Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Self Registration Secondary Userstore username Regex Validation #21639

Open
Dinithi-Hasanika opened this issue Nov 7, 2024 · 0 comments
Open

Self Registration Secondary Userstore username Regex Validation #21639

Dinithi-Hasanika opened this issue Nov 7, 2024 · 0 comments
Labels
Type/Bug

Comments

@Dinithi-Hasanika
Copy link

Describe the issue:

For secondary user store users, username length is considered with secondary user store domain name while validating the entered username in <IS_Home>/repository/deployment/server/webapps/accountrecoveryendpoint/self-registration-username-request.jsp. Hence if actual entered username character length is lesser than the defined pattern, but if it matches the regex when considered with the domain name the username is allowed and user will redirect to collect required information for account creation.

However after submitting the user data, user will experience a blank page as username validation fails while creating the user. Hence user creation also get failed.

How to reproduce:

  1. Create a Secondary userstore with domain name 'SECONDARY'

  2. Enable self-user registration

  3. For the secondary user store define following regex for the user name to expect username length 8 - 20 characters
    Username RegEx (Java) - [a-zA-Z0-9._-|//]{8,20}$
    Username RegEx (Javascript) - ^[\S]{8,20}$

  4. Go to my account and choose create account option

  5. In interface to enter user name enter username with user store domain name - SECONDARY/din
    since it has characters more than 8, entered username will be allowed and user will be redirected to enter details for user creation

  6. After submitting the data user will end up in a blank page

If DEBUG logs enabled following error stack trace can be observed as username din does not pass the username regex validation.

TID: [-1234] [api] [2024-11-07 19:46:30,497] [00d2de6a-281f-4d1b-8927-974d50716a0b] DEBUG {org.wso2.carbon.identity.user.endpoint.impl.MeApiServiceImpl} - Client Error while registering self up user org.wso2.carbon.identity.recovery.IdentityRecoveryClientException: Provided username din violates the policy.
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
	at org.wso2.carbon.identity.base.IdentityException.error(IdentityException.java:100)
	at org.wso2.carbon.identity.recovery.util.Utils.handleClientException(Utils.java:381)
	at org.wso2.carbon.identity.recovery.signup.UserSelfRegistrationManager.handleClientException(UserSelfRegistrationManager.java:335)
	at org.wso2.carbon.identity.recovery.signup.UserSelfRegistrationManager.registerUser(UserSelfRegistrationManager.java:238)
	at org.wso2.carbon.identity.user.endpoint.impl.MeApiServiceImpl.mePost(MeApiServiceImpl.java:105)
	at org.wso2.carbon.identity.user.endpoint.MeApi.mePost(MeApi.java:63)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
	at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:201)
	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:104)
	at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
	at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265)
	at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
	at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:304)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:217)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:555)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:279)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
	at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:119)
	at org.wso2.carbon.identity.context.rewrite.valve.OrganizationContextRewriteValve.invoke(OrganizationContextRewriteValve.java:115)
	at org.wso2.carbon.tomcat.ext.valves.SameSiteCookieValve.invoke(SameSiteCookieValve.java:38)
	at org.wso2.carbon.identity.cors.valve.CORSValve.invoke(CORSValve.java:83)
	at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:167)
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:142)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:114)
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:75)
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:152)
	at org.wso2.carbon.extension.identity.x509Certificate.valve.X509CertificateAuthenticationValve.invoke(X509CertificateAuthenticationValve.java:59)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670)
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:63)
	at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
	at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:137)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.wso2.carbon.user.core.UserStoreException: 31301 - Username din is not valid. User name must be a non null string with following format, [a-zA-Z0-9._-|//]{8,20}$
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:262)
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addUser(AbstractUserStoreManager.java:4827)
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addUser(AbstractUserStoreManager.java:4813)
	at org.wso2.carbon.identity.recovery.signup.UserSelfRegistrationManager.registerUser(UserSelfRegistrationManager.java:225)
	... 59 more
Caused by: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:243)
	... 62 more
Caused by: java.lang.reflect.InvocationTargetException
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager$2.run(AbstractUserStoreManager.java:246)
	... 64 more
Caused by: org.wso2.carbon.user.core.UserStoreException: 31301 - Username din is not valid. User name must be a non null string with following format, [a-zA-Z0-9._-|//]{8,20}$
	at org.wso2.carbon.user.mgt.workflow.userstore.UserStoreActionListener.doPreAddUser(UserStoreActionListener.java:92)
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addUser(AbstractUserStoreManager.java:4978)
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addUser(AbstractUserStoreManager.java:4861)
	... 69 more

TID: [-1234] [accountrecoveryendpoint] [2024-11-07 19:46:30,588] [702f6c2d-5acf-4ddf-abda-8f7eaa0eb2bc]  INFO {com.sun.jersey.api.client.filter.LoggingFilter} - 1 * Client in-bound response
1 < 400
1 < Transfer-Encoding: chunked
1 < Server: WSO2 Carbon Server
1 < X-WSO2-TraceId: 00d2de6a-281f-4d1b-8927-974d50716a0b
1 < Connection: close
1 < Date: Thu, 07 Nov 2024 14:16:30 GMT
1 < Content-Type: application/json
1 < 
{"code":"20045","message":"Bad Request","description":"Provided username din violates the policy.","traceId":"00d2de6a-281f-4d1b-8927-974d50716a0b"}

Expected behavior:

Entered username should be validated with the username regex without considering the user store domain and prevent user proceed with the next steps and show the Username RegEx Violation Error Message

Environment information (Please complete the following information; remove any unnecessary fields) :

  • Product Version: IS 6.1.0
  • OS: [e.g., Windows, Linux, Mac]
  • Database: [e.g., MySQL, H2]
  • Userstore: SECONDARY

Optional Fields

Related issues:

Suggested labels:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type/Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Dinithi-Hasanika