Bug 1309566 - Username is untrimmed with all leading and trailing white space
Summary: Username is untrimmed with all leading and trailing white space
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: apiserver-auth
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: Jordan Liggitt
QA Contact: weiwei jiang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-18 07:05 UTC by XiaochuanWang
Modified: 2019-03-29 15:47 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-05-12 17:09:29 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description XiaochuanWang 2016-02-18 07:05:27 UTC
Description of problem:
login using same user name but with white space in the string are mapped to different uid. 
i.e. "user" " user" and "user " are mapped to different uid. 

Version-Release number of selected component (if applicable):
# oc version
oc v1.1.3-32-g5ab601a
kubernetes v1.2.0-alpha.7-703-gbc4550d

How reproducible:
Always

Steps to Reproduce:
1. Use AllowAllPasswordIdentityProvider for identityProviders in the master-config
2. Login using same user name, but with white space in leading or tailing of the string
3. After login successful, `oc get user` by cluster-admin 

Actual results:
There are 3 different users and UIDs, "xiaocwan", " xiaocwan" and "xiaocwan " as below
# oc get user
NAME                   UID                                    FULL NAME             IDENTITIES
 xiaocwan   bd7a6388-d604-11e5-8f9d-fa163eca4dd1                         my_allow_provider: xiaocwan
xiaocwan    e01a3b97-d540-11e5-9879-fa163eca4dd1   xiaocwan   LDAPauth:uid=xiaocwan,ou=People,dc=my-domain,dc=com
xiaocwan    64bee42e-d606-11e5-8048-fa163eca4dd1                         my_allow_provider:xiaocwan 
                   my_allow_provider:xiaocwan 


Expected results:
There should be one unique user name and uid which stripped white space


Additional info:

Comment 1 Jordan Liggitt 2016-02-18 15:07:52 UTC
The current behavior is actually more correct in the general case... OpenShift should not make assumptions about what the identity provider considers significant in its usernames.

The AllowAllPasswordIdentityProvider is likely to be the only identity provider this is an issue for.

- HTPasswd requires an exact match between the entered username and the user
- LDAP reads the preferred username from an LDAP attribute, which normalizes it
- BasicAuth reads the preferred username from the remote response, which normalizes it
- RequestHeader reads the username from a request header, not what the user entered

Comment 2 Jordan Liggitt 2016-02-20 15:19:14 UTC
Fixed in https://github.com/openshift/origin/pull/7425

Comment 3 XiaochuanWang 2016-02-22 02:02:12 UTC
This is not reproduced on devenv-rhel7_3500
Login with white space in user name as the trimmed user, there is only one user and user id is unique.

oc v1.1.3-170-g14b50fd
kubernetes v1.2.0-alpha.7-703-gbc4550d


Note You need to log in before you can comment on or make changes to this bug.