Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: username entered as part of the URL is not used #11045

Closed
2 tasks done
jnweiger opened this issue Jul 21, 2023 · 4 comments
Closed
2 tasks done

Feature request: username entered as part of the URL is not used #11045

jnweiger opened this issue Jul 21, 2023 · 4 comments
Labels
Design & UX Enhancement QA:team

Comments

@jnweiger
Copy link
Contributor

jnweiger commented Jul 21, 2023
edited by michaelstingl
Loading

Pre-submission Checks

  • I checked for similar issues, but could not find any. I also checked the closed issues. I could not contribute additional information to any existing issue.
  • I will take the time to fill in all the required fields. I know that the bug report may be dismissed otherwise due to lack of information.

Describe the QA issue

Seen with testpilotcloud client 4.1.0
(Minor nitpick only)

  • start the client, the connection wizard opens,
  • enter "[email protected]" as a URL. The URL is accepted. OKish
  • On the next page, the wizard asks for both, username and password
grafik grafik
  • Entering the username twice does not make sense. How do I know which one takes precedence, if they differ? BAD

Expected behaviour:

  • the Username: [ ] field should be prefilled, with the username found in the URL
  • (or a URL with a username should not be accepted)

Steps to reproduce the issue

.

Screenshots

.

Expected behavior

No response

Actual behavior

No response
@michaelstingl
Copy link
Contributor

Expected behavior

Basic auth

Username field could be pre-filled with information from URL

OAuth 2.0 / OpenID Connect

&user=demo should be added to the IDP URL

Actual behavior

Desktop client opens https://[email protected]/index.php/apps/oauth2/authorize?response_type=code&client_id=xdXOt13…

Needs more URL sanitizing?

@TheOneRing
Copy link
Contributor

We just don't support credentials in the url anymore.
We did in the past but they where in part stored in the settings and in other code paths again stripped from the url.

@TheOneRing TheOneRing changed the title [QA] username entered as part of the URL is not used Feature request: username entered as part of the URL is not used Jul 21, 2023
@TheOneRing
Copy link
Contributor

Expected behavior

Basic auth

Username field could be pre-filled with information from URL

OAuth 2.0 / OpenID Connect

&user=demo should be added to the IDP URL

Actual behavior

Desktop client opens https://[email protected]/index.php/apps/oauth2/authorize?response_type=code&client_id=xdXOt13…

Needs more URL sanitizing?

But yes we should strip plaintext user info from the url in the wizard.

@TheOneRing TheOneRing mentioned this issue Jan 30, 2024
Closed
@TheOneRing
Copy link
Contributor

We won't implement the feature request but sanitize the url #11497

@TheOneRing TheOneRing closed this as not planned Won't fix, can't repro, duplicate, stale Jan 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Design & UX Enhancement QA:team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@TheOneRing @michaelstingl @jnweiger