yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1861224] Re: horizon removing trailing spaces on passwords - auth fails

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1861224@xxxxxxxxxxxxxxxxxx>
Date: Thu, 03 Sep 2020 16:41:33 -0000
Reply-to: Bug 1861224 <1861224@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/705886
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=6a07f5a5b4e2c0921967b8c47c8c9cfcd9a45b90
Submitter: Zuul
Branch:    master

commit 6a07f5a5b4e2c0921967b8c47c8c9cfcd9a45b90
Author: Akihiro Motoki <amotoki@xxxxxxxxx>
Date:   Wed Feb 5 14:41:49 2020 +0900

    Avoid stripping leading/traling spaces in password forms
    
    There are cases where leading/trailing spaces are included in passwords
    We should not touch passwords input in forms and pass them to auth
    backends without any modifications. The detail was discussed in
    the mailing list thread [1] referred in the bug comment.
    
    [1] http://lists.openstack.org/pipermail/openstack-discuss/2020-January/thread.html#12223
    
    Change-Id: I98de224cc77a98fa216ec3bc032412325e661e14
    Closes-Bug: #1861224


** Changed in: horizon
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1861224

Title:
  horizon removing trailing spaces on passwords - auth fails

Status in OpenStack Dashboard (Horizon):
  Fix Released

Bug description:
  From the dashboard openstack is removing the trailing spaces from our user's passwords.
  We have a modified sql.py backend, that does an ldap bind to an active directory data store. And that works almost always. I say almost because for some users it doesn't work at all. We figure out (and a co-worker also confirmed this) that openstack is removing trailing (also leading?) spaces from the password entered in the dashboard. Also, inside the dashboard trailing spaces are not accepted even when they are equal byte by byte (including the space, I get an error). So this is going on.

  Do anybody knows where is this removal performed? (python script
  location, line) So I can remove that since I have users (me included,
  I have the issue since the very beginning of this deployment) that
  cannot login. And they can use their Active Directrory passwords from
  other apps without problem.

  We are running 'stein' with the latest update for ubuntu 18.04-AMD64.
  NOTE: Since passwords can indeed contain spaces anywhere I consider this a bug.

  Details:

  'openstack token isue' works with spaces at the end so this is
  horizon/django related.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1861224/+subscriptions

References

[Bug 1861224] [NEW] horizon removing trailing spaces on passwords - auth fails
From: Orestes Leal Rodriguez, 2020-01-28