Closed Bug 653406 Opened 9 years ago Closed 9 years ago
Users with a + in their email address are unable to reset their passwords
Going by the attached error screenshot it looks like a + in an email address is getting unescaped somehow when it shouldn't be (and thus getting treated as a space).
i'm able to create new accounts with a + in the email address, and login as an existing account which contains a +. do you have steps to reproduce?
WFM upstream. Maybe the guy typed his email address in the URL bar directly, in which case an unescaped + means a whitespace.
i've tested all points where we throw that error and it's working for me too. nukeador, please reopen this bug if you are still having problems.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
I have my bugzilla session opened at home and I will be able to answer you guys till it expires, but I'm unable to log in using a clean session, same error. Tested from 2 computer and 2 different browsers. I think the problem is that first I get an error about my password it's less than 8 characters long and then it points me to request a new password: https://firstname.lastname@example.org Where I get the error and I can't continue or log in.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
thanks rubén, that helps a lot :)
Summary: Users with a + in their email address are unable to access Bugzilla → Users with a + in their email address are unable to reset their passwords
fixes quoting of text in error messages.
Attachment #528892 - Flags: review?(LpSolit)
Component: General → Bugzilla-General
Product: bugzilla.mozilla.org → Bugzilla
QA Contact: general → default-qa
Version: Current → 4.0
Severity: critical → major
Status: REOPENED → ASSIGNED
Component: Bugzilla-General → User Accounts
Target Milestone: --- → Bugzilla 4.0
Comment on attachment 528892 [details] [diff] [review] patch for 4.0, v1 You need a separate patch for 4.1, as FILTER url_quote has been killed in favor of FILTER uri (see bug 398701). r=LpSolit for 4.0.2.
Comment on attachment 528909 [details] [diff] [review] patch for 4.1, v1 oops
<LpSolit> r+ with the first block removed
Attachment #528910 - Flags: review+
The patch for 4.0 applies cleanly to 3.6.5, so let's take it on this branch too. I know the 3.6 branch is restricted to security bugs, but not being able to log in is a major issue, and we cannot leave users out of the game. Bugzilla 3.4 is not affected.
Target Milestone: Bugzilla 4.0 → Bugzilla 3.6
(In reply to comment #11) Agreed
Committing to: bzr+ssh://email@example.com/bugzilla/3.6/ modified template/en/default/global/user-error.html.tmpl Committed revision 7248. Committing to: bzr+ssh://firstname.lastname@example.org/bugzilla/4.0/ modified template/en/default/global/user-error.html.tmpl Committed revision 7590. Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/trunk/ modified template/en/default/global/user-error.html.tmpl Committed revision 7805.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago → 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.