Hide Forgot
Since we use HTTP BASIC auth for our CLI client (which is fine - it is safe over HTTPS) we MUST NOT allow ":" character in the username. On top of that, this character MUST NOT appear in the UTF-8 encoded sequence. The reason is very simple - for HTTP BASIC AUTH the encoding scheme is base64_encode(username:password) and servers/stacks, including Rails3, just decode the stuff and then split the string into two with the limit of two. If there is a ":" character, authentication will likely fail. The very same for rhsm which also sends out HTTP BASIC headers. But jbowes confirmed me candlepin usernames are only [a-zA-Z] or something. So only Katello issue. It is easy to put a constraint for the ":" character, but if we support UTF-8 usernames, we should add one additional test when user is created. Username must not contain ":" in the clear form, and also in the UTF-8 form. So the task is to disallow usernames: a) with ":" character in the username b) with ":" character in the username UTF-8 sequence (so to read it byte by byte and to compare it against colon)
Oh I am apparently not as clever as UTF-8 encoding creators. Thank to the encoding it can never happen any sequence ever encodes a ":" byte. ;-) So we just need to check for the ":" character. Simple.
There is no need to check for colon because username is validated by [1] and can only contain alpha numerals, '_' and '-'. So we can close this bug, am I right? [1] https://github.com/Katello/katello/blob/master/src/app/models/username_validator.rb