Canonical SSO provider

Registration page allows whitespace only for name

Reported by Stuart Metcalfe on 2011-02-01
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical SSO provider
Low
Unassigned

Bug Description

I was able to register with just whitespace as my full name, but I could not log in to the site.
I could then edit my account information somehow (was I logged in??), and changing the spaces to a single character fixed the problem. I could not reset my name back to spaces as it seems the account editing page correctly checks for whitespace-only names (or the site could handle them at login and then the check here would be unnecessary).

Selene Scriven (toykeeper) wrote :

I verified that a whitespace real name can indeed be registered, and that it causes an oops on attempt to log in to Launchpad.

Steps to reproduce:
1. Go to https://staging.launchpad.net/
2. Click "Log in / Register"
3. Click "Create a new account"
4. Enter account details, using a single space as the "Full name". Click Continue.
5. Wait for confirmation email, and enter its confirmation code into the browser (or follow the link given in the message).
6. Click "Yes, sign me in" to proceed to Launchpad.

Actual result:
  Oops!
  Sorry, something just went wrong in Launchpad.

  We’ve recorded what happened, and we’ll fix it as soon as possible. Apologies for the inconvenience.

  (Error ID: OOPS-1887L1654)

Expected result:
Rejected registration without a meaningful full name, or successful login.

Additional notes:
- Changing the full name to a non-whitespace value (for example, the letter 'k') is sufficient to enable successful logins on Launchpad.
- The login.launchpad service's account edit tool does not allow changing the full name back to a space.

Changed in canonical-identity-provider:
status: New → Confirmed
Selene Scriven (toykeeper) wrote :

I think the issue is in lp:canonical-identity-provider /identityprovider/forms.py . The classes for NewAccountForm and ConfirmNewAccountForm do not appear to do any checking of displayname, while the EditAccountForm class does. EditAccountForm.save_account() and .clean_displayname() seem to have the relevant code missing from the other classes.

Could someone add this, plus a test for it?

tags: added: proj-improve-signup
Changed in canonical-identity-provider:
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related questions