Bug 663722 - passwords do not seem to allow special characters?
passwords do not seem to allow special characters?
Status: CLOSED CURRENTRELEASE
Product: RHQ Project
Classification: Other
Component: Core UI (Show other bugs)
4.0.0.B02
Unspecified Unspecified
high Severity medium (vote)
: ---
: ---
Assigned To: Charles Crouch
Mike Foley
:
Depends On:
Blocks: rhq41 rhq41-ui
  Show dependency treegraph
 
Reported: 2010-12-16 11:50 EST by John Mazzitelli
Modified: 2015-02-01 18:26 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-09-03 13:00:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Mazzitelli 2010-12-16 11:50:38 EST
Create a new user and make the password: ~!@#$%^&*()_+

(just hold the shift key and move left-to-right along the top row of a US keyboard)

Try to log in as the new user with that new password. It fails to log in for me.

Now change the password to something simple (I used six 'a' characters: aaaaaa).

Try to log in again. This is OK for me and logs me in successfully.

Something might be wrong with special characters in a password???
Comment 1 John Mazzitelli 2010-12-16 11:51:57 EST
assigning to ips since he knows all about the new gwt add-user functionality
Comment 2 Ian Springer 2011-08-18 11:15:05 EDT
[master fe95a5a] fixes this. In LoginView.login(), we needed to URL-encode the username and password in the body of the POST request sent to authenticate with portal-war.

To QA this, try changing some user's password to "%%%%%%" and then trying to login as that user.
Comment 3 John Mazzitelli 2011-08-19 09:48:56 EDT
(In reply to comment #2)
> To QA this, try changing some user's password to "%%%%%%" and then trying to
> login as that user.

QA should not just test with that one special character. Test with my replication procedure to test that we support all those special characters (or more if QA wants):

"Create a new user and make the password: ~!@#$%^&*()_+
(just hold the shift key and move left-to-right along the top row of a US
keyboard)"
Comment 4 Venkat 2011-08-19 10:05:06 EDT
Tested on the build#306(Version: 4.1.0-SNAPSHOT Build Number: c5c70b8)

Created a new user with the password: ~!@#$%^&*()_+     and tried to login with the user created. It's not allowing me to login to RHQ. It shows a message "The username or password provided does not match our records." at login screen.

Moving to ON_DEV.
Comment 5 Ian Springer 2011-08-19 10:50:08 EDT
Good call, Mazz. I was using URL.encode() to encode the username and password, but should have been using URL.encodeComponent(), which also encodes URL delimiters such as '?' and '&'. [master a2489d6] should put this to bed.
Comment 7 Heiko W. Rupp 2013-09-03 13:00:54 EDT
Bulk closing of old issues that are in VERIFIED state.

Note You need to log in before you can comment on or make changes to this bug.