Launchpad blows up if you try to use non-ascii characters in your password

Bug #2496 reported by Guilherme Salgado
28
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Critical
Diogo Matsubara

Bug Description

canonical.launchpad.webapp.authentication.validate() doesn't accept non-ascii characters, and thus you'll get something like the following traceback if you try to register an account and your password has non-ascii characters. The same will happen anywhere we use the validate() function.

    * Module canonical.launchpad.webapp.authentication, line 171, in validate
      plaintext = str(plaintext)

UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 2: ordinal not in range(128)

We should either accept non-ascii characters (don't know why we should) or make it clear that non-ascci characters are not allowed in the password and fail gracefully if there's non-ascii characters in the password field.

Revision history for this message
Stuart Bishop (stub) wrote : Re: [Bug 2496] Launchpad blows up if you try to use non-ascii characters in your password

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)

Guilherme Salgado via Malone wrote:

> We should either accept non-ascii characters (don't know why we should) or make
> it clear that non-ascci characters are not allowed in the password and fail
> gracefully if there's non-ascii characters in the password field.

We only accept passwords that can be used for HTTP basic auth (a subset of
ASCII documented in the relevant RFCs).

The validator needs to be updated to cope correctly and provide meaningful
error messages to the user.

--
Stuart Bishop <email address hidden> http://www.canonical.com/
Canonical Ltd. http://www.ubuntu.com/

Christian Reis (kiko)
Changed in launchpad:
assignee: nobody → diogomatsubara
Changed in launchpad:
status: New → Accepted
Changed in launchpad:
status: Confirmed → In Progress
Changed in launchpad:
status: In Progress → Fix Committed
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers