search

NCEAS / metacat

Data repository software that helps researchers preserve, share, and discover data
https://knb.ecoinformatics.org/software/metacat
GNU General Public License v2.0
26 stars 12 forks source link

ldapweb.cgi crashes with invalid password characters #760

Closed mbjones closed 5 years ago

mbjones commented 6 years ago

Author Name: Shaun Walbridge (Shaun Walbridge) Original Redmine Issue: 5243, https://projects.ecoinformatics.org/ecoinfo/issues/5243 Original Date: 2010-11-16 Original Assignee: Jing Tao

Some characters cause the account creation process to fail out, and return a blank page to the user instead of the expected error. Noticed by Jim while assisting some folks to get set up with Morpho, on the production site at: http://knb.ecoinformatics.org/knb/cgi-bin/ldapweb.cgi?cfg=knb

mbjones commented 6 years ago

Original Redmine Comment Author Name: Redmine Admin (Redmine Admin) Original Date: 2013-03-27T21:29:44Z

Original Bugzilla ID was 5243

mbjones commented 6 years ago

Original Redmine Comment Author Name: ben leinfelder (ben leinfelder) Original Date: 2013-04-08T20:38:23Z

Jim -- do you remember which characters?

mbjones commented 6 years ago

Original Redmine Comment Author Name: Nick Brand (Nick Brand) Original Date: 2013-04-08T21:05:22Z

Resetting passwords fails silently, leaving users without a way to login.

Until it's fixed there should be a warning not to use the characters which don't work.

mbjones commented 6 years ago

Original Redmine Comment Author Name: ben leinfelder (ben leinfelder) Original Date: 2013-09-10T22:43:34Z

Jing - would be great if we can check for some special characters and fail gracefully if their password uses ones that cannot be saved in LDAP.

mbjones commented 6 years ago

Original Redmine Comment Author Name: ben leinfelder (ben leinfelder) Original Date: 2013-10-02T17:55:22Z

While we do allow someone to create an account with special characters as the password, I am unable to login using the password. Tested with password: 所長願景

Perhaps we can just give people guidelines about using simple ASCII passwords?

mbjones commented 6 years ago

Original Redmine Comment Author Name: Jing Tao (Jing Tao) Original Date: 2013-10-02T17:58:28Z

I agree to add guidelines for users.

mbjones commented 6 years ago

Original Redmine Comment Author Name: Jing Tao (Jing Tao) Original Date: 2013-10-02T18:36:10Z

move it to 2.2.1

mbjones commented 5 years ago

Registry is deprecated, so closing all registry tickets.