Registration page allows whitespace only for name

Bug #711145 reported by Stuart Metcalfe
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical SSO provider
Confirmed
Low
Unassigned

Bug Description

I was able to register with just whitespace as my full name, but I could not log in to the site.
I could then edit my account information somehow (was I logged in??), and changing the spaces to a single character fixed the problem. I could not reset my name back to spaces as it seems the account editing page correctly checks for whitespace-only names (or the site could handle them at login and then the check here would be unnecessary).

Revision history for this message
Selene ToyKeeper (toykeeper) wrote :

I verified that a whitespace real name can indeed be registered, and that it causes an oops on attempt to log in to Launchpad.

Steps to reproduce:
1. Go to https://staging.launchpad.net/
2. Click "Log in / Register"
3. Click "Create a new account"
4. Enter account details, using a single space as the "Full name". Click Continue.
5. Wait for confirmation email, and enter its confirmation code into the browser (or follow the link given in the message).
6. Click "Yes, sign me in" to proceed to Launchpad.

Actual result:
  Oops!
  Sorry, something just went wrong in Launchpad.

  We’ve recorded what happened, and we’ll fix it as soon as possible. Apologies for the inconvenience.

  (Error ID: OOPS-1887L1654)

Expected result:
Rejected registration without a meaningful full name, or successful login.

Additional notes:
- Changing the full name to a non-whitespace value (for example, the letter 'k') is sufficient to enable successful logins on Launchpad.
- The login.launchpad service's account edit tool does not allow changing the full name back to a space.

Changed in canonical-identity-provider:
status: New → Confirmed
Revision history for this message
Selene ToyKeeper (toykeeper) wrote :

I think the issue is in lp:canonical-identity-provider /identityprovider/forms.py . The classes for NewAccountForm and ConfirmNewAccountForm do not appear to do any checking of displayname, while the EditAccountForm class does. EditAccountForm.save_account() and .clean_displayname() seem to have the relevant code missing from the other classes.

Could someone add this, plus a test for it?

tags: added: proj-improve-signup
Changed in canonical-identity-provider:
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.