Opened 4 years ago

Closed 3 years ago

Last modified 3 years ago

#1762 closed Bug (fixed)

Piwik::checkValidLoginString(): allow "@" in login

Reported by: ploum Owned by:
Priority: normal Milestone: Piwik 1.1
Component: Core Keywords:
Cc: Sensitive: no

Description

Currently, piwik explicitely forbid use of "@" in a user login. (only [a-zA-Z0-9\-\._] are allowed )

It doesn't make much sense to forbid the "@" and it make it impossible to integrate piwik with any service where the login is the email (such as lot of LDAP setup).

Change History (10)

comment:1 Changed 4 years ago by ploum

Fixing this bug is really easy :

core/Piwik.php, line 1595

replace:

&& (preg_match('/[A-Za-z0-9_.-]*$/', $userLogin) > 0))

By

&& (preg_match('/[@A-Za-z0-9_.-]*$/', $userLogin) > 0))

comment:2 Changed 4 years ago by ploum

(I've tested it and it works great)

comment:3 Changed 4 years ago by vipsoft (robocoder)

re: LDAP. Is this change necessary, given the LDAP plugin in #734?

comment:4 Changed 4 years ago by ploum

I guess it is because it looks like the http_auth plugin is more interesting anyway. Ldap is only use to do authentification, piwik still do the authorization.

Comments in the bug related to the http_auth plugin seems to think the same ;-)

comment:5 Changed 4 years ago by vipsoft (robocoder)

  • Milestone set to 1.1 - Piwik 1.1
  • Summary changed from allows "@" in login to allow "@" in login

comment:6 Changed 3 years ago by vipsoft (robocoder)

  • Milestone changed from 1.1 - Piwik 1.1 to Features requests 1.x or 2.x
  • Summary changed from allow "@" in login to Piwik::checkValidLoginString(): allow "@" in login

comment:7 Changed 3 years ago by matt (mattab)

  • Milestone changed from Features requests 1.x or 2.x to 1.1 - Piwik 1.1

increasing priority, as it makes sense to allow @ in logins

comment:8 Changed 3 years ago by matt (mattab)

  • Resolution set to fixed
  • Status changed from new to closed

(In [3381]) Fixes #1762

comment:9 Changed 3 years ago by vipsoft (robocoder)

(In [3388]) refs #1762 - fix unit test

comment:10 Changed 3 years ago by vipsoft (robocoder)

(In [3646]) fixes #1970, refs #1762 - add more unit tests

Note: See TracTickets for help on using tickets.