[RTFACT-18425] Users and Group containing invalid characters are able to be created on REST API. - JFrog JIRA

XML

Word

Printable

Details

Type: Bug
Status: Done
Resolution: Fixed
Affects Version/s: 6.7.0
Fix Version/s: 6.8.0
Component/s: Security
Labels:
None

Severity:
Medium
Requirement Status:

UNCOVERED

Description

Even UI is preventing the user to create User or Group, the user is able to create user or Group wiht invalid characters.
invalid characters are :

'/', '\\', ':', '|', '?', '*', '"', '<', '>'

The APIs are:

POST http://<host>:8080/artifactory/ui/groups
Body:
{"name":"group1:1"}

POST http://<host>:8080/artifactory/ui/users
Body:
{"profileUpdatable":true,"disableUIAccess":false,"internalPasswordDisabled":false,"name":"users1:1","email":"my@email.com","password":"123456","retypePassword":"123456","userGroups":[{"groupName":"readers","realm":"internal"}]}

PUT http://<host>:8080/artifactory/api/security/users/users1:1
Body:
{ "name": "users1:1", "email": "my@email.com", "admin": true, "password": "123456", "profileUpdatable": true, "internalPasswordDisabled": false, "groups": [ "readers" ], "lastLoggedInMillis": 0, "realm": "internal", "offlineMode": false, "disableUIAccess": false }

PUT http://<host>:8080/artifactory/api/security/groups/group:1
Body:
{ "name": "group:1" }

Attachments

Activity

People

Assignee:: Omri Ziv

Reporter:: Omri Ziv

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 03/Feb/19 11:04 AM

Updated:: 06/Jan/21 4:26 PM

Resolved:: 11/Feb/19 8:28 AM