Closed LucaCinquini closed 7 years ago
LucaCinquini
commented
7 years ago I excluded + from the list of allowed characters. I can't reproduce the 500 error though - when I submit an invalid character, I get a standard error message in red (see picture). Can you tell me what data you used to get a 500 error ? thanks, Luca
LucaCinquini
commented
7 years ago 
murphysj
commented
7 years ago I tested this at the CU node.
a) created an account called sylvia+murphy
b) when I tried to login using the full Openid, I received an error saying the IDP could not be found
c) when I selected ESRL from the pull down menu and entered the username and password in the two boxes, I received the 500 error
LucaCinquini
commented
7 years ago Right, but if the + character is not allowed in the username, yo won’t be able to create an openid, and then you will not get a 500 error in the IdP, correct ? thanks, L
On Oct 14, 2016, at 3:20 PM, Sylvia Murphy notifications@github.com wrote:
I tested this at the CU node.
a) created an account called sylvia+murphy b) when I tried to login using the full Openid, I received an error saying the IDP could not be found https://cloud.githubusercontent.com/assets/1512704/19402965/7a67623e-9221-11e6-9128-fff85f4d251d.png c) when I selected ESRL from the pull down menu and entered the username and password in the two boxes, I received the 500 error https://cloud.githubusercontent.com/assets/1512704/19403022/be41d1c4-9221-11e6-97cb-3eeed09a5c7b.png — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/EarthSystemCoG/COG/issues/1334#issuecomment-253922408, or mute the thread https://github.com/notifications/unsubscribe-auth/AAm4g4shRmXM_dW4YivDndNn4k4KDuJpks5qz_IigaJpZM4KWAON.
murphysj
commented
7 years ago you were trying to reproduce the error before your changes though correct, to reproduce the 500 error she got.
if you can never get to creating an openid with a + sign, it is not a reproducible issue, which you said you had?
On Fri, Oct 14, 2016 at 3:43 PM, Luca Cinquini notifications@github.com wrote:
Right, but if the + character is not allowed in the username, yo won’t be able to create an openid, and then you will not get a 500 error in the IdP, correct ? thanks, L
On Oct 14, 2016, at 3:20 PM, Sylvia Murphy notifications@github.com wrote:
I tested this at the CU node.
a) created an account called sylvia+murphy b) when I tried to login using the full Openid, I received an error saying the IDP could not be found https://cloud.githubusercontent.com/assets/1512704/19402965/7a67623e- 9221-11e6-9128-fff85f4d251d.png c) when I selected ESRL from the pull down menu and entered the username and password in the two boxes, I received the 500 error https://cloud.githubusercontent.com/assets/1512704/19403022/be41d1c4- 9221-11e6-97cb-3eeed09a5c7b.png — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/ EarthSystemCoG/COG/issues/1334#issuecomment-253922408, or mute the thread https://github.com/notifications/unsubscribe-auth/AAm4g4shRmXM_ dW4YivDndNn4k4KDuJpks5qz_IigaJpZM4KWAON.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/EarthSystemCoG/COG/issues/1334#issuecomment-253927018, or mute the thread https://github.com/notifications/unsubscribe-auth/ABcVADHwVDn5Urg2yloha9Mlv0ApbeN5ks5qz_eUgaJpZM4KWAON .
Sylvia Murphy NESII/CIRES/NOAA Earth System Research Laboratory 325 Broadway, Boulder CO 80305 Time Zone: U.S. Mountain Web: http://www.esrl.noaa.gov/nesii/ Email: sylvia.murphy@noaa.gov Phone: 303-497-7753
LucaCinquini
commented
7 years ago Hi Sylvia, can you please try to create a username with some bad characters and see if you get an error message or a crash ? I get an error message, see screen shot.
LucaCinquini
commented
7 years ago 
LucaCinquini
commented
7 years ago You can try on cu-dev after I deploy...
murphysj
commented
7 years ago I can't test because cu-dev does not have its own IDP...it defaults to ESRL. I tested this locally a while back though and got the appropriate error message.
Who: Katharina
Today a user reported login issues with a OpenID that includes a "+". I have tried myself and can confirm this issue. All other allowed special characters are working fine ("@", ".", "-", "_").
The user is added correctly to the ESGF and CoG DB and I don't have any error message in the apache logs.
Please see below for the errors in my tomcat logs.
Is this something that could be fixed or should we just disallow "+" in usernames?
In addition, if I try to register for a new OpenID and use a not allowed special character the registration results is error 500. Would it be possible to have a warning instead?