
Could not create the user:
  Email address is invalid



Version-Release number of selected component (if applicable):
foreman-postgresql-1.5.0-0.develop.201402250936git8cf1033.el6.noarch
foreman-release-1.5.0-0.develop.201402250936git8cf1033.el6.noarch
dell-pem710-01.rhts.eng.bos.redhat.com-foreman-proxy-1.0-1.noarch
foreman-proxy-1.5.0-0.develop.201402201704gita25e7b9.el6.noarch
dell-pem710-01.rhts.eng.bos.redhat.com-foreman-client-1.0-1.noarch
rubygem-foreman_api-0.1.11-1.el6.noarch
foreman-1.5.0-0.develop.201402250936git8cf1033.el6.noarch
rubygem-hammer_cli_foreman-0.0.18-1.el6.noarch
foreman-selinux-1.5.0-0.develop.201401221845git5f25c33.el6.noarch
rubygem-hammer_cli-0.0.18-1.el6.noarch
rubygem-hammer_cli_katello-0.0.3-1.el6.noarch


How reproducible:
always

Comment 2 Bryan Kearney 2014-03-28 20:37:31 UTC
Spaces are removed by foreman by default. That explains the first two issues. The current code does not catch .. as an invalid email.

Comment 4 Dominic Cleal 2014-05-20 12:25:48 UTC
Permitting user creation with no e-mail address is expected behaviour, as it forces the user to set one on first login.

Comment 5 Dominic Cleal 2014-05-20 12:26:18 UTC
Created redmine issue http://projects.theforeman.org/issues/5811 from this bug

Comment 7 Christine Fouant 2014-09-17 17:48:53 UTC
Okay, I've worked out a regular expression that would handle all of wiki's current definition of valid email addresses. However, I don't know that we want to accept all of these forms: specifically, the "quoted string form" which allows for special characters like spaces, backslash, etc. Essentially, we would have to get rid of the normalize_mail method if we want to do the quoted string form. It makes the validation extremely messy, and think it's such an unusual format that it is highly unlikely it would be encountered anyhow. 

I also think ignoring the direct IP address as input for the domain of the email address is wise. However, I'd like some feedback before moving forward on the code input.

Comment 8 Dominic Cleal 2014-09-18 07:13:39 UTC
This is the wrong place to request feedback - ask in the upstream community, either in a pull request or on the -dev mailing list or IRC channel.

Comment 9 Bryan Kearney 2014-09-25 16:01:34 UTC
Moving to POST since upstream bug http://projects.theforeman.org/issues/5811 has been closed
-------------
Christine Fouant
Applied in changeset commit:bd6b42715d2052c99f285dac9b919c27b36453a4.

Comment 10 Tazim Kolhar 2014-10-10 10:27:24 UTC
VERIFIED

*** This bug is verified in upstream.  This fix should eventually land in future downstream builds ***

# rpm -qa | grep foreman
foreman-gce-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch
ruby193-rubygem-foreman_discovery-1.4.0-0.1.rc4.el7.noarch
hp-bl420cgen8-01.rhts.eng.bos.redhat.com-foreman-proxy-1.0-1.noarch
foreman-compute-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch
ruby193-rubygem-foreman_hooks-0.3.7-2.el7.noarch
rubygem-hammer_cli_foreman_tasks-0.0.3-2.201409091410git163c264.git.0.988ca80.el7.noarch
foreman-release-1.7.0-0.develop.201410071158git54141ab.el7.noarch
foreman-proxy-1.7.0-0.develop.201410081229git52f0bac.el7.noarch
hp-bl420cgen8-01.rhts.eng.bos.redhat.com-foreman-client-1.0-1.noarch
foreman-ovirt-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch
ruby193-rubygem-foreman-tasks-0.6.9-1.el7.noarch
foreman-selinux-1.7.0-0.develop.201409301113git2f345de.el7.noarch
foreman-postgresql-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch
foreman-vmware-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch
ruby193-rubygem-foreman_bootdisk-4.0.0-1.el7.noarch
foreman-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch
foreman-libvirt-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch
rubygem-hammer_cli_foreman-0.1.3-1.201409191432gitc38f9c8.el7.noarch

# hammer user create --auth-source-id 1 --password testing --login user1 --mail "specialchars():;@example.com"
[Foreman] username: admin
[Foreman] password for admin: 
Could not create the user:
  Email address is invalid

# hammer user create --auth-source-id 1 --password testing --login user1 --mail 'a c e s@example.com'
[Foreman] username: admin
[Foreman] password for admin: 
Could not create the user:
  Email address is invalid


hammer user create --auth-source-id 1 --password testing --login user1 --mail 'dots..@example.com'
[Foreman] username: admin
[Foreman] password for admin: 
Could not create the user:
  Email address is invalid

Comment 11 Bryan Kearney 2015-08-11 13:31:09 UTC
This bug is slated to be released with Satellite 6.1.

Comment 12 errata-xmlrpc 2015-08-12 05:08:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:1592


Note You need to log in before you can comment on or make changes to this bug.