U4-10589 - Login should be sanitized and/or cause validation errors if trying to save with a trailing space

Created by Claus Jensen 24 Oct 2017, 22:20:33 Updated by Claus Jensen 08 Nov 2017, 11:08:49

Subtask of: U4-9609

If you have a member saved with a trailing space in login - it will cause errors when trying to resave this member. However seems like we're checking for this somewhere in the validation logic, since when the member is already saved this way - we don't allow a resave unless you ''change'' the login to something else (removing the trailing whitespace is not enough and won't allow a resave since it believes the login is already in use)

  • Save member1 with 'member1@email.com' as email address.
  • Resave (it works).
  • Change the login to 'member1@email.com '.
  • Save (it works)
  • Resave (errors)
  • Now you can't save this member unless you change the email address.

Comments

Robert Copilau 31 Oct 2017, 14:49:23

It seems that the Login textbox has ng-trim set to false which is why it allows trailing spaces.

My fix is to just trim the input and that will pretty much fix the issue. Another way I could have done it was to alter the textbox and set ng-trim to true, but I am pretty sure that would cause some problems in other places.

PR:https://github.com/umbraco/Umbraco-CMS/pull/2277


Shannon Deminick 01 Nov 2017, 02:15:57

This fix should also be done on the server side which is the safest place to put the fix


Robert Copilau 01 Nov 2017, 08:02:14

Done, server side trimming added. [Commit|https://github.com/umbraco/Umbraco-CMS/pull/2277/commits/8676a99b3ae5cb87c1115ce2f4c846268800aadd]


Claus Jensen 01 Nov 2017, 10:15:36

@robertcopilau Code looks good. I wonder though, why this isn't a problem on the email field too. Could you spend a few minutes checking where we do the sanitation/trimming of the email field - and ensure that whatever we do also covers when an email is being saved with excessive spaces, through the services/API.

Email gets trimmed when saved in the UI, but I can't tell from that whether saving via the services will also trim it.


Robert Copilau 01 Nov 2017, 10:29:33

Sure, will take a look.


Robert Copilau 01 Nov 2017, 17:01:48

Moved the trimming to the service level for both email and username. [Commit |https://github.com/umbraco/Umbraco-CMS/pull/2277/commits/73b2d31298f496c6381d674de591d31a2ed5b96f]


Claus Jensen 01 Nov 2017, 19:59:11

Thanks :) changes look good .. I haven't tested yet, but can be merged when someone has done a few tests and confirmed that it works.


Priority: Normal

Type: Bug

State: Fixed

Assignee:

Difficulty: Normal

Category:

Backwards Compatible: True

Fix Submitted:

Affected versions: 7.7.3, 7.6.11

Due in version: 7.7.5

Sprint: Sprint 71

Story Points: 0.5

Cycle: 5