Concessione dei diritti di amministratore fallisce per nomi utente con caratteri speciali quando l'account amministratore ha la 2FA abilitata

Bug
1

Concedere i diritti di amministratore a un utente il cui nome utente contiene caratteri speciali con un account amministratore che ha l’autenticazione a due fattori abilitata non funziona.

Funziona per gli utenti i cui nomi utente non contengono caratteri speciali e con un account amministratore senza autenticazione a due fattori (la verifica tramite e-mail funziona).

Passaggi:

  1. Configura l’autenticazione a due fattori su un account amministratore
  2. Abilita unicode usernames e aggiungi qualcosa come [äöüßÄÖÜẞ] a allowed unicode username characters (questa è la configurazione predefinita sui forum tedeschi).
  3. Crea un utente utilizzando uno o più di questi caratteri nel nome utente, come Anführerin
  4. Prova a concedere i diritti di amministratore a questo utente

Previsto:

  • Viene visualizzata la pagina per inserire il codice di autenticazione a due fattori

Risultato effettivo:

  • Non succede nulla
  • Viene visualizzato un errore nella console del browser:
    image
    image472×284 9.54 KB
  • e una voce in /logs:
Message (4 copies reported)

ActionController::UrlGenerationError (No route matches {:action=>"show", :controller=>"admin/users", :id=>5, :username=>"Anführerin"}, possible unmatched constraints: [:username])
lib/second_factor/actions/grant_admin.rb:19:in `second_factor_auth_required!'
lib/second_factor/auth_manager.rb:187:in `initiate_second_factor_auth'
lib/second_factor/auth_manager.rb:179:in `run!'
app/controllers/application_controller.rb:979:in `run_second_factor!'
app/controllers/admin/users_controller.rb:177:in `grant_admin'
app/controllers/application_controller.rb:428:in `block in with_resolved_locale'
app/controllers/application_controller.rb:428:in `with_resolved_locale'
lib/middleware/omniauth_bypass_middleware.rb:35:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
lib/middleware/anonymous_cache.rb:415:in `call'
lib/middleware/csp_script_nonce_injector.rb:12:in `call'
config/initializers/008-rack-cors.rb:26:in `call'
lib/middleware/default_headers.rb:13:in `call'
config/initializers/100-quiet_logger.rb:20:in `call'
config/initializers/100-silence_logger.rb:29:in `call'
lib/middleware/enforce_hostname.rb:23:in `call'
lib/middleware/processing_request.rb:12:in `call'
lib/middleware/request_tracker.rb:410:in `call'


Backtrace

actionpack (8.0.2) lib/action_dispatch/journey/formatter.rb:46:in `path'
actionpack (8.0.2) lib/action_dispatch/routing/route_set.rb:880:in `url_for'
actionpack (8.0.2) lib/action_dispatch/routing/route_set.rb:289:in `call'
actionpack (8.0.2) lib/action_dispatch/routing/route_set.rb:345:in `block in define_url_helper'
lib/second_factor/actions/grant_admin.rb:19:in `second_factor_auth_required!'
lib/second_factor/auth_manager.rb:187:in `initiate_second_factor_auth'
lib/second_factor/auth_manager.rb:179:in `run!'
app/controllers/application_controller.rb:979:in `run_second_factor!'
app/controllers/admin/users_controller.rb:177:in `grant_admin'
actionpack (8.0.2) lib/action_controller/metal/basic_implicit_render.rb:8:in `send_action'
actionpack (8.0.2) lib/abstract_controller/base.rb:226:in `process_action'
actionpack (8.0.2) lib/action_controller/metal/rendering.rb:193:in `process_action'
actionpack (8.0.2) lib/abstract_controller/callbacks.rb:261:in `block in process_action'
activesupport (8.0.2) lib/active_support/callbacks.rb:120:in `block in run_callbacks'
app/controllers/application_controller.rb:428:in `block in with_resolved_locale'
app/controllers/application_controller.rb:428:in `with_resolved_locale'
activesupport (8.0.2) lib/active_support/callbacks.rb:129:in `block in run_callbacks'
activesupport (8.0.2) lib/active_support/callbacks.rb:140:in `run_callbacks'
actionpack (8.0.2) lib/abstract_controller/callbacks.rb:260:in `process_action'
actionpack (8.0.2) lib/action_controller/metal/rescue.rb:27:in `process_action'
actionpack (8.0.2) lib/action_controller/metal/instrumentation.rb:76:in `block in process_action'
activesupport (8.0.2) lib/active_support/notifications.rb:210:in `block in instrument'
activesupport (8.0.2) lib/active_support/notifications/instrumenter.rb:58:in `instrument'
activesupport (8.0.2) lib/active_support/notifications.rb:210:in `instrument'
actionpack (8.0.2) lib/action_controller/metal/instrumentation.rb:75:in `process_action'
actionpack (8.0.2) lib/action_controller/metal/params_wrapper.rb:259:in `process_action'
activerecord (8.0.2) lib/active_record/railties/controller_runtime.rb:39:in `process_action'
actionpack (8.0.2) lib/abstract_controller/base.rb:163:in `process'
actionview (8.0.2) lib/action_view/rendering.rb:40:in `process'
rack-mini-profiler (4.0.1) lib/mini_profiler/profiling_methods.rb:90:in `block in profile_method'
actionpack (8.0.2) lib/action_controller/metal.rb:252:in `dispatch'
actionpack (8.0.2) lib/action_controller/metal.rb:335:in `dispatch'
actionpack (8.0.2) lib/action_dispatch/routing/route_set.rb:67:in `dispatch'
actionpack (8.0.2) lib/action_dispatch/routing/route_set.rb:50:in `serve'
actionpack (8.0.2) lib/action_dispatch/routing/mapper.rb:32:in `block in <class:Constraints>'
actionpack (8.0.2) lib/action_dispatch/routing/mapper.rb:62:in `serve'
actionpack (8.0.2) lib/action_dispatch/journey/router.rb:53:in `block in serve'
actionpack (8.0.2) lib/action_dispatch/journey/router.rb:133:in `block in find_routes'
actionpack (8.0.2) lib/action_dispatch/journey/router.rb:126:in `each'
actionpack (8.0.2) lib/action_dispatch/journey/router.rb:126:in `find_routes'
actionpack (8.0.2) lib/action_dispatch/journey/router.rb:34:in `serve'
actionpack (8.0.2) lib/action_dispatch/routing/route_set.rb:908:in `call'
lib/middleware/omniauth_bypass_middleware.rb:35:in `call'
rack (2.2.17) lib/rack/tempfile_reaper.rb:15:in `call'
rack (2.2.17) lib/rack/conditional_get.rb:40:in `call'
rack (2.2.17) lib/rack/head.rb:12:in `call'
actionpack (8.0.2) lib/action_dispatch/http/permissions_policy.rb:38:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
lib/middleware/anonymous_cache.rb:415:in `call'
lib/middleware/csp_script_nonce_injector.rb:12:in `call'
config/initializers/008-rack-cors.rb:26:in `call'
rack (2.2.17) lib/rack/session/abstract/id.rb:266:in `context'
rack (2.2.17) lib/rack/session/abstract/id.rb:260:in `call'
actionpack (8.0.2) lib/action_dispatch/middleware/cookies.rb:706:in `call'
actionpack (8.0.2) lib/action_dispatch/middleware/callbacks.rb:31:in `block in call'
activesupport (8.0.2) lib/active_support/callbacks.rb:100:in `run_callbacks'
actionpack (8.0.2) lib/action_dispatch/middleware/callbacks.rb:30:in `call'
actionpack (8.0.2) lib/action_dispatch/middleware/debug_exceptions.rb:31:in `call'
actionpack (8.0.2) lib/action_dispatch/middleware/show_exceptions.rb:32:in `call'
logster (2.20.1) lib/logster/middleware/reporter.rb:40:in `call'
lib/middleware/default_headers.rb:13:in `call'
lograge (0.14.0) lib/lograge/rails_ext/rack/logger.rb:18:in `call_app'
railties (8.0.2) lib/rails/rack/logger.rb:29:in `call'
config/initializers/100-quiet_logger.rb:20:in `call'
config/initializers/100-silence_logger.rb:29:in `call'
actionpack (8.0.2) lib/action_dispatch/middleware/request_id.rb:34:in `call'
lib/middleware/enforce_hostname.rb:23:in `call'
rack (2.2.17) lib/rack/method_override.rb:24:in `call'
rack (2.2.17) lib/rack/sendfile.rb:110:in `call'
plugins/discourse-prometheus/lib/middleware/metrics.rb:14:in `call'
rack-mini-profiler (4.0.1) lib/mini_profiler.rb:191:in `call'
lib/middleware/processing_request.rb:12:in `call'
message_bus (4.4.1) lib/message_bus/rack/middleware.rb:60:in `call'
lib/middleware/request_tracker.rb:410:in `call'
actionpack (8.0.2) lib/action_dispatch/middleware/remote_ip.rb:96:in `call'
rails_failover (2.3.0) lib/rails_failover/active_record/middleware.rb:67:in `block in call'
activerecord (8.0.2) lib/active_record/connection_handling.rb:398:in `with_role_and_shard'
activerecord (8.0.2) lib/active_record/connection_handling.rb:149:in `connected_to'
rails_failover (2.3.0) lib/rails_failover/active_record/middleware.rb:64:in `call'
rails_multisite (7.0.0) lib/rails_multisite/middleware.rb:26:in `call'
railties (8.0.2) lib/rails/engine.rb:535:in `call'
railties (8.0.2) lib/rails/railtie.rb:226:in `public_send'
railties (8.0.2) lib/rails/railtie.rb:226:in `method_missing'
rack (2.2.17) lib/rack/urlmap.rb:74:in `block in call'
rack (2.2.17) lib/rack/urlmap.rb:58:in `each'
rack (2.2.17) lib/rack/urlmap.rb:58:in `call'
unicorn (6.1.0) lib/unicorn/http_server.rb:634:in `process_client'
unicorn (6.1.0) lib/unicorn/http_server.rb:739:in `worker_loop'
unicorn (6.1.0) lib/unicorn/http_server.rb:547:in `spawn_missing_workers'
unicorn (6.1.0) lib/unicorn/http_server.rb:143:in `start'
unicorn (6.1.0) bin/unicorn:128:in `<top (required)>'
vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `load'
vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `<main>'

Nota a margine: anche nel primo esempio in cui la concessione dei permessi di amministratore funziona, viene visualizzato un errore nella console del browser quando si fa clic sul pulsante:

PUT https://{my-forum}/admin/users/4/grant_admin 403 (Forbidden)

7 Mi Piace
2

Wow, grazie per il dettagliato bug report, il team darà un’occhiata a questo nelle prossime settimane.

1 Mi Piace
5

Ho appreso che questo è previsto

6

Grazie per aver segnalato questo problema. È stato risolto con questa PR

2 Mi Piace
7

Questo argomento è stato chiuso automaticamente dopo 4 giorni. Non sono più consentite nuove risposte.