Unable to change own username through web UI
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1327661
Description of problem:
When user tries to update his username via My Account > User dialog, there is no error shown on trying to put a blank username in. Instead there is a success notification displayed but the username stays unchanged (so it's more of a cosmetic issue).
Version-Release number of selected component (if applicable):
6.2.0 snap 8.1
Steps to Reproduce:
1. navigate to my profile
2. try to change your username to "" or " "
Successfully updated <username> //changes have no effect
"can't be blank" Error
#2 Updated by Brad Buckingham about 3 years ago
- Status changed from Need more information to New
- Priority changed from Normal to Low
The user has Administrator role; therefore, the username is editable. If he attempts to update it, there is no error displayed; however, it seems that the user is logged out immediately and the change is not applied. Ideally, the field should be read-only or the user should see an error.
#3 Updated by Dominic Cleal about 3 years ago
- Subject changed from WebUI - no error on updating own username to blank to No error when updating own username to blank
- Category set to Web Interface
The reason the username field is disabled in my screenshot is that it's incorrectly made disabled when the username is 'admin'.
#5 Updated by Daniel Lobato Garcia about 3 years ago
I think the actual issue is that we're filtering the 'login' parameter on the controller, so the request to update the login to ' ' is never fulfilled if you're editing your own user.
More info in the PR: https://github.com/theforeman/foreman/pull/3483#issuecomment-218388480
#6 Updated by Dominic Cleal over 2 years ago
- Subject changed from No error when updating own username to blank to Unable to change own username through web UI
- Status changed from Ready For Testing to New
- Pull request deleted (
PR closed due to inactivity, seems valid still.
#10 Updated by Rahul Bajaj almost 2 years ago
I am analyzing a senario - An admin is unable to change his username but he can change other users name. The other users have the option to change their own user names but after updating the form it does not actually update thier usernames.
I have also raised a ticket regarding this issue : http://projects.theforeman.org/issues/19946
I am confused to whether what is the solution to this issue: either
1) Should all the users be restricted from updating their respective usernames ? OR
2) Should they be allowed ?
#11 Updated by Daniel Lobato Garcia almost 2 years ago
Rahul, No need for a new ticket.
About your question, I think it would be a mix of both:
Users can update their own names if the Auth Source of these users is Internal, but cannot update their own names if the Auth Source is LDAP-based. The reason is simply that they'll lock themselves out if they change the name (Foreman won't propagate these changes to LDAP).
#12 Updated by Daniel Lobato Garcia almost 2 years ago
Feel free to take the code in https://github.com/theforeman/foreman/pull/3483#issuecomment-218388480 and base your PR off that