Ticket #3574 (closed defect: worksforme)

Opened 3 years ago

Last modified 3 years ago

can't login to trac when password contains special characters

Reported by: flaimo+openstreetmap2@… Owned by: tom@…
Priority: minor Milestone:
Component: admin Version:
Keywords: Cc:

Description

i had to register this second account with a password containing plain ascii characters. with my real account "flaimo" my login just isn't accepted, though it works perfectly with the main osm page. i guess that there is a problem when the password contains special characters. in my case it contains "+", "_" and "§". it's a password genereated by keepass and copied into the pw field using copy&paste, so it can't be a typo.

Change History

comment:1 Changed 3 years ago by flaimo+openstreetmap2@…

i forgot to mention that i also tried the e-mail address i registered with as the user name. didn't work either.

comment:2 Changed 3 years ago by TomH

Registering a second account was a rather over the top "solution" really. Changing the password would have been simpler... The problem will be the "+" sign as it is special in URL argument strings.

comment:3 Changed 3 years ago by TomH

  • Priority changed from major to minor
  • Component changed from website to admin

comment:4 Changed 3 years ago by flaimo2

it can't be the solution to force users to use a weak password because of technical deficiencies. especially since it's not stated anywhere on the website that the user should avoid special characters

comment:5 Changed 3 years ago by TomH

Yes, it's a bug and I will fix it - that's why I have left the ticket open! I was just explaining which character was probably causing the problem.

comment:6 Changed 3 years ago by TomH

I've looked at this now and I'm afraid I can't reproduce it at all. I was thinking that the password was passed in a URL to the API but it isn't, it is passed using HTTP basic authentication so the special characters don't need escaping.

I have changed my password to include all three of those characters and I can still login fine.

All the trac code actually does is to fetch " http://api.openstreetmap.org/api/0.6/user/details" and provide the username and password via HTTP authentication - are you able to fetch that URL in your web browser using the username and password you are having trouble with?

comment:7 Changed 3 years ago by flaimo2

flaimo + pw doesn't work with that URL, flaimo2 + the simple ascii pw works and returns the xml.

i also tried safari instead of firefox to see it's the browser, but i get the same result with safari.

comment:8 Changed 3 years ago by TomH

I still can't reproduce this at all, and without actually knowing your password it's very hard to investigate any further...

Is there anything else "odd" about the password? Any other non alpha-numeric characters? Trailing spaces?

Perhaps you could change the password on that account and then tell me what the old one was so I can try and reproduce the problem and see if I can fix it?

comment:9 Changed 3 years ago by flaimo

i have changed my password to a random string containing only uppercase lowercase and number characters. seems to work now with trac, since i can post this comment.

the old password was: ndqy2JJj5P7Cl9+I§B_cj8yM

comment:10 Changed 3 years ago by TomH

  • Status changed from new to closed
  • Resolution set to worksforme

Well that password seems to work fine on my account...

I think I'm going to have to close this as unreproducible unfortunately :-(

Note: See TracTickets for help on using tickets.