Launchpad blows up if you try to use non-ascii characters in your password

Bug #2496 reported by Guilherme Salgado on 2005-09-22
28
Affects Status Importance Assigned to Milestone
Launchpad itself
Critical
Diogo Matsubara

Bug Description

canonical.launchpad.webapp.authentication.validate() doesn't accept non-ascii characters, and thus you'll get something like the following traceback if you try to register an account and your password has non-ascii characters. The same will happen anywhere we use the validate() function.

    * Module canonical.launchpad.webapp.authentication, line 171, in validate
      plaintext = str(plaintext)

UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 2: ordinal not in range(128)

We should either accept non-ascii characters (don't know why we should) or make it clear that non-ascci characters are not allowed in the password and fail gracefully if there's non-ascii characters in the password field.

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)

Guilherme Salgado via Malone wrote:

> We should either accept non-ascii characters (don't know why we should) or make
> it clear that non-ascci characters are not allowed in the password and fail
> gracefully if there's non-ascii characters in the password field.

We only accept passwords that can be used for HTTP basic auth (a subset of
ASCII documented in the relevant RFCs).

The validator needs to be updated to cope correctly and provide meaningful
error messages to the user.

--
Stuart Bishop <email address hidden> http://www.canonical.com/
Canonical Ltd. http://www.ubuntu.com/

Christian Reis (kiko) on 2005-10-04
Changed in launchpad:
assignee: nobody → diogomatsubara
Changed in launchpad:
status: New → Accepted
Changed in launchpad:
status: Confirmed → In Progress
Changed in launchpad:
status: In Progress → Fix Committed
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers