[RTFACT-18425] Users and Group containing invalid characters are able to be created on REST API. - JFrog JIRA

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Affects Version/s: 6.7.0
Fix Version/s: 6.8.0
Component/s: Security
Labels:
None

Description

Even UI is preventing the user to create User or Group, the user is able to create user or Group wiht invalid characters.
invalid characters are :

'/', '\\', ':', '|', '?', '*', '"', '<', '>'

The APIs are:

POST http://<host>:8080/artifactory/ui/groups
Body:
{"name":"group1:1"}

POST http://<host>:8080/artifactory/ui/users
Body:
{"profileUpdatable":true,"disableUIAccess":false,"internalPasswordDisabled":false,"name":"users1:1","email":"my@email.com","password":"123456","retypePassword":"123456","userGroups":[{"groupName":"readers","realm":"internal"}]}

PUT http://<host>:8080/artifactory/api/security/users/users1:1
Body:
{ "name": "users1:1", "email": "my@email.com", "admin": true, "password": "123456", "profileUpdatable": true, "internalPasswordDisabled": false, "groups": [ "readers" ], "lastLoggedInMillis": 0, "realm": "internal", "offlineMode": false, "disableUIAccess": false }

PUT http://<host>:8080/artifactory/api/security/groups/group:1
Body:
{ "name": "group:1" }

Attachments

Activity

People

Assignee:

Omri Ziv

Reporter:

Omri Ziv

Assigned QA:

Barak Hacham

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

03/Feb/19 11:04 AM

Updated:

11/Feb/19 12:12 PM

Resolved:

11/Feb/19 8:28 AM