Bug 1126731 - UI should throw proper validation error while updating some params with any random value(like utf-8 or -ve values)
Summary: UI should throw proper validation error while updating some params with any r...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Settings
Version: 6.0.4
Hardware: Unspecified
OS: Unspecified
medium
low vote
Target Milestone: Unspecified
Assignee: Ondřej Pražák
QA Contact: Sanket Jagtap
URL: http://projects.theforeman.org/issues...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-05 07:25 UTC by Sachin Ghai
Modified: 2019-04-01 20:27 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 19:57:43 UTC


Attachments (Terms of Use)
param 'libvirt_default_console_address' and 'remote_addr' updated with utf8 chars (38.61 KB, image/png)
2014-08-05 07:25 UTC, Sachin Ghai
no flags Details
parameters whose value should be an url can contain utf8 chars (58.94 KB, image/png)
2014-08-05 07:30 UTC, Sachin Ghai
no flags Details
Trusted Puppet master screenshot (118.03 KB, image/png)
2016-06-01 11:30 UTC, Sanket Jagtap
no flags Details
more options that requires checks (email) (56.03 KB, image/png)
2016-06-01 11:31 UTC, Sanket Jagtap
no flags Details


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 6924 None None None 2016-04-22 16:52:45 UTC

Description Sachin Ghai 2014-08-05 07:25:42 UTC
Created attachment 924115 [details]
param 'libvirt_default_console_address' and 'remote_addr' updated with utf8 chars

Description of problem:
I'm bit confused with the validation around the parameter those should contain a valid URL as a value or an IP address as a value.

For example:

if I update "unattended_url" parameter under provisioning tab with utf8 characters then UI throws error "Value must be a valid URI"

Similarly, If I update following params, with any value, UI doesn't raise any error:

- login_delegation_logout_url : accepts all values (-ve value, null values, utf-8, latin-1, html etc)

- signo_url: accepts all values (-ve value, null values, utf-8, latin-1, html etc)

- trusted_puppetmaster_hosts : Since its accepts value in an array, so I can add any value (-ve, null, html) between [].


Also, the parameters whose value can be a IP address should also be validated before accepting the value.

libvirt_default_console_address: accepts all values (-ve value, null values, utf-8, latin-1, html etc)

remote_addr: accepts all values (-ve value, null values, utf-8, latin-1, html etc)


Version-Release number of selected component (if applicable):
sat6 GA snap3

How reproducible:
always

Steps to Reproduce:
1. update all above mentioned parameters under settings menu with some unknown random value.
2.
3.

Actual results:
No validation around above parameters. User can edit all these parameters with any value. A parameter whose value should be only a URL can accept anything. or a param whose value should be an IP address can accept utf8 characters. 

Expected results:
Proper validation needs to be placed for parameters. As soon as user input any value, it should be validated by UI and user should get an error message if its a invalid value.

Additional info:

Comment 1 Sachin Ghai 2014-08-05 07:30:22 UTC
Created attachment 924116 [details]
parameters whose value should be an url can contain utf8 chars

Comment 3 Dominic Cleal 2014-08-05 08:00:18 UTC
Created redmine issue http://projects.theforeman.org/issues/6924 from this bug

Comment 4 Bryan Kearney 2015-08-25 17:59:50 UTC
Upstream bug component is Provisioning

Comment 5 Bryan Kearney 2015-09-02 17:23:09 UTC
Upstream bug component is Settings

Comment 6 Bryan Kearney 2016-03-14 18:14:02 UTC
Moving to POST since upstream bug http://projects.theforeman.org/issues/6924 has been closed
-------------
Ondřej Pražák
Applied in changeset commit:7339369dc896aa9eb3c0bdc1af7992dd6268acfd.

Comment 7 Sanket Jagtap 2016-06-01 11:30:02 UTC
Created attachment 1163585 [details]
Trusted Puppet master screenshot

Issue still persists in Trusted Puppet master hosts options.
No validation for parameters.

and other options that were not validated are 

Administrator email address
Email reply address
root password in provisioning settings

attached screenshots of the same.

Comment 8 Sanket Jagtap 2016-06-01 11:31:10 UTC
Created attachment 1163586 [details]
more options that requires checks (email)

Comment 9 Sanket Jagtap 2016-06-01 11:32:09 UTC
Build :Satellite 6.2 snap13.1

Comment 10 Ondřej Pražák 2016-06-02 11:08:59 UTC
Could you elaborate on what characters should be accepted in the root password? Should it be ascii only?

Comment 11 Sanket Jagtap 2016-06-06 15:51:53 UTC
Sorry for hasty comment ,
rechecked the facts , root password can contain other char-set.

Comment 12 Ondřej Pražák 2016-06-10 07:49:00 UTC
Pending PR for upstream that validates Administrator email address, Email reply address and Trusted puppetmaster hosts:

https://github.com/theforeman/foreman/pull/3583

Comment 14 Zach Huntington-Meath 2016-07-21 18:33:20 UTC
As the upstream commit has been merged I'm going to change the status to Post.

Comment 16 Bryan Kearney 2017-08-01 19:57:43 UTC
The fix to this bug will be delivered with release 6.3 of Satellite.


Note You need to log in before you can comment on or make changes to this bug.