Uploaded image for project: 'PhenoTips'
  1. PT-3927

Push code should handle usernames with extra leading and/or trailing spaces correctly

    Details

    • Sprint:

      Description

      Apparently XWiki code authorizes usernames which have extra leading or trailing spaces (easy test: add a space to a valid username for any PT instance, it will let that user login) (update: actually, extra spaces anywhere are allowed, including in the middle)

      Push code assumes that if a user managed to log in, the username is correct, and tries to create a user object and assign it as patient owner based on the provided username. Apparently that username may have some extra white-spaces, which does not work when retrieving corresponding internal user object, which leads to patients being owned by no one.

      The fix is to only accept usernames that can be used to retrieve User objects.

        Attachments

          Activity

            People

            • Assignee:
              asm Andriy Misyura
              Reporter:
              asm Andriy Misyura
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: