Menu
▾
▴
Re: [Unity-idm-discuss] prohibit whitespace characters for some attributes
|
From: Sander A. <sa....@fz...> - 2022-08-30 07:23:48
|
Good morning Krzysztof, maybe you do not need a url attribute type. But parsing the input by the java trim function removes all whitespace in the beginning and at the end. This should also remove linebreak characters. This might be useful for all attributes. What do you think? Best regards, Sander On Mon, 2022-08-29 at 13:15 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 25.08.2022 o 15:13, Sander Apweiler pisze: > > Hi Krzystzof, > > after I had a longer debug session with an administrator of a > > service > > who said there where a problem in unity, I was able to show him, > > that > > he created a wrong config. He entered in the OAuth return URL a > > linebreak. > > > > To avoid such problems, would it make sense to prohibit whitespace > > characters to some attributes like return URL or email addresses? A > > valid value never contains whitespace character. > > Yes, this situation unfortunately can happen. It is because we don't > have a dedicated attribute value type for URLs (or URIs). And so > OAuth > client's return URL is stored in a plain string attribute. > > We were talking about that few times, but never approached that as we > are bit afraid of the migration: it may happen that current values > are > not parsable as URL -> what then? Anyway as this was raised also on > community side, not only randomly internally, I'm opening a ticket to > cover that: introduce URL attribute value type, with proper > validation, > and migrate all system attributes to that type. Migration details > TBD. > > > In the case of emails this problem should not exist: we have a > dedicated > type for that, so as long as verifiableEmail type is used in > attribute > intended to store email, any invalid string should not be allowed. > > Best, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
