Red Hat Bugzilla – Bug 1070730
User email validation doesn't exactly match specification
Last modified: 2017-02-23 16:18:20 EST
Description of problem: hammer accepts invalid email addresses when creating users: for example: # hammer user create --auth-source-id 1 --password testing --login user1 --mail "specialchars():;@example.com" User created # hammer user create --auth-source-id 1 --password testing --login user2 --mail 's p a c e s@example.com' User created # hammer user create --auth-source-id 1 --password testing --login user3 --mail 'dots..@example.com' User created # hammer user list ID | LOGIN | NAME | EMAIL 163 | user1 | | specialchars():;@example.com 165 | user2 | | spaces@example.com 166 | user3 | | dots..@example.com and it also accepts empty string as email address: # hammer user create --login user4 --mail '' --auth-source-id 1 --password pass User created and does not accept (unusual) valid addresses (see http://en.wikipedia.org/wiki/Email_address#Valid_email_addresses): e.g.: # hammer user create --login user5 --mail '"very.unusual.@.unusual.com"@example.com' --auth-source-id 1 --password pass Could not create the user: Email address is invalid Version-Release number of selected component (if applicable): foreman-postgresql-1.5.0-0.develop.201402250936git8cf1033.el6.noarch foreman-release-1.5.0-0.develop.201402250936git8cf1033.el6.noarch dell-pem710-01.rhts.eng.bos.redhat.com-foreman-proxy-1.0-1.noarch foreman-proxy-1.5.0-0.develop.201402201704gita25e7b9.el6.noarch dell-pem710-01.rhts.eng.bos.redhat.com-foreman-client-1.0-1.noarch rubygem-foreman_api-0.1.11-1.el6.noarch foreman-1.5.0-0.develop.201402250936git8cf1033.el6.noarch rubygem-hammer_cli_foreman-0.0.18-1.el6.noarch foreman-selinux-1.5.0-0.develop.201401221845git5f25c33.el6.noarch rubygem-hammer_cli-0.0.18-1.el6.noarch rubygem-hammer_cli_katello-0.0.3-1.el6.noarch How reproducible: always
Spaces are removed by foreman by default. That explains the first two issues. The current code does not catch .. as an invalid email.
Permitting user creation with no e-mail address is expected behaviour, as it forces the user to set one on first login.
Created redmine issue http://projects.theforeman.org/issues/5811 from this bug
Okay, I've worked out a regular expression that would handle all of wiki's current definition of valid email addresses. However, I don't know that we want to accept all of these forms: specifically, the "quoted string form" which allows for special characters like spaces, backslash, etc. Essentially, we would have to get rid of the normalize_mail method if we want to do the quoted string form. It makes the validation extremely messy, and think it's such an unusual format that it is highly unlikely it would be encountered anyhow. I also think ignoring the direct IP address as input for the domain of the email address is wise. However, I'd like some feedback before moving forward on the code input.
This is the wrong place to request feedback - ask in the upstream community, either in a pull request or on the -dev mailing list or IRC channel.
Moving to POST since upstream bug http://projects.theforeman.org/issues/5811 has been closed ------------- Christine Fouant Applied in changeset commit:bd6b42715d2052c99f285dac9b919c27b36453a4.
VERIFIED *** This bug is verified in upstream. This fix should eventually land in future downstream builds *** # rpm -qa | grep foreman foreman-gce-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch ruby193-rubygem-foreman_discovery-1.4.0-0.1.rc4.el7.noarch hp-bl420cgen8-01.rhts.eng.bos.redhat.com-foreman-proxy-1.0-1.noarch foreman-compute-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch ruby193-rubygem-foreman_hooks-0.3.7-2.el7.noarch rubygem-hammer_cli_foreman_tasks-0.0.3-2.201409091410git163c264.git.0.988ca80.el7.noarch foreman-release-1.7.0-0.develop.201410071158git54141ab.el7.noarch foreman-proxy-1.7.0-0.develop.201410081229git52f0bac.el7.noarch hp-bl420cgen8-01.rhts.eng.bos.redhat.com-foreman-client-1.0-1.noarch foreman-ovirt-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch ruby193-rubygem-foreman-tasks-0.6.9-1.el7.noarch foreman-selinux-1.7.0-0.develop.201409301113git2f345de.el7.noarch foreman-postgresql-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch foreman-vmware-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch ruby193-rubygem-foreman_bootdisk-4.0.0-1.el7.noarch foreman-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch foreman-libvirt-1.7.0-0.develop.201410081938git1cf31c6.el7.noarch rubygem-hammer_cli_foreman-0.1.3-1.201409191432gitc38f9c8.el7.noarch # hammer user create --auth-source-id 1 --password testing --login user1 --mail "specialchars():;@example.com" [Foreman] username: admin [Foreman] password for admin: Could not create the user: Email address is invalid # hammer user create --auth-source-id 1 --password testing --login user1 --mail 'a c e s@example.com' [Foreman] username: admin [Foreman] password for admin: Could not create the user: Email address is invalid hammer user create --auth-source-id 1 --password testing --login user1 --mail 'dots..@example.com' [Foreman] username: admin [Foreman] password for admin: Could not create the user: Email address is invalid
This bug is slated to be released with Satellite 6.1.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:1592