909475 – [RFE] Username field should have special character restrictions

Bug 909475 - [RFE] Username field should have special character restrictions

Summary: [RFE] Username field should have special character restrictions

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Subscription Asset Manager
Classification:	Retired
Component:	katello
Sub Component:
Version:	1.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Katello Bug Bin
QA Contact:	sthirugn@redhat.com
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-02-08 21:16 UTC by sthirugn@redhat.com
Modified:	2017-06-26 20:33 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2017-06-26 20:33:51 UTC
Embargoed:

Attachments	(Terms of Use)

Description sthirugn@redhat.com 2013-02-08 21:16:43 UTC

Description of problem:
Username is accepting all special characters.  There should be some restriction on the type of special characters it can take.

Version-Release number of selected component (if applicable):
* candlepin-0.7.23-1.el6_3.noarch
* candlepin-cert-consumer-qeblade6.rhq.lab.eng.bos.redhat.com-1.0-1.noarch
* candlepin-tomcat6-0.7.23-1.el6_3.noarch
* elasticsearch-0.19.9-5.el6_3.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.2.1-1h.el6_3.noarch
* katello-cli-1.2.1-12h.el6_3.noarch
* katello-cli-common-1.2.1-12h.el6_3.noarch
* katello-common-1.2.1-15h.el6_3.noarch
* katello-configure-1.2.3-3h.el6_3.noarch
* katello-glue-candlepin-1.2.1-15h.el6_3.noarch
* katello-headpin-1.2.1-15h.el6_3.noarch
* katello-headpin-all-1.2.1-15h.el6_3.noarch
* katello-selinux-1.2.1-2h.el6_3.noarch
* thumbslug-0.0.28-1.el6_3.noarch
* thumbslug-selinux-0.0.28-1.el6_3.noarch

How reproducible:
Always

Steps to Reproduce:
1. Create a new user 
  
Actual results:
Observe the Username field accepting all special characters like comma, ', ", <, >, ~, etc

Expected results:
There should be restriction in type of special characters the username can accept.

Additional info:
Suggestion: It is good to block any special characters other than . or @ for Usernames
Note: This bug was introduced with https://bugzilla.redhat.com/show_bug.cgi?id=813291

Comment 2 Justin Sherrill 2013-02-12 21:50:00 UTC

So email address can contain a good number of 'special characters'  we should validate it against that set.  It looks like '<' & '>'  are not valid, but many others are.

Comment 3 sthirugn@redhat.com 2013-03-27 15:45:46 UTC

Verified.  Now, there is a restriction on user names to be created with the html special characters: < > /

Version Tested:
* candlepin-0.7.24-1.el6_3.noarch
* candlepin-selinux-0.7.24-1.el6_3.noarch
* candlepin-tomcat6-0.7.24-1.el6_3.noarch
* elasticsearch-0.19.9-5.el6_3.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.2.1-1h.el6_3.noarch
* katello-cli-1.2.1-12h.el6_3.noarch
* katello-cli-common-1.2.1-12h.el6_3.noarch
* katello-common-1.2.1.1-1h.el6_4.noarch
* katello-configure-1.2.3.1-4h.el6_4.noarch
* katello-glue-candlepin-1.2.1.1-1h.el6_4.noarch
* katello-headpin-1.2.1.1-1h.el6_4.noarch
* katello-headpin-all-1.2.1.1-1h.el6_4.noarch
* katello-selinux-1.2.1-2h.el6_3.noarch
* thumbslug-0.0.28.1-1.el6_4.noarch
* thumbslug-selinux-0.0.28.1-1.el6_4.noarch

Comment 4 Bryan Kearney 2017-06-26 20:33:51 UTC

The release of Satellite 5.8 we are deprecating the support of Subscription Asset Manager. The release notes for 5.8 can be found at https://access.redhat.com/documentation/en-us/red_hat_satellite/5.8/pdf/release_notes/Red_Hat_Satellite-5.8-Release_Notes-en-US.pdf.

I am therefore closing out this bug as WONTFIX. If you believe this to be an error, please feel free tor each out to either Rich Jerrido or Bryan Kearney. Thank you!

Note You need to log in before you can comment on or make changes to this bug.