Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-18425

Users and Group containing invalid characters are able to be created on REST API.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Resolution: Fixed
    • Affects Version/s: 6.7.0
    • Fix Version/s: 6.8.0
    • Component/s: Security
    • Labels:
      None
    • Severity:
      Medium
    • Requirement Status:

      UNCOVERED

      Description

      Even UI is preventing the user to create User or Group, the user is able to create user or Group wiht invalid characters.
      invalid characters are :

      '/', '\\', ':', '|', '?', '*', '"', '<', '>' 

      The APIs are:

      POST http://<host>:8080/artifactory/ui/groups
      Body:
      {"name":"group1:1"}
      
      POST http://<host>:8080/artifactory/ui/users
      Body:
      {"profileUpdatable":true,"disableUIAccess":false,"internalPasswordDisabled":false,"name":"users1:1","email":"my@email.com","password":"123456","retypePassword":"123456","userGroups":[{"groupName":"readers","realm":"internal"}]}
      
      PUT http://<host>:8080/artifactory/api/security/users/users1:1
      Body:
      { "name": "users1:1", "email": "my@email.com", "admin": true, "password": "123456", "profileUpdatable": true, "internalPasswordDisabled": false, "groups": [ "readers" ], "lastLoggedInMillis": 0, "realm": "internal", "offlineMode": false, "disableUIAccess": false }
      
      PUT http://<host>:8080/artifactory/api/security/groups/group:1
      Body:
      { "name": "group:1" }
      

        Attachments

          Activity

            People

            Assignee:
            omriz Omri Ziv
            Reporter:
            omriz Omri Ziv
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: