Closed Bug 596093 Opened 14 years ago Closed 14 years ago

Do not allow email addresses as the username

Categories

(Firefox :: Sync, defect)

Product:
Firefox
Component:
Sync
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: st3fan, Assigned: philikon)

References

Details

Attachments

(1 file, 1 obsolete file)

v1.1
8.37 KB, patch
mconnor
: review+
Details | Diff | Splinter Review
I have installed tip of fx-sync as of september 13th in firefox 4.0b6. I am also running tarek's last Python server locally on my Mac. I can succesfully register with an email address as my username. I see this in the request log: 127.0.0.1 - - [13/Sep/2010:14:16:40 -0400] "PUT /user/1.0/2d6xkt6ofzsb7xqqwxeffkm7wsqygorv HTTP/1.1" 200 32 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b6pre) Gecko/20100913 Firefox/4.0b6pre" But then when I try to sync I see this: 127.0.0.1 - - [13/Sep/2010:14:16:45 -0400] "GET /user/1.0/stefan%40arentz.ca/node/weave HTTP/1.1" 404 154 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b6pre) Gecko/20100913 Firefox/4.0b6pre" The request is denied because the email address is not hashed to a username.
To be more precise, this is the version that I have used: 20:27:30 Mozilla/fx-sync % hg summary parent: 3035:e39d258053ee tip Added tag 1.5b3 for changeset df21bab96ce7
Well yeah, when you install the add-on on Firefxo 4.0b, it doesn't actually use the add-on UI because Firefox 4.0b already has UI for Sync. And that UI stil asks you for a separate username doesn't it? So no hashing etc. going on here yet. That means if you want to test this new email-address-only feature, you want to use Firefox 3.6 where you see the add-on UI which no longer asks for a separate username. That said, it shouldn't accept any weird characters for the user name, such as @, right now. I think the problem is that we never really implemented any client side checks. I'll see if we can make sure that at least your problem won't be happen.
OS: Mac OS X → All
Hardware: x86 → All
Summary: Client does not use hashed email addresses as the username for all requests → Do not allow email addresses as the username
Attached patch v1 (obsolete) — Splinter Review
Make sure the semantics of Weave.Service.checkUsername and Weave.Service.createAccount don't change when used by the old UI code (as present in current Firefox 4.0 betas).
Assignee: nobody → philipp
Attachment #475036 - Flags: review?(mconnor)
Attached patch v1.1Splinter Review
Get rid of a dump() I accidentally left in there ;)
Attachment #475036 - Attachment is obsolete: true
Attachment #475071 - Flags: review?(mconnor)
Attachment #475036 - Flags: review?(mconnor)
Blocks: 594506
Attachment #475071 - Flags: review?(mconnor) → review+
http://hg.mozilla.org/services/fx-sync/rev/aa33c3fea9f4
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Blocks: 595879
Blocks: 596620
Status: RESOLVED → VERIFIED
Flags: in-testsuite?
Component: Firefox Sync: UI → Sync
Product: Cloud Services → Firefox
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: