Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-6537

I cannot use a user id with a slash or backslash inside in webapps

    Details

    • Type: Bug Report
    • Status: Closed
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.6.0, 7.6.0-alpha5, 7.5.6
    • Component/s: admin
    • Labels:

      Description

      1) Login

      a) "a/b"

      Steps to reproduce:

      • login into admin
      • create a new user with id "a/b"
      • logout
      • login with user "a/b"

      Problem:
      The app executes the following request:
      GET http://localhost:8080/camunda/api/engine/engine/default/user/a/b/profile
      which returns the status code 500

      b) "a\b"

      Steps to reproduce:

      • login into admin
      • create a new user with id "a/b"
      • logout
      • login with user "a/b"

      Problem:
      The app executes the following request:
      GET http://localhost:8080/camunda/api/engine/engine/default/user/a/b/profile
      The "\" is replaced by a "/".

      Expected behavior:
      The slash (or backslash) is escaped when the user logins into a webapp.

      2) "%" is not escaped anymore
      In <= 7.4 we used the "$resource" from anuglarjs to execute a request. Thereby angularjs escaped "%" on its own. With 7.5 we are using the sdk-js to execute any request. Since then the "%" is not escaped anymore. As a result, a profile cannot be loaded in the admin app.

      Hint:
      Whenever we execute a request in the app by using the sdk-js to get a user profile or to execute the OPTIONS request, the "/" (or "\") of the user id must be espaced and then "%" must be escaped to.

        Activity

        Hide
        sebastian.stamm Sebastian Stamm added a comment - - edited

        A Jenkins Test is failing, which might be related to this ticket: Link to Jenkins

        This commit might introduce the error: Link to Commit

        Show
        sebastian.stamm Sebastian Stamm added a comment - - edited A Jenkins Test is failing, which might be related to this ticket: Link to Jenkins This commit might introduce the error: Link to Commit

          People

          • Assignee:
            michael.schoettes Michael Schoettes
            Reporter:
            roman.smirnov Smirnov Roman
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development