Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54311

Create user with . in name doesn't work

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • core
    • Jenkins 2.148
      Jenkins 2.138.2

      Creating a user (via Manage Jenkins -> Manage Users -> Create User) with a name containing a dot (".") returns HTTP/1.1 200 but does not create user and remains on same page. I can not find this behavior documented anywhere, and in an older Jenkins version I was able to create users with dots in their name. Currently I have several users with dots in their name, but I can no longer create new ones.

        1. Screenshot from 2018-11-20 17.51.08.png
          Screenshot from 2018-11-20 17.51.08.png
          51 kB

          [JENKINS-54311] Create user with . in name doesn't work

          Boris Osyanin added a comment - - edited

          2.138.2 version also affected.

           

          And I suppose need to check also  LDAP login with dot.

          Installed via package manager in Ubuntu Server

          DISTRIB_ID=Ubuntu
          DISTRIB_RELEASE=18.04
          DISTRIB_CODENAME=bionic
          DISTRIB_DESCRIPTION="Ubuntu 18.04.1 LTS"

          rlohlefink

          Boris Osyanin added a comment - - edited 2.138.2 version also affected.   And I suppose need to check also  LDAP login with dot. Installed via package manager in Ubuntu Server DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.1 LTS" rlohlefink

          Alba Mendez added a comment -

          We've been hit by this bug for quite some time. I just did bisection and this is what I found:

           

          2.120 is the last version that allows you to create users with dots.

          2.121 onwards: block usernames with dots, with the following warning: User name must only contain alphanumeric characters, underscore and dash.

          2.128 onwards: user isn't created, stays on the same page, no warning is shown (reported behaviour)

           

          Does that mean dots are disallowed in usernames by design? If so, what's the motivation behind it?

          Alba Mendez added a comment - We've been hit by this bug for quite some time. I just did bisection and this is what I found:   2.120 is the last version that allows you to create users with dots. 2.121 onwards: block usernames with dots, with the following warning: User name must only contain alphanumeric characters, underscore and dash. 2.128 onwards: user isn't created, stays on the same page, no warning is shown (reported behaviour)   Does that mean dots are disallowed in usernames by design? If so, what's the motivation behind it?

          Alba Mendez added a comment -

          Okay it's from design. This is the relevant security change in 2.121 that restricts usernames:

          Setting the mentioned hudson.security.HudsonPrivateSecurityRealm.ID_REGEX system property at startup to ^[a-zA-Z0-9_.-]+$ works 

          An error message like "Invalid username. By default, usernames must only contain alphanumeric characters, underscore and dash." should be shown.

          Alba Mendez added a comment - Okay it's from design. This is the relevant security change in 2.121 that restricts usernames: Setting the mentioned hudson.security.HudsonPrivateSecurityRealm.ID_REGEX system property at startup to ^ [a-zA-Z0-9_.-] +$  works  An error message like "Invalid username. By default, usernames must only contain alphanumeric characters, underscore and dash." should be shown.

            Unassigned Unassigned
            rlohlefink Rick Löhlefink
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: