[RTFACT-18425] Users and Group containing invalid characters are able to be created on REST API. Created: 03/Feb/19  Updated: 11/Feb/19  Resolved: 11/Feb/19

Status: Resolved
Project: Artifactory Binary Repository
Component/s: Security
Affects Version/s: 6.7.0
Fix Version/s: 6.8.0

Type: Bug Priority: Normal
Reporter: Omri Ziv Assignee: Omri Ziv
Resolution: Fixed Votes: 0
Labels: None

Assigned QA: Barak Hacham

 Description   

Even UI is preventing the user to create User or Group, the user is able to create user or Group wiht invalid characters.
invalid characters are :

'/', '\\', ':', '|', '?', '*', '"', '<', '>' 

The APIs are:

POST http://<host>:8080/artifactory/ui/groups
Body:
{"name":"group1:1"}
POST http://<host>:8080/artifactory/ui/users
Body:
{"profileUpdatable":true,"disableUIAccess":false,"internalPasswordDisabled":false,"name":"users1:1","email":"my@email.com","password":"123456","retypePassword":"123456","userGroups":[{"groupName":"readers","realm":"internal"}]}
PUT http://<host>:8080/artifactory/api/security/users/users1:1
Body:
{ "name": "users1:1", "email": "my@email.com", "admin": true, "password": "123456", "profileUpdatable": true, "internalPasswordDisabled": false, "groups": [ "readers" ], "lastLoggedInMillis": 0, "realm": "internal", "offlineMode": false, "disableUIAccess": false }
PUT http://<host>:8080/artifactory/api/security/groups/group:1
Body:
{ "name": "group:1" }

Generated at Sat Aug 24 09:16:51 UTC 2019 using JIRA 7.6.3#76005-sha1:8a4e38d34af948780dbf52044e7aafb13a7cae58.