Description of problem: If the password of any CFME user contains an accent character e.g. from French or Czech (š, č, ř, ...), user is not able to login, no message is given by UI, nothing is captured in evm.log, api.log, production.log, audit.log or automation.log (even on debug level). Same behavior we can observe, if the accent character is used in wrong password - no message about invalid password in GUI, no record in the logs. Only infinite loading spinning wheel animation, sometimes the page just refreshes. From the web browser debug it seems that the password sending is blocked on browser level ~~~ InvalidCharacterError: String contains an invalid character application-8300ac8b714be2ce58b31b99836d1bc030e4067369d809b2eb38e05d76d9ed34.js:390 e.login https://t7/assets/application-8300ac8b714be2ce58b31b99836d1bc030e4067369d809b2eb38e05d76d9ed34.js:390:21074 miqAjaxAuth https://t7/assets/application-8300ac8b714be2ce58b31b99836d1bc030e4067369d809b2eb38e05d76d9ed34.js:3:4466 onclick ~~~ Version-Release number of selected component (if applicable): Tested on CFME 5.8.2.3 How reproducible: 100% Steps to Reproduce: Scenario 1. Create CFME user with password containing language specific character and try to login with it. Scenario 2. Just put any language specific character in the CFME login page password field and click login (as a wrong password) Actual results: Infinite loading spinning wheel animation, no message in GUI, no message in logs. Expected results: 1) In case of correct password user able to login, in case of wrong password message in GUI and logs OR 2) Block the ability to set the user password containing language specific characters and in case of such a character in wrong password, there should be a message in GUI and logs like for any wrong password. Additional info: From the web browser debug: ~~~ InvalidCharacterError: String contains an invalid character application-8300ac8b714be2ce58b31b99836d1bc030e4067369d809b2eb38e05d76d9ed34.js:390 e.login https://t7/assets/application-8300ac8b714be2ce58b31b99836d1bc030e4067369d809b2eb38e05d76d9ed34.js:390:21074 miqAjaxAuth https://t7/assets/application-8300ac8b714be2ce58b31b99836d1bc030e4067369d809b2eb38e05d76d9ed34.js:3:4466 onclick ~~~
*** Bug 1527317 has been marked as a duplicate of this bug. ***
Are these uses in database users, or are using some sort of LDAP auth?
(In reply to Matt Pusateri from comment #3) > Are these uses in database users, or are using some sort of LDAP auth? Hi, in this case local user (in database) but it doesn't really matter. You can hit this issue just by e.g. typing any French or Czech accent character into password field. It doesn't have to be correct password. There is no communicatione between the client side and the server itself it is blocked by the user end of the app as you can see here (from my reproducer): From the web browser debug: ~~~ InvalidCharacterError: String contains an invalid character application-8300ac8b714be2ce58b31b99836d1bc030e4067369d809b2eb38e05d76d9ed34.js:390 e.login https://t7/assets/application-8300ac8b714be2ce58b31b99836d1bc030e4067369d809b2eb38e05d76d9ed34.js:390:21074 miqAjaxAuth https://t7/assets/application-8300ac8b714be2ce58b31b99836d1bc030e4067369d809b2eb38e05d76d9ed34.js:3:4466 onclick ~~~
Created attachment 1380057 [details] Looks like this issue is not isolated to the SUI
New commits detected on ManageIQ/manageiq-ui-classic/master: https://github.com/ManageIQ/manageiq-ui-classic/commit/1964cfc54fe0167026899089dda54ea84d4aea21 commit 1964cfc54fe0167026899089dda54ea84d4aea21 Author: Martin Hradil <mhradil> AuthorDate: Mon Mar 26 12:28:12 2018 -0400 Commit: Martin Hradil <mhradil> CommitDate: Mon Mar 26 12:28:12 2018 -0400 base64encode - a utf-8 aware btoa implementation `window.btoa("sněhulák")` fails on InvalidCharacterError: String contains an invalid character because it only expects latin1 chars We need to base64 encode the login:password pair even when the password uses non-latin1 chars :) Implementation adapted from https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding#Solution_2_%E2%80%93_rewrite_the_DOMs_atob()_and_btoa()_using_JavaScript's_TypedArrays_and_UTF-8 https://bugzilla.redhat.com/show_bug.cgi?id=1527316 app/javascript/packs/compat-common.js | 8 + package.json | 2 + 2 files changed, 10 insertions(+) https://github.com/ManageIQ/manageiq-ui-classic/commit/6a0688bdc591be091cbb0cd822c9e827a9031745 commit 6a0688bdc591be091cbb0cd822c9e827a9031745 Author: Martin Hradil <mhradil> AuthorDate: Mon Mar 26 12:30:07 2018 -0400 Commit: Martin Hradil <mhradil> CommitDate: Mon Mar 26 12:30:07 2018 -0400 miq_api - use utf8 aware base64encode instead of window.btoa Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1527316 app/assets/javascripts/miq_api.js | 2 - 1 file changed, 2 deletions(-)
New commits detected on ManageIQ/manageiq-ui-service/master: https://github.com/ManageIQ/manageiq-ui-self_service/commit/83273df13bd34afc633a07141450307c3c7719dc commit 83273df13bd34afc633a07141450307c3c7719dc Author: Martin Hradil <mhradil> AuthorDate: Mon Mar 26 12:45:15 2018 -0400 Commit: Martin Hradil <mhradil> CommitDate: Mon Mar 26 12:45:15 2018 -0400 Remove angular-base64 suffers from the same problem as window.btoa - can't handle unicode strings https://bugzilla.redhat.com/show_bug.cgi?id=1527316 client/app.js | 1 - client/app/core/authentication-api.factory.js | 2 +- client/app/core/core.module.js | 1 - package.json | 1 - yarn.lock | 6 - 5 files changed, 1 insertion(+), 10 deletions(-) https://github.com/ManageIQ/manageiq-ui-self_service/commit/c635a8a52473342b948269985d97a4371e152e11 commit c635a8a52473342b948269985d97a4371e152e11 Author: Martin Hradil <mhradil> AuthorDate: Mon Mar 26 12:46:17 2018 -0400 Commit: Martin Hradil <mhradil> CommitDate: Mon Mar 26 12:46:17 2018 -0400 base64encode - a utf-8 aware base64encode implementation `window.btoa("sněhulák")` fails on InvalidCharacterError: String contains an invalid character because it only expects latin1 chars `$base64.encode` from `angular-base64` has the same problem. We need to base64 encode the login:password pair even when the password uses non-latin1 chars :) Implementation adapted from https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding#Solution_2_%E2%80%93_rewrite_the_DOMs_atob()_and_btoa()_using_JavaScript's_TypedArrays_and_UTF-8 https://bugzilla.redhat.com/show_bug.cgi?id=1527316 client/app/core/authentication-api.factory.js | 9 + package.json | 2 + yarn.lock | 8 +- 3 files changed, 17 insertions(+), 2 deletions(-) https://github.com/ManageIQ/manageiq-ui-self_service/commit/bdbc83b28fee51d20a37d3de7022e90a4d4b2bf6 commit bdbc83b28fee51d20a37d3de7022e90a4d4b2bf6 Author: Martin Hradil <mhradil> AuthorDate: Mon Mar 26 12:46:47 2018 -0400 Commit: Martin Hradil <mhradil> CommitDate: Mon Mar 26 12:46:47 2018 -0400 AuthenticationAPI - use utf8 aware base64encode instead of $base64.encode Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1527316 client/app/core/authentication-api.factory.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Verified release: 5.9.2.2.20180410215257_6961422 Tested logging in with passwords such as ê, ã, ñ. Verified using the auth:database
*** Bug 1579501 has been marked as a duplicate of this bug. ***
Closing this as its already been verified in two z-streams and has test coverage around it.