-
Bug
-
Resolution: Fixed
-
Medium
-
5.12.0
-
None
-
1
-
Severity 3 - Minor
-
Issue Summary
In Jira 5.12, a freely entered username that is an email address isn't accepted - only ones offered by the suggestion popup. However, with the Customer Permission set to Who can the issue be shared with? -> "Any customer, by typing an email address" The pop-up is not presented, and the customer should be able to enter a valid email address.
Steps to Reproduce
- Setup a test JSM project. Username "admin" = Agent. Username "user" = Customer
- Project Settings -> request Types -> Edit fields -> Add Request participants and Approves
- Project Settings -> Customer Permissions:
- Who can raise requests? Customs who have an account on this Jira site
- Who can customers share requests with? Any customer, by typing an email address
- Login as "user". In customer portal start to create a new ticket. Input username "admin" for both approvers and request participants
- Click Create
- Now as Admin, go and load the issue in agent view.
Expected Results
The username is listed in Request Participants and Approvers
Actual Results
Popup appears "the username cannot be found". The username can't be entered, and if the form is submit,the username entered won't be populated in the ticket
JSM 5.4:
JSM 5.12:
Workaround
It is possible to revert the change implemented somewhere between Jira 5.4 and 5.12 and revert the field back to text input with the dark feature sd.select.component.user.picker.uplift.disabled
- Navigate to the URL <BASE_URL>/secure/admin/SiteDarkFeatures!default.jspa to go to the Dark Feature page
- Enter sd.select.component.user.picker.uplift.disabled in the Enable dark feature section
- Click on Add
Please note that all fields that are 'sd-request-participants' and 'multiuserpicker' will be displayed as plain-text input, so the usernames or email addresses will be case-sensitive.
Workaround 2
Changing the customer share permission to Any customer or organization by searching in this project will allow customers to use the new dropdown field and search for customer emails. But changing the permission will expose all customer emails in the search and can be considered a security issue depending on the use case; therefore, this is a bug.
[JSDSERVER-15325] Customers are unable to add Approvers or Request Participants that are emails as username
| Labels | Original: ltsr |
| Labels | New: ltsr |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Waiting for Release [ 12075 ] | New: Closed [ 6 ] |
| Fix Version/s | New: 5.12.12 [ 108392 ] |
| Status | Original: In Progress [ 3 ] | New: Waiting for Release [ 12075 ] |
| Status | Original: Short Term Backlog [ 12074 ] | New: In Progress [ 3 ] |
| Assignee | New: Jim Alexander [ fb78834a366d ] |
| Priority | Original: Low [ 4 ] | New: Medium [ 3 ] |
| Status | Original: Needs Triage [ 10030 ] | New: Short Term Backlog [ 12074 ] |
| Support reference count | New: 1 |
| Description |
Original:
h3. Issue Summary
In Jira 5.12, a freely entered username that is an email address isn't accepted - only ones offered by the suggestion popup. However, with the Customer Permission set to Who can the issue be shared with? -> *"Any customer, by typing an email address"* The pop-up is not presented, and the customer should be able to enter a valid email address. h3. Steps to Reproduce # Setup a test JSM project. Username "admin" = Agent. Username "user" = Customer # Project Settings -> request Types -> Edit fields -> Add Request participants and Approves # Project Settings -> Customer Permissions: ## Who can raise requests? Customs who have an account on this Jira site ## Who can customers share requests with? Any customer, by typing an email address # Login as "user". In customer portal start to create a new ticket. Input username "admin" for both approvers and request participants # Click Create # Now as Admin, go and load the issue in agent view. h3. Expected Results The username is listed in Request Participants and Approvers h3. Actual Results Popup appears "the username cannot be found". The username can't be entered, and if the form is submit,the username entered won't be populated in the ticket JSM 5.4: !image-2024-05-21-14-07-42-530.png|thumbnail! !image-2024-05-08-11-31-25-366.png|thumbnail! JSM 5.12: !image-2024-05-21-14-08-07-056.png|thumbnail! h3. Workaround It is possible to revert the change implemented somewhere between Jira 5.4 and 5.12 and revert the field back to text input with the dark feature {{sd.select.component.user.picker.uplift.disabled}} # Navigate to the URL <BASE_URL>/secure/admin/SiteDarkFeatures!default.jspa to go to the Dark Feature page # Enter *sd.select.component.user.picker.uplift.disabled* in the Enable dark feature section # Click on *Add* (i) Please note that all fields that are 'sd-request-participants' and 'multiuserpicker' will be displayed as plain-text input, so the usernames or email addresses will be case-sensitive. Workaround 2 Changing the customer share permission to *Any customer or organization by searching in this project* will allow customers to use the new dropdown field and search for customer emails. But changing the permission *will expose all customer emails in the search and can be considered a security issue depending on the use case*; therefore, this is a bug. |
New:
h3. Issue Summary
In Jira 5.12, a freely entered username that is an email address isn't accepted - only ones offered by the suggestion popup. However, with the Customer Permission set to Who can the issue be shared with? -> *"Any customer, by typing an email address"* The pop-up is not presented, and the customer should be able to enter a valid email address. h3. Steps to Reproduce # Setup a test JSM project. Username "admin" = Agent. Username "user" = Customer # Project Settings -> request Types -> Edit fields -> Add Request participants and Approves # Project Settings -> Customer Permissions: ## Who can raise requests? Customs who have an account on this Jira site ## Who can customers share requests with? Any customer, by typing an email address # Login as "user". In customer portal start to create a new ticket. Input username "admin" for both approvers and request participants # Click Create # Now as Admin, go and load the issue in agent view. h3. Expected Results The username is listed in Request Participants and Approvers h3. Actual Results Popup appears "the username cannot be found". The username can't be entered, and if the form is submit,the username entered won't be populated in the ticket JSM 5.4: !image-2024-05-21-14-07-42-530.png|thumbnail! !image-2024-05-08-11-31-25-366.png|thumbnail! JSM 5.12: !image-2024-05-21-14-08-07-056.png|thumbnail! h3. Workaround It is possible to revert the change implemented somewhere between Jira 5.4 and 5.12 and revert the field back to text input with the dark feature {{sd.select.component.user.picker.uplift.disabled}} # Navigate to the URL <BASE_URL>/secure/admin/SiteDarkFeatures!default.jspa to go to the Dark Feature page # Enter *sd.select.component.user.picker.uplift.disabled* in the Enable dark feature section # Click on *Add* (i) Please note that all fields that are 'sd-request-participants' and 'multiuserpicker' will be displayed as plain-text input, so the usernames or email addresses will be case-sensitive. h3. Workaround 2 Changing the customer share permission to *Any customer or organization by searching in this project* will allow customers to use the new dropdown field and search for customer emails. But changing the permission *will expose all customer emails in the search and can be considered a security issue depending on the use case*; therefore, this is a bug. |