Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-6537

I cannot use a user id with a slash or backslash inside in webapps

    XMLWordPrintable

Details

    Description

      1) Login

      a) "a/b"

      Steps to reproduce:

      • login into admin
      • create a new user with id "a/b"
      • logout
      • login with user "a/b"

      Problem:
      The app executes the following request:
      GET http://localhost:8080/camunda/api/engine/engine/default/user/a/b/profile
      which returns the status code 500

      b) "a\b"

      Steps to reproduce:

      • login into admin
      • create a new user with id "a/b"
      • logout
      • login with user "a/b"

      Problem:
      The app executes the following request:
      GET http://localhost:8080/camunda/api/engine/engine/default/user/a/b/profile
      The "\" is replaced by a "/".

      Expected behavior:
      The slash (or backslash) is escaped when the user logins into a webapp.

      2) "%" is not escaped anymore
      In <= 7.4 we used the "$resource" from anuglarjs to execute a request. Thereby angularjs escaped "%" on its own. With 7.5 we are using the sdk-js to execute any request. Since then the "%" is not escaped anymore. As a result, a profile cannot be loaded in the admin app.

      Hint:
      Whenever we execute a request in the app by using the sdk-js to get a user profile or to execute the OPTIONS request, the "/" (or "\") of the user id must be espaced and then "%" must be escaped to.

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Activity

            People

              michael.schoettes Michael Schoettes
              roman.smirnov Roman Smirnov
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Salesforce