Errors with Emails with “+” signs

  • Resolved Nick Haskins

    (@nphaskins)


    8 years, 1 month ago

    – cas server running rails
    – wp cassify setup – cas protocol 2, create user if not exist, ssl check

    We’re sending over username from cas, and have mapped wp cassify to this as we send over other info in the payload.

    //cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:username

    When I log in with my email [email protected], and I dump out my $cas_user_id (which is mapped to cas:user), i get my correct user_id of someusername. Great!

    When I log in with my email [email protected] and I dump out my $cas_user_id , I get an array of data which is causing the username_exists lookup to fail, which is causing the error “user does not exist in wordpress database.”

    I then tested a 3rd time, with a brand new user, with no + in the email, and it works.

    To Replicate:
    – cas server on rails/activerecord/postgres
    – User.create(email:’[email protected]’)
    – user in wordpress does not exist to begin with
    – try to log in and you should hit the error with no user existing
    – add a wp_die($cas_user_id) under wp_cassify_auth_user_wordpress( $cas_user_id )

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi,

    It’s not due to plugin.

    It’s provide from WordPress username limitations. I’ve tried to create wordpress user from WordPress backoffice with username ‘[email protected]’. It’s not possible by default.

    When user is created, fields content are checked and sanitized.
    See function sanitize_user_field.

    It’s not the role of this plugin to bypass WordPress security limitations. This could create security problems.

    Best regards.

    Thread Starter Nick Haskins

    (@nphaskins)

    That’s what I thought, but I wanted to have you verify. Thanks again.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Errors with Emails with “+” signs’ is closed to new replies.