El otorgamiento de derechos de administrador falla para nombres de usuario con caracteres especiales cuando la cuenta de administrador tiene 2FA habilitado

Error
1

Otorgar derechos de administrador a un usuario cuyo nombre de usuario contiene caracteres especiales con una cuenta de administrador que tiene habilitada la autenticación de dos factores no funciona.

Funciona para usuarios cuyos nombres de usuario no contienen caracteres especiales y con una cuenta de administrador sin autenticación de dos factores (la verificación por correo electrónico funciona).

Pasos:

  1. Configurar 2FA en una cuenta de administrador
  2. Habilitar unicode usernames y agregar algo como [äöüßÄÖÜẞ] a allowed unicode username characters (esta es la configuración predeterminada en los foros alemanes).
  3. Crear un usuario usando uno o más de esos caracteres en el nombre de usuario, como Anführerin
  4. Intentar otorgar derechos de administrador a este usuario

Esperado:

  • Ves la página para ingresar el código 2FA

Resultado real:

Message (4 copies reported)

ActionController::UrlGenerationError (No route matches {:action=>"show", :controller=>"admin/users", :id=>5, :username=>"Anführerin"}, possible unmatched constraints: [:username])
lib/second_factor/actions/grant_admin.rb:19:in `second_factor_auth_required!'
lib/second_factor/auth_manager.rb:187:in `initiate_second_factor_auth'
lib/second_factor/auth_manager.rb:179:in `run!'
app/controllers/application_controller.rb:979:in `run_second_factor!'
app/controllers/admin/users_controller.rb:177:in `grant_admin'
app/controllers/application_controller.rb:428:in `block in with_resolved_locale'
app/controllers/application_controller.rb:428:in `with_resolved_locale'
lib/middleware/omniauth_bypass_middleware.rb:35:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
lib/middleware/anonymous_cache.rb:415:in `call'
lib/middleware/csp_script_nonce_injector.rb:12:in `call'
config/initializers/008-rack-cors.rb:26:in `call'
lib/middleware/default_headers.rb:13:in `call'
config/initializers/100-quiet_logger.rb:20:in `call'
config/initializers/100-silence_logger.rb:29:in `call'
lib/middleware/enforce_hostname.rb:23:in `call'
lib/middleware/processing_request.rb:12:in `call'
lib/middleware/request_tracker.rb:410:in `call'


Backtrace

actionpack (8.0.2) lib/action_dispatch/journey/formatter.rb:46:in `path'
actionpack (8.0.2) lib/action_dispatch/routing/route_set.rb:880:in `url_for'
actionpack (8.0.2) lib/action_dispatch/routing/route_set.rb:289:in `call'
actionpack (8.0.2) lib/action_dispatch/routing/route_set.rb:345:in `block in define_url_helper'
lib/second_factor/actions/grant_admin.rb:19:in `second_factor_auth_required!'
lib/second_factor/auth_manager.rb:187:in `initiate_second_factor_auth'
lib/second_factor/auth_manager.rb:179:in `run!'
app/controllers/application_controller.rb:979:in `run_second_factor!'
app/controllers/admin/users_controller.rb:177:in `grant_admin'
actionpack (8.0.2) lib/action_controller/metal/basic_implicit_render.rb:8:in `send_action'
actionpack (8.0.2) lib/abstract_controller/base.rb:226:in `process_action'
actionpack (8.0.2) lib/action_controller/metal/rendering.rb:193:in `process_action'
actionpack (8.0.2) lib/abstract_controller/callbacks.rb:261:in `block in process_action'
activesupport (8.0.2) lib/active_support/callbacks.rb:120:in `block in run_callbacks'
app/controllers/application_controller.rb:428:in `block in with_resolved_locale'
app/controllers/application_controller.rb:428:in `with_resolved_locale'
activesupport (8.0.2) lib/active_support/callbacks.rb:129:in `block in run_callbacks'
activesupport (8.0.2) lib/active_support/callbacks.rb:140:in `run_callbacks'
actionpack (8.0.2) lib/abstract_controller/callbacks.rb:260:in `process_action'
actionpack (8.0.2) lib/action_controller/metal/rescue.rb:27:in `process_action'
actionpack (8.0.2) lib/action_controller/metal/instrumentation.rb:76:in `block in process_action'
activesupport (8.0.2) lib/active_support/notifications.rb:210:in `block in instrument'
activesupport (8.0.2) lib/active_support/notifications/instrumenter.rb:58:in `instrument'
activesupport (8.0.2) lib/active_support/notifications.rb:210:in `instrument'
actionpack (8.0.2) lib/action_controller/metal/instrumentation.rb:75:in `process_action'
actionpack (8.0.2) lib/action_controller/metal/params_wrapper.rb:259:in `process_action'
activerecord (8.0.2) lib/active_record/railties/controller_runtime.rb:39:in `process_action'
actionpack (8.0.2) lib/abstract_controller/base.rb:163:in `process'
actionview (8.0.2) lib/action_view/rendering.rb:40:in `process'
rack-mini-profiler (4.0.1) lib/mini_profiler/profiling_methods.rb:90:in `block in profile_method'
actionpack (8.0.2) lib/action_controller/metal.rb:252:in `dispatch'
actionpack (8.0.2) lib/action_controller/metal.rb:335:in `dispatch'
actionpack (8.0.2) lib/action_dispatch/routing/route_set.rb:67:in `dispatch'
actionpack (8.0.2) lib/action_dispatch/routing/route_set.rb:50:in `serve'
actionpack (8.0.2) lib/action_dispatch/routing/mapper.rb:32:in `block in <class:Constraints>'
actionpack (8.0.2) lib/action_dispatch/routing/mapper.rb:62:in `serve'
actionpack (8.0.2) lib/action_dispatch/journey/router.rb:53:in `block in serve'
actionpack (8.0.2) lib/action_dispatch/journey/router.rb:133:in `block in find_routes'
actionpack (8.0.2) lib/action_dispatch/journey/router.rb:126:in `each'
actionpack (8.0.2) lib/action_dispatch/journey/router.rb:126:in `find_routes'
actionpack (8.0.2) lib/action_dispatch/journey/router.rb:34:in `serve'
actionpack (8.0.2) lib/action_dispatch/routing/route_set.rb:908:in `call'
lib/middleware/omniauth_bypass_middleware.rb:35:in `call'
rack (2.2.17) lib/rack/tempfile_reaper.rb:15:in `call'
rack (2.2.17) lib/rack/conditional_get.rb:40:in `call'
rack (2.2.17) lib/rack/head.rb:12:in `call'
actionpack (8.0.2) lib/action_dispatch/http/permissions_policy.rb:38:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
lib/middleware/anonymous_cache.rb:415:in `call'
lib/middleware/csp_script_nonce_injector.rb:12:in `call'
config/initializers/008-rack-cors.rb:26:in `call'
rack (2.2.17) lib/rack/session/abstract/id.rb:266:in `context'
rack (2.2.17) lib/rack/session/abstract/id.rb:260:in `call'
actionpack (8.0.2) lib/action_dispatch/middleware/cookies.rb:706:in `call'
actionpack (8.0.2) lib/action_dispatch/middleware/callbacks.rb:31:in `block in call'
activesupport (8.0.2) lib/active_support/callbacks.rb:100:in `run_callbacks'
actionpack (8.0.2) lib/action_dispatch/middleware/callbacks.rb:30:in `call'
actionpack (8.0.2) lib/action_dispatch/middleware/debug_exceptions.rb:31:in `call'
actionpack (8.0.2) lib/action_dispatch/middleware/show_exceptions.rb:32:in `call'
logster (2.20.1) lib/logster/middleware/reporter.rb:40:in `call'
lib/middleware/default_headers.rb:13:in `call'
lograge (0.14.0) lib/lograge/rails_ext/rack/logger.rb:18:in `call_app'
railties (8.0.2) lib/rails/rack/logger.rb:29:in `call'
config/initializers/100-quiet_logger.rb:20:in `call'
config/initializers/100-silence_logger.rb:29:in `call'
actionpack (8.0.2) lib/action_dispatch/middleware/request_id.rb:34:in `call'
lib/middleware/enforce_hostname.rb:23:in `call'
rack (2.2.17) lib/rack/method_override.rb:24:in `call'
rack (2.2.17) lib/rack/sendfile.rb:110:in `call'
plugins/discourse-prometheus/lib/middleware/metrics.rb:14:in `call'
rack-mini-profiler (4.0.1) lib/mini_profiler.rb:191:in `call'
lib/middleware/processing_request.rb:12:in `call'
message_bus (4.4.1) lib/message_bus/rack/middleware.rb:60:in `call'
lib/middleware/request_tracker.rb:410:in `call'
actionpack (8.0.2) lib/action_dispatch/middleware/remote_ip.rb:96:in `call'
rails_failover (2.3.0) lib/rails_failover/active_record/middleware.rb:67:in `block in call'
activerecord (8.0.2) lib/active_record/connection_handling.rb:398:in `with_role_and_shard'
activerecord (8.0.2) lib/active_record/connection_handling.rb:149:in `connected_to'
rails_failover (2.3.0) lib/rails_failover/active_record/middleware.rb:64:in `call'
rails_multisite (7.0.0) lib/rails_multisite/middleware.rb:26:in `call'
railties (8.0.2) lib/rails/engine.rb:535:in `call'
railties (8.0.2) lib/rails/railtie.rb:226:in `public_send'
railties (8.0.2) lib/rails/railtie.rb:226:in `method_missing'
rack (2.2.17) lib/rack/urlmap.rb:74:in `block in call'
rack (2.2.17) lib/rack/urlmap.rb:58:in `each'
rack (2.2.17) lib/rack/urlmap.rb:58:in `call'
unicorn (6.1.0) lib/unicorn/http_server.rb:634:in `process_client'
unicorn (6.1.0) lib/unicorn/http_server.rb:739:in `worker_loop'
unicorn (6.1.0) lib/unicorn/http_server.rb:547:in `spawn_missing_workers'
unicorn (6.1.0) lib/unicorn/http_server.rb:143:in `start'
unicorn (6.1.0) bin/unicorn:128:in `<top (required)>'
vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `load'
vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `<main>'

Nota al margen: Incluso en el primer ejemplo donde otorgar permisos de administrador funciona, aparece un error en la consola del navegador al hacer clic en el botón:

PUT https://{my-forum}/admin/users/4/grant_admin 403 (Forbidden)

7 Me gusta
2

Vaya, gracias por el detallado informe de errores, el equipo lo examinará en las próximas semanas.

1 me gusta
5

He aprendido que esto es esperado

6

Gracias por informar de este problema. Se solucionó con esta PR

2 Me gusta
7

Este tema se cerró automáticamente después de 4 días. Ya no se permiten nuevas respuestas.