horizon: Trailing spaces removed on passwords

Albert Braden Albert.Braden at synopsys.com
Tue Jan 28 22:09:44 UTC 2020


Stripping leading/trailing spaces from passwords is the correct behavior. Passwords should not contain leading/trailing spaces, and when they do it is usually because of a paste error.

-----Original Message-----
From: Orestes Leal Rodríguez <olealrd1981 at gmail.com> 
Sent: Tuesday, January 28, 2020 1:24 PM
To: openstack-discuss at lists.openstack.org
Subject: Re: horizon: Trailing spaces removed on passwords

I have found a way to solve it and give access to users that have
passwords with spaces at the beginning/end. The issue (not an issue
per se, but it affects horizon [stein]) lies in django. Specifically
on 'django/forms/fields.py'

Horizon uses the fields and those by default remove spaces as stated,
what I did is the following:

On that file, the class CharField's constructor was removing
leading/trailing spaces:
Below is the diff between the original and the modified python script
(one line modified, strip=False)

--- fields.py.orig      2020-01-28 15:16:22.696047918 -0500
+++ fields.py   2020-01-28 15:16:45.520084974 -0500
@@ -220,7 +220,7 @@


 class CharField(Field):
-    def __init__(self, max_length=None, min_length=None, strip=True,
empty_value='', *args, **kwargs):
+    def __init__(self, max_length=None, min_length=None, strip=False,
empty_value='', *args, **kwargs):
         self.max_length = max_length
         self.min_length = min_length
         self.strip = strip

Now passwords are not altered by the underlying framework. Not sure
the effect of not removing trailing/leading spaces from the textfields
will have on the Horizon operations, though. Maybe horizon should
redefine that django class to avoid this behavior. I'm also open to
other solutions from the community. Have a great evening,


Thanks.
Orestes

On 1/28/20, Orestes Leal Rodríguez <olealrd1981 at gmail.com> wrote:
> From the dashboard openstack is removing the trailing spaces from our
> user's passwords.
> We have a modified sql.py backend, that does an ldap bind to an active
> directory data store. And that works almost always. I say almost
> because for some users it doesn't work at all. We figure out (and a
> co-worker also confirmed this) that openstack is removing trailing
> (also leading?) spaces from the password entered in the dashboard.
> Also, inside the dashboard trailing spaces are not accepted even when
> they are equal byte by byte (including the space, I get an error). So
> this is going on.
>
> Do anybody knows where is this removal performed? (python script
> location, line) So I can remove that since I have users (me included,
> I have the issue since the very beginning of this deployment) that
> cannot login. And they can use their Active Directrory passwords from
> other apps without problem.
>
> We are running 'stein' with the latest update for ubuntu 18.04-AMD64.
>



More information about the openstack-discuss mailing list