Details
-
Bug Report
-
Resolution: Fixed
-
L3 - Default
-
None
Description
1) Login
a) "a/b"
Steps to reproduce:
- login into admin
- create a new user with id "a/b"
- logout
- login with user "a/b"
Problem:
The app executes the following request:
GET http://localhost:8080/camunda/api/engine/engine/default/user/a/b/profile
which returns the status code 500
b) "a\b"
Steps to reproduce:
- login into admin
- create a new user with id "a/b"
- logout
- login with user "a/b"
Problem:
The app executes the following request:
GET http://localhost:8080/camunda/api/engine/engine/default/user/a/b/profile
The "\" is replaced by a "/".
Expected behavior:
The slash (or backslash) is escaped when the user logins into a webapp.
2) "%" is not escaped anymore
In <= 7.4 we used the "$resource" from anuglarjs to execute a request. Thereby angularjs escaped "%" on its own. With 7.5 we are using the sdk-js to execute any request. Since then the "%" is not escaped anymore. As a result, a profile cannot be loaded in the admin app.
Hint:
Whenever we execute a request in the app by using the sdk-js to get a user profile or to execute the OPTIONS request, the "/" (or "\") of the user id must be espaced and then "%" must be escaped to.