Kibana 7.10.0 user management reports "Error loading user" when clicking a user with an @ in their username #83379
Labels
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Kibana version: 7.10.0
Elasticsearch version: 7.10.0
Server OS version: CenOS 8, using ECK 1.2 default image
Browser version: Chrome 86.0.4240.75 and Firefox 81.0.2
Browser OS version: Windows 10
Original install method (e.g. download page, yum, from source, etc.): ECK 1.2
Describe the bug:
Users with an
@
in their username cannot be edited in Kibana 7.10.0.This is a regression, as it worked in 7.9.0 and all previous versions I've used in this environment.
It appears to be caused by double encoding, as the link to internal/security/users replaces the
@
with%2540
First level of escaping becomes
%40
, then next level escapes the%
as%25
.If I navigate to that path it fails, but if I replace the
%2540
with@
it works.Steps to reproduce:
@
in their username@
in their usernameExpected behavior:
Edit user page displayed
Screenshots (if relevant):
Errors in browser console (if relevant):
GET request to internal/security/users fails with 404.
Provide logs and/or server output (if relevant):
Any additional context:
Anyone affected by this can right-click the username, copy the url, replace the
%40
with@
, and open the fixed url in a new tab.This opens the edit user page properly
The text was updated successfully, but these errors were encountered: