Skip to content
This repository has been archived by the owner on Jul 24, 2021. It is now read-only.

can't login to trac when password contains special characters #3574

Closed
openstreetmap-trac opened this issue Jul 23, 2021 · 9 comments
Closed

Comments

@openstreetmap-trac
Copy link

Reporter: flaimo+openstreetmap2[at]gmail.com
[Submitted to the original trac issue database at 9.38pm, Wednesday, 9th March 2011]

i had to register this second account with a password containing plain ascii characters. with my real account "flaimo" my login just isn't accepted, though it works perfectly with the main osm page. i guess that there is a problem when the password contains special characters. in my case it contains "+", "_" and "". it's a password genereated by keepass and copied into the pw field using copy&paste, so it can't be a typo.

@openstreetmap-trac
Copy link
Author

Author: flaimo+openstreetmap2[at]gmail.com
[Added to the original trac issue at 1.15am, Saturday, 12th March 2011]

i forgot to mention that i also tried the e-mail address i registered with as the user name. didn't work either.

@openstreetmap-trac
Copy link
Author

Author: TomH
[Added to the original trac issue at 7.26am, Saturday, 12th March 2011]

Registering a second account was a rather over the top "solution" really. Changing the password would have been simpler... The problem will be the "+" sign as it is special in URL argument strings.

@openstreetmap-trac
Copy link
Author

Author: flaimo2
[Added to the original trac issue at 11.47am, Saturday, 12th March 2011]

it can't be the solution to force users to use a weak password because of technical deficiencies. especially since it's not stated anywhere on the website that the user should avoid special characters

@openstreetmap-trac
Copy link
Author

Author: TomH
[Added to the original trac issue at 11.48am, Saturday, 12th March 2011]

Yes, it's a bug and I will fix it - that's why I have left the ticket open! I was just explaining which character was probably causing the problem.

@openstreetmap-trac
Copy link
Author

Author: TomH
[Added to the original trac issue at 12.00pm, Saturday, 12th March 2011]

I've looked at this now and I'm afraid I can't reproduce it at all. I was thinking that the password was passed in a URL to the API but it isn't, it is passed using HTTP basic authentication so the special characters don't need escaping.

I have changed my password to include all three of those characters and I can still login fine.

All the trac code actually does is to fetch "http://api.openstreetmap.org/api/0.6/user/details" and provide the username and password via HTTP authentication - are you able to fetch that URL in your web browser using the username and password you are having trouble with?

@openstreetmap-trac
Copy link
Author

Author: flaimo2
[Added to the original trac issue at 1.04pm, Saturday, 12th March 2011]

flaimo + pw doesn't work with that URL, flaimo2 + the simple ascii pw works and returns the xml.

i also tried safari instead of firefox to see it's the browser, but i get the same result with safari.

@openstreetmap-trac
Copy link
Author

Author: TomH
[Added to the original trac issue at 3.58pm, Sunday, 13th March 2011]

I still can't reproduce this at all, and without actually knowing your password it's very hard to investigate any further...

Is there anything else "odd" about the password? Any other non alpha-numeric characters? Trailing spaces?

Perhaps you could change the password on that account and then tell me what the old one was so I can try and reproduce the problem and see if I can fix it?

@openstreetmap-trac
Copy link
Author

Author: flaimo
[Added to the original trac issue at 5.48pm, Sunday, 13th March 2011]

i have changed my password to a random string containing only uppercase lowercase and number characters. seems to work now with trac, since i can post this comment.

the old password was: ndqy2JJj5P7Cl9+IB_cj8yM

@openstreetmap-trac
Copy link
Author

Author: TomH
[Added to the original trac issue at 12.25am, Monday, 14th March 2011]

Well that password seems to work fine on my account...

I think I'm going to have to close this as unreproducible unfortunately :-(

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant