MAAS

Cannot login using password with '+' character

Bug #1861952 reported by Adam Beeman on 2020-02-05

260

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	MAAS	Fix Released	Critical	Caleb Ellis	MAAS 2.7.0rc4
	maas-ui	Fix Released	Unknown	maas-ui-bugs #751

Bug Description

I installed MAAS 2.7.0~rc2 from the 2.7 PPA and I've tried creating users with different passwords in them... the passwords with a '+' character in them don't work.

I haven't had this problem in earlier releases.

Tags:

Lilyana Videnova (lilyanavidenova) on 2020-02-05

Changed in maas:
status:	New → Confirmed
importance:	Undecided → Medium
assignee:	nobody → Caleb Ellis (caleb-ellis)

Adam Collard (adam-collard) on 2020-02-05

tags:

added: ui

Revision history for this message

Lilyana Videnova (lilyanavidenova) wrote on 2020-02-05:

Can you help us reproduce this bug? What steps did you take?

Revision history for this message

Caleb Ellis (caleb-ellis) wrote on 2020-02-05:

I'm not certain this is a UI issue. I can successfully create a user with a password that has "+" characters in it. Here's a pastebing of the websocket messages sent and received when adding a user over the UI.

https://pastebin.canonical.com/p/2DMntYJvdp/

Revision history for this message

Adam Beeman (abeeman) wrote on 2020-02-05:

I can create the user with a '+' in the password or use the CLI to change a password to it, but when I tried to log into it on the UI, it wouldn't let me until I changed it to something else.

Revision history for this message

Adam Beeman (abeeman) wrote on 2020-02-06:

To reproduce this: log into the web dashboard go to the Users section of the settings and create a new user (doesn't have to be an admin) and set a password which is at least 8 characters and includes the + character. Then log out. Try to log in as that user. It bounces you back to the login page.

You can also use the "maas createadmin" command from the CLI to do the same thing, with the same result: unable to log into the web interface with any password that contains the '+' character.

Changing the password to something else will allow the user in.

Sorry, the subject line in the bug report is incorrect, the problem is with logging in, not with creating the account.

Adam Collard (adam-collard) on 2020-02-06

summary:	- [2.7.0~rc2] cannot create passwords with '+' character + Cannot login using password with '+' character
Changed in maas:
importance:	Medium → Critical
information type:	Public → Private Security

Caleb Ellis (caleb-ellis) on 2020-02-06

Changed in maas:
status:	Confirmed → In Progress

Adam Collard (adam-collard) on 2020-02-06

Changed in maas-ui:
importance:	Undecided → Unknown
status:	New → Unknown

Bug Watch Updater (bug-watch-updater) on 2020-02-06

Changed in maas-ui:
status:	Unknown → New

Caleb Ellis (caleb-ellis) on 2020-02-06

Changed in maas:
status:	In Progress → Fix Committed

Adam Collard (adam-collard) on 2020-02-06

Changed in maas:
milestone:	none → 2.7.0rc4

Bug Watch Updater (bug-watch-updater) on 2020-02-07

Changed in maas-ui:
status:	New → Fix Released

Adam Collard (adam-collard) on 2020-02-07

Changed in maas:
status:	Fix Committed → Fix Released
information type:	Private Security → Public
information type:	Public → Public Security

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

maas-ui-bugs #751
[closed Priority: Critical] Edit

Bug watches keep track of this bug in other bug trackers.