We're updating the issue view to help you get more done. 

Push code should handle usernames with extra leading and/or trailing spaces correctly

Description

Apparently XWiki code authorizes usernames which have extra leading or trailing spaces (easy test: add a space to a valid username for any PT instance, it will let that user login) (update: actually, extra spaces anywhere are allowed, including in the middle)

Push code assumes that if a user managed to log in, the username is correct, and tries to create a user object and assign it as patient owner based on the provided username. Apparently that username may have some extra white-spaces, which does not work when retrieving corresponding internal user object, which leads to patients being owned by no one.

The fix is to only accept usernames that can be used to retrieve User objects.

Environment

None

Status

Assignee

Andrew Misyura

Reporter

Andrew Misyura

Labels

None

External issue ID

None

External issue ID

None

Components

Fix versions

Affects versions

1.4.3
1.3.9

Priority

Medium