Bug 978622 - No validation on username in Administration user management
Summary: No validation on username in Administration user management
Status: CLOSED DUPLICATE of bug 978618
Alias: None
Product: Zanata
Classification: Retired
Component: Authentication-Internal
Version: development
Hardware: All
OS: All
unspecified
medium
Target Milestone: ---
: ---
Assignee: Isaac Rooskov
QA Contact: Ding-Yi Chen
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-06-27 00:22 UTC by Damian Jansen
Modified: 2015-08-06 05:55 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2013-06-28 01:51:06 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Damian Jansen 2013-06-27 00:22:31 UTC 
Description of problem:
The registration form for Zanata has input validation, i.e. restricts to lowercase letters and digits. The Account Details management form does not, and allows the saving of any characters as part of the username.

Version-Release number of selected component (if applicable):
Dev

How reproducible:
Easily, Always

Steps to Reproduce:
1. Click menu More, then Register
2. Enter user+++== in the username field
3. Note the error displayed
4. Log in as an administrator
5. Select menu More, Administration, Manage Users
6. Click Edit on a user
7. Enter user+++== in the username field
8. No validation message
9. Click Save
10. user+++== is saved

Actual results:
Username is accepted, bad characters and all

Expected results:
Username rejected

Additional info:
Comment 1 Damian Jansen 2013-06-27 00:25:28 UTC 
It appears that the user cannot log in with this username, changing it back to something acceptable works again.
Comment 2 Damian Jansen 2013-06-28 01:51:06 UTC 
Unintended feature, bug is deemed duplicate of 978618.

*** This bug has been marked as a duplicate of bug 978618 ***
Note You need to log in before you can comment on or make changes to this bug.