Closed Bug 653406 Opened 14 years ago Closed 14 years ago

Users with a + in their email address are unable to reset their passwords

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 3.6

People

(Reporter: justdave, Assigned: glob)

References

Details

Attachments

(3 files, 1 obsolete file)

screenshot of error message
44.29 KB, image/png
Details
patch for 4.0, v1
2.13 KB, patch
LpSolit
: review+
Details | Diff | Splinter Review
patch for 4.1, v2
2.10 KB, patch
glob
: review+
Details | Diff | Splinter Review
Going by the attached error screenshot it looks like a + in an email address is getting unescaped somehow when it shouldn't be (and thus getting treated as a space).
Assignee: nobody → glob
i'm able to create new accounts with a + in the email address, and login as an existing account which contains a +. do you have steps to reproduce?
WFM upstream. Maybe the guy typed his email address in the URL bar directly, in which case an unescaped + means a whitespace.
i've tested all points where we throw that error and it's working for me too. nukeador, please reopen this bug if you are still having problems.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
I have my bugzilla session opened at home and I will be able to answer you guys till it expires, but I'm unable to log in using a clean session, same error. Tested from 2 computer and 2 different browsers. I think the problem is that first I get an error about my password it's less than 8 characters long and then it points me to request a new password: https://bugzilla.mozilla.org/token.cgi?a=reqpw&loginname=my+email@gmail.com Where I get the error and I can't continue or log in.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
thanks rubén, that helps a lot :)
Summary: Users with a + in their email address are unable to access Bugzilla → Users with a + in their email address are unable to reset their passwords
fixes quoting of text in error messages.
Attachment #528892 - Flags: review?(LpSolit)
Component: General → Bugzilla-General
Product: bugzilla.mozilla.org → Bugzilla
QA Contact: general → default-qa
Version: Current → 4.0
Severity: critical → major
Status: REOPENED → ASSIGNED
Component: Bugzilla-General → User Accounts
Target Milestone: --- → Bugzilla 4.0
Comment on attachment 528892 [details] [diff] [review] patch for 4.0, v1 You need a separate patch for 4.1, as FILTER url_quote has been killed in favor of FILTER uri (see bug 398701). r=LpSolit for 4.0.2.
Attachment #528892 - Attachment description: patch v1 → patch for 4.0, v1
Attachment #528892 - Flags: review?(LpSolit) → review+
Attached patch patch for 4.1, v1 (obsolete) — Splinter Review
Attachment #528909 - Flags: review?(LpSolit)
Comment on attachment 528909 [details] [diff] [review] patch for 4.1, v1 oops
Attachment #528909 - Attachment is obsolete: true
Attachment #528909 - Flags: review?(LpSolit)
<LpSolit> r+ with the first block removed
Attachment #528910 - Flags: review+
Flags: approval4.0+
Flags: approval+
The patch for 4.0 applies cleanly to 3.6.5, so let's take it on this branch too. I know the 3.6 branch is restricted to security bugs, but not being able to log in is a major issue, and we cannot leave users out of the game. Bugzilla 3.4 is not affected.
Flags: approval3.6+
Target Milestone: Bugzilla 4.0 → Bugzilla 3.6
(In reply to comment #11) Agreed
Committing to: bzr+ssh://bjones%40mozilla.com@bzr.mozilla.org/bugzilla/3.6/ modified template/en/default/global/user-error.html.tmpl Committed revision 7248. Committing to: bzr+ssh://bjones%40mozilla.com@bzr.mozilla.org/bugzilla/4.0/ modified template/en/default/global/user-error.html.tmpl Committed revision 7590. Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/trunk/ modified template/en/default/global/user-error.html.tmpl Committed revision 7805.
Status: ASSIGNED → RESOLVED
Closed: 14 years ago14 years ago
Resolution: --- → FIXED
Blocks: 798994
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: