Unable to create/modify applications with alias'ed email id's due to SP creation failing due for having special characters in the username

[VinulaUthsara]

Problem

When there is a special character such as a “+” in a username, if we login to the APIM Devportal and try to create an application or generate tokens from an application we get the following error:

ERROR - AbstractKeyManager Can not create OAuth application  : <username>-AT-gmail.com_765491a2-0132-4214-8641-2c32dc6199d3_PRODUCTION for application: DefaultApplication and key type: PRODUCTION
org.wso2.carbon.apimgt.impl.kmclient.KeyManagerClientException: Received status code: 400 Reason: 
	at org.wso2.carbon.apimgt.impl.kmclient.KMClientErrorDecoder.decode_aroundBody0(KMClientErrorDecoder.java:42) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
	at org.wso2.carbon.apimgt.impl.kmclient.KMClientErrorDecoder.decode(KMClientErrorDecoder.java:35) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
	at feign.AsyncResponseHandler.handleResponse(AsyncResponseHandler.java:96) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
	at feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:138) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
	at feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:89) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
	at feign.ReflectiveFeign$FeignInvocationHandler.invoke(ReflectiveFeign.java:100) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
	at com.sun.proxy.$Proxy467.createApplication(Unknown Source) ~[?:?]
	at org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.createApplication_aroundBody0(AMDefaultKeyManagerImpl.java:144) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
	at org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.createApplication(AMDefaultKeyManagerImpl.java:104) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
	at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication_aroundBody8(AbstractApplicationRegistrationWorkflowExecutor.java:153) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
	at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:124) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
	at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication_aroundBody6(AbstractApplicationRegistrationWorkflowExecutor.java:120) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
	at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:117) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
	at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete_aroundBody2(ApplicationRegistrationSimpleWorkflowExecutor.java:77) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
	at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.java:65) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
	at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.execute_aroundBody0(ApplicationRegistrationSimpleWorkflowExecutor.java:54) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
	at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.execute(ApplicationRegistrationSimpleWorkflowExecutor.java:47) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
	at org.wso2.carbon.apimgt.impl.APIConsumerImpl.requestApprovalForApplicationRegistration_aroundBody138(APIConsumerImpl.java:4126) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
	at org.wso2.carbon.apimgt.impl.APIConsumerImpl.requestApprovalForApplicationRegistration(APIConsumerImpl.java:3971) ~[org.wso2.carbon.apimgt.impl_9.20.74.jar:?]
	at org.wso2.carbon.apimgt.rest.api.store.v1.impl.ApplicationsApiServiceImpl.applicationsApplicationIdGenerateKeysPost(ApplicationsApiServiceImpl.java:741) ~[?:?]
	at org.wso2.carbon.apimgt.rest.api.store.v1.ApplicationsApi.applicationsApplicationIdGenerateKeysPost(ApplicationsApi.java:129) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]

Please find the reproducing steps as follows:

1. Add either the following configuration to the deployment.toml or create a tenant
   [tenant_mgt]
   enable_email_domain= true

2. Create a user with a special character (+) in the username and provide the necessary permissions from the management console

3. Login to the Developer portal and either create a new application or generate a token for an already existing application.

The above mentioned error will reproduce.

When checking the source code of the carbon-kernel [1] we noticed that + is one of the illegal characters of the put method.

[1] https://github.com/wso2/carbon-kernel/blob/28aebcd25da41d77e76f9cf2eed6885a5f6afe40/core/org.wso2.carbon.registry.core/src/main/java/org/wso2/carbon/registry/core/jdbc/Repository.java#L258

Solution

Since adding special characters to usernames is allowed, it should be possible to carry out actions such as creating applications or generating tokens where the SP for OAuth should be created in the API Manager.

Affected Component

APIM

Version

4.1.0, 4.2.0

Implementation

No response

Related Issues

No response

Suggested Labels

4.3.0