Bug #4396
Authentication is OK and new account are created when using a wildcard caracter “*” and/or “?” in login
| Status: | Closed | Start date: | 04/08/2016 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Jaime Melis | % Done: | 0% | |
| Category: | Sunstone | |||
| Target version: | Release 5.0 | |||
| Resolution: | fixed | Pull request: | ||
| Affected Versions: | OpenNebula 4.14 |
Description
Hello,
A user made a typo when login on Sunstone and add a * to her login:
- the authentication was successful, which shouldn't
- a new account named
user*was registered
I made some test and the * characters can be used anywhere in the login, but the ? character works only at the end of the login
| Login | Authentication |
|---|---|
*testuser |
OK |
test*user |
OK |
testuser? |
OK |
*test*user? |
OK |
?testuser |
NOK |
test?user |
NOK |
Associated revisions
Bug #4396: Escape filtering symbols when looking for a user
History
#1
Updated by EOLE Team about 5 years ago
To complete the report, the authentication is ldap.
#2
Updated by Ruben S. Montero about 5 years ago
- Status changed from Pending to New
- Target version set to Release 5.0
#3
Updated by Carlos Martín about 5 years ago
- Assignee set to Jaime Melis
#4
Updated by Carlos Martín about 5 years ago
- Status changed from New to Closed
- Resolution set to fixed
#5
Updated by Rolandas Naujikas about 4 years ago
There also we have problem with space (blank) characters before or after username.
We found some users in our opennebula db as %20user or user%20.
After investigation we found this bug report and incomplete fix.
I'm not sure, but FILTER_ESCAPES could contain this to fix space/blank character:
'\ ' => '20',
I'm not sure if it is correct fix, but at least in our LDAP there are no users with space/blank characters in username (as uid).
There could be problems with LDAP authentification if for e.g. cn is used, which usually have spaces inside (for e.g. Last name + First name).