Login impossible with umlauts im password via crowd integration

schorsch3000 commented 7 years ago

Description:

Crowd integration fails with umlauts in password

Server Setup Information:

Version of Rocket.Chat Server: 0.57.2
Operating System: Ubuntu 14.04, but i'm running the docker-container
Deployment Method(snap/docker/tar/etc): docker
Number of Running Instances: 1
DB Replicaset Oplog: none, running on a single db (while evaluating)
Node Version: what ever is shipped in the rocketchat/rocker.chat container

Steps to Reproduce:

set up crowd integration
have umlauts in your password
try to log in

Expected behavior:

i would expect login to work with umlauts in the password

Actual behavior:

login is impossible with umlauts within the password. it's surely this issue. its reproduce able with all users, in many iterations. change password to 7bit asci: works, change password to have umlauts: fail, change back to 7bit ascii: fail.

Relevant logs:

rocketchat_logger rocketchat_logger.js:377 CROWD ➔ info Init CROWD login $username rocketchat_logger rocketchat_logger.js:377 CROWD ➔ info Going to crowd: $username rocketchat_logger rocketchat_logger.js:377 CROWD ➔ error Crowd user not authenticated due to an error, falling back rocketchat_logger rocketchat_logger.js:377 CROWD ➔ info Fallback to default account system { username: '$username' }

I know about the workaround "just don't have umlauts in your password", but our it security officers it telling out employees to have "strong" passwords ans actually encourage them to use all kind of chars within their passwords.

RogerSik commented 5 years ago

With Rocket Chat Version 0.71.1 still an issue.

fbuchmeier commented 5 years ago

We are facing the same issue with the following special character:

§, Ä, Ö, Ü, ´, °, ß, ä, ö und ü

Is there anything we can do to help debug this issue?

RC 0.71.1, Ubuntu 16.04

Joseszs commented 5 years ago

Hi, We are also facing issues : Password doesn't synchronise with some characters , it works with the previous password.

In our case password with £ not sync

Anyone can help us with the list of characters not allowed? Also any update of when this can be solved?

Rocket Chat 0.72.3

Many thanks

reetp commented 5 years ago

Rocket Chat 0.72.3 ???

Please follow this: https://rocketchat.github.io/docs/contributing/reporting-issues/

"Make sure you are running the latest version of Rocket.Chat. It’s very likely simply updating will resolve your issue."

You really need to upgrade.

ITSonixcdGmbH commented 5 years ago

Hello We are experiencing the same Problems. with Rocketchat 1.3.0. And no the issue has not been dressed by the developers since it was reported.

geekgonecrazy commented 4 years ago

ITSonixcdGmbH commented 3 years ago

Crowd got TFA and the Passwords are still insecure. Crowd is capable of more than ansi passwords. We consider switching to mattermost, because people are not allowed to use certain symbols and have to keep their passwords simple. This makes Rocketchat a not very secure product in our eyes

RocketChat / Rocket.Chat