Ticket #1416 (closed defect: fixed)

Opened 3 years ago

Last modified 3 years ago

Registering with blank email can cause exception

Reported by: dread Owned by: dread
Priority: trivial Milestone: ckan-sprint-2011-11-07
Component: ckan Keywords:
Cc: Repository: ckan
Theme: none

Description

This might well be a bot, but not POSTing the email field should not cause an exception - it should be 400 and then the sysadmin doesn't get these nags. 

http://www.publicdata.eu/user/register
...
Module ckan.controllers.user:79 in register
<<              c.login = request.params.getone('login')
                   c.fullname = request.params.getone('fullname')
                   c.email = request.params.getone('email')
                   if not model.User.check_name_available(c.login):
                       h.flash_error(_("That username is not available."))
>>  c.email = request.params.getone('email')
Module webob.multidict:335 in getone
<<          values were found.
               """
               return self._decode_value(self.multi.getone(self._encode_key(key)))
       
           def mixed(self):
>>  return self._decode_value(self.multi.getone(self._encode_key(key)))
Module webob.multidict:99 in getone
<<          v = self.getall(key)
               if not v:
                   raise KeyError('Key not found: %r' % key)
               if len(v) > 1:
                   raise KeyError('Multiple values match %r: %r' % (key, v))
>>  raise KeyError('Key not found: %r' % key)
KeyError: "Key not found: 'email'"

HTTP_USER_AGENT	'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.3 (build 01218); .NET CLR 1.1.4322)'
webob._parsed_post_vars	(MultiDict([('login', 'ahusernames9'), ('fullname', 'ahusernames9'), ('password1', '******'), ('password2', '******'), ('s', 'Sign up')]), <FakeCGIBody at 0xb9d7c5ec viewing MultiDict([('lo...p')])>)

Change History

comment:1 Changed 3 years ago by rgrp

  • Milestone changed from ckan-current-sprint to ckan-sprint-2011-11-07

In normal user submission this would result in errors reported and no 500. Happy to have this switch to 400 if you think this is a good idea.

comment:2 Changed 3 years ago by dread

  • Status changed from new to closed
  • Resolution set to fixed

This seems to have been fixed in #1229. Added a test for this cset:5d6a3e50fe8f on default to demonstrate it displays a validation error, as rgrp suggests.

Note, this ticket is about spammers missing some of the form fields, rather than any normal user usage, where the browser sends all the fields whether you fill them or not.

Note: See TracTickets for help on using tickets.