[MAGNOLIA-9191] Problem with Public Usernames containing "+" Created: 06/Aug/20  Updated: 18/Jan/24  Resolved: 24/Nov/23

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 6.2.40
Fix Version/s: 6.3.0, 6.2.41

Type: Bug Priority: Neutral
Reporter: Viet Nguyen Assignee: Khayal Musayev
Resolution: Fixed Votes: 0
Labels: SSO_and_Security_Initiative, maintenance, ready
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to MAGNOLIA-9233 Users whose name contains dots can't ... Closed
causality
is causing SECURITY-72 DuplicateUserAction issue after users... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[X]* Steps to reproduce, expected, and actual results filled
[X]* Affected version filled
Release notes required:
Yes
Date of First Response:
Epic Link: Public user registration maintenance
Team: AdminX
Work Started:
Approved:
Yes

 Description   

Steps to reproduce

  1. goto https://demopublic.magnolia-cms.com/members/registration.html
  2. use the following parameters to register:
  3. Username "test+2"
  4. password, fullname email is not changing the result.
  5. login with user "test+2" --> success
  6. goto https://demopublic.magnolia-cms.com/members/profile-update.html

Expected results

the "Update your member profile" Form is open with full details.

Actual results

the "Update your member profile" Form is empty

Workaround

No

Customer notes

debugging leads us to the point that the User is not allowed to load his UserNode.

As we use the email address as username and some systems are allowing email-addresses with "+" this problem has to be solved.

Development notes

TBD



 Comments   
Comment by Bernhard Rössler [ 19/Oct/20 ]

Hi,

could u reproduce this ISSUE?

BR,
Bernhard

Comment by Bernhard Rössler [ 27/Sep/21 ]

?

Comment by Mirek Ingr [ 03/Oct/22 ]

+1 for the plus sign to be supported as a valid character.

Reading on how to validate email addresses is here.

Comment by Khayal Musayev [ 22/Nov/23 ]

DuplicateUserAction issue after users-acl path was wrapped to ignore special characters

Generated at Mon Feb 12 04:39:25 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.