Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#8878 closed (duplicate)

Authentication in the admin should not make any assumptions on valid user names

Reported by: jdetaeye Owned by: nobody
Component: contrib.admin Version: master
Severity: Keywords: authentication
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


When the user authentication with all configured authentication backend fails, the admin application adds some additional checks when the user name contains the character @.

This does't make sense: the admin application can't know what is a valid user name for the backends. For some backends a @ in the user name may well be valid.

Attachments (1)

login_message.patch (1.3 KB) - added by jdetaeye 6 years ago.
simple fix

Download all attachments as: .zip

Change History (3)

Changed 6 years ago by jdetaeye

simple fix

comment:1 follow-up: Changed 6 years ago by ubernostrum

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #8342 and #7591. In the future, please search for existing tickets before filing a new one.

comment:2 in reply to: ↑ 1 Changed 6 years ago by jdetaeye

Replying to ubernostrum:

Duplicate of #8342 and #7591. In the future, please search for existing tickets before filing a new one.

Sorry about not having searched well enough for an existing ticket.

However, I don't agree with the resolution on the duplicate (and closed) tickets. In this case it is 100% clear that the admin application is doing tasks which are clearly outside it's domain. It violates the design of truely pluggable authentication backends.
The argumentation used to close these tickets is flaky...

Add Comment

Modify Ticket

Change Properties
<Author field>
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.