HTTP 500 when you use an email as a username

Summary

We installed a gitlab-ee 10.7 on an AWS server. When we try to create a new user through the GUI. We encounter an HTTP 500 after submitting the form.

Steps to reproduce

  1. Install gitlab-ee 10.7 on an AWS server
  2. Set the root password
  3. Navigate to the admin section
  4. Navigate to "users"
  5. Click Create user
  6. Fill in the form First name: John Doe ( No special characters, just a-zA-Z and spaces ) username: john_doe@company.com email: john_doe@company.com

Example Project

/

What is the current bug behavior?

If you fill in an email address in the "username" field it will accept it as valid username.

What is the expected correct behavior?

  • The character is accepted and escaped. or
  • An error message that the username cannot be an email. or
  • An error message which characters are not accepted in a username.

Most preferably the first option.

Relevant logs and/or screenshots

Output of /var/log/gitlab/gitlab-rails/production.log

Completed 200 OK in 1ms (Views: 0.2ms | ActiveRecord: 0.0ms | Elasticsearch: 0.0ms)
Started POST "/admin/users" for 178.119.202.74 at 2018-04-25 08:28:06 +0000
Processing by Admin::UsersController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "user"=>{"name"=>"John Doe", "username"=>"john_doe@company.com", "email"=>"john_doe@company.com", "projects_limit"=>"100000", "can_create_group"=>"0", "access_level"=>"regular", "external"=>"0", "skype"=>"", "linkedin"=>"", "twitter"=>"", "website_url"=>"", "note"=>""}}
Completed 500 Internal Server Error in 434ms (ActiveRecord: 10.0ms | Elasticsearch: 0.0ms)

ActionView::Template::Error (No route matches {:action=>"reset_runners_minutes", :controller=>"admin/users", :id=>#<User id: @john_doe@company.com>} missing required keys: [:id]):
    5:     = render 'namespaces/shared_runners_minutes_setting', f: namespace_form
    6:     .form-group.append-bottom-0
    7:       .col-sm-offset-2.col-sm-10
    8:         = render 'namespaces/shared_runners_minutes_setting_reset', link_reset_minutes: reset_runners_minutes_admin_user_path(@user), css_class: 'append-bottom-0'
  ee/app/views/admin/users/_limits.html.haml:8:in `block in _ee_app_views_admin_users__limits_html_haml__1729122135437017437_70094423842240'
  ee/app/views/admin/users/_limits.html.haml:1:in `_ee_app_views_admin_users__limits_html_haml__1729122135437017437_70094423842240'
  app/views/admin/users/_form.html.haml:51:in `block in _app_views_admin_users__form_html_haml___4042074649110484564_70094594789260'
  app/views/admin/users/_form.html.haml:2:in `_app_views_admin_users__form_html_haml___4042074649110484564_70094594789260'
  app/views/admin/users/new.html.haml:5:in `_app_views_admin_users_new_html_haml__3915618297760499730_70094595672260'
  app/controllers/admin/users_controller.rb:112:in `block (2 levels) in create'
  app/controllers/admin/users_controller.rb:107:in `create'
  lib/gitlab/i18n.rb:50:in `with_locale'
  lib/gitlab/i18n.rb:56:in `with_user_locale'
  app/controllers/application_controller.rb:334:in `set_locale'
  lib/gitlab/middleware/multipart.rb:95:in `call'
  lib/gitlab/request_profiler/middleware.rb:14:in `call'
  ee/lib/gitlab/jira/middleware.rb:15:in `call'
  lib/gitlab/middleware/go.rb:17:in `call'
  lib/gitlab/etag_caching/middleware.rb:11:in `call'
  lib/gitlab/middleware/read_only/controller.rb:28:in `call'
  lib/gitlab/middleware/read_only.rb:16:in `call'
  lib/gitlab/request_context.rb:18:in `call'
  lib/gitlab/metrics/requests_rack_middleware.rb:27:in `call'
  lib/gitlab/middleware/release_env.rb:10:in `call'


Started GET "/-/metrics" for 127.0.0.1 at 2018-04-25 08:28:15 +0000
Processing by MetricsController#index as HTML
Completed 200 OK in 1ms (Views: 0.2ms | ActiveRecord: 0.0ms | Elasticsearch: 0.0ms)
Started GET "/-/metrics" for 127.0.0.1 at 2018-04-25 08:28:30 +0000
Processing by MetricsController#index as HTML
Completed 200 OK in 1ms (Views: 0.2ms | ActiveRecord: 0.0ms | Elasticsearch: 0.0ms)

Output of checks

(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)

Results of GitLab environment info

Image came from AWS marketplace ( AMI ) [ https://about.gitlab.com/aws/ ]

Results of GitLab application Check

/

Possible fixes

Judging by the log info. I expect the error to be the ´@´ character not being allowed. I omitted health check results and environment info given that I can create users if I omit the domain of the email address.

ActionView::Template::Error (No route matches {:action=>"reset_runners_minutes", :controller=>"admin/users", :id=>#<User id: @john_doe@company.com>} missing required keys: [:id]):
                                                                                                                                      ^

In my company they use the email address as the user "principelname". If my guess is correct and it is the '@', will setting up the LDAP integration also result in this issue?

Should you need more information such as the application check etc. I will provide them.