Odoo Server (MOVED TO GITHUB)

admin password shall support unicode characters

Bug #1254784 reported by Alex Garel
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Odoo Server (MOVED TO GITHUB)
New
Undecided
Unassigned

Bug Description

If you unvolontarly or deliberatly (stronger security) put a unicode character for admin_passwd in config file, the web interface won't authenticate your admin password.

Here is the problem with a − character :

> /usr/lib/pymodules/python2.7/openerp/service/security.py(34)check_super()
-> if passwd == tools.config['admin_passwd']:
(Pdb) p tools.config['admin_passwd']
'**\xe2\x80\x94*'
(Pdb) p passwd
u'**\u2014*'
(Pdb) passwd == tools.config['admin_passwd']
/usr/lib/pymodules/python2.7/openerp/service/security.py:1: UnicodeWarning: Unicode equal comparison failed to convert both arguments to Unicode - interpreting them as being unequal
  # -*- coding: utf-8 -*-
False
(Pdb) passwd == unicode(tools.config['admin_passwd'], "utf-8")
True

so passwd == tools.config['admin_passwd'] shall be repalced with passwd == unicode(tools.config['admin_passwd'], "utf-8")

Revision history for this message
Alex Garel (alex-garel) wrote :

Another fix would be to explicitly forbid non-ascii chars in password (and raise an error accordingly).

Revision history for this message
Harri Luuppala (harri-luuppala) wrote :

Please do not limit to ASCII - 7 nor 8 bit - ASCII is old IS0 standard from year 1986 and even older national US standard . ASCII is a local solution, not global.

ISO/lEC 6429 standard was created 1992 to get 7/8 bit letters written from right to left. Since 1991 Unicode Consortium has worked with ISO to develop The Unicode Standard ("Unicode") and ISO/IEC 10646 in tandem. They released the first standard already ISO/IEC 10646-1:1993 = Unicode 1.1. See: http://en.wikipedia.org/wiki/Universal_Character_Set.

Here is one very good comment why we should use UNICODE everywhere - even this is 15 years old comment:
 http://www.ibm.com/developerworks/library/l-linuni/index.html

GNU, MS, Apple, Linux, Posix,... and many others are supporting Open Source ideology - to make SW free - free for everyone. We should not lock functionaly from others - even if we do not understand their languages.

Hopefully you could get Unicode to work for passwords also; UTF-8 at least for time being. See comments from Linus Torvalds and Theodore Ts'o: http://yarchive.net/comp/linux/utf8.html

"Unicode now replaces ASCII, ISO 8859 and EUC at all levels" says: http://www.cl.cam.ac.uk/~mgk25/unicode.html

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.