Menu
▾
▴
unity-idm-discuss
|
From: Sander A. <sa....@fz...> - 2022-08-25 13:14:05
Attachments:
smime.p7s
|
Hi Krzystzof, after I had a longer debug session with an administrator of a service who said there where a problem in unity, I was able to show him, that he created a wrong config. He entered in the OAuth return URL a linebreak. To avoid such problems, would it make sense to prohibit whitespace characters to some attributes like return URL or email addresses? A valid value never contains whitespace character. Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2022-08-29 11:15:47
|
Hi Sander, W dniu 25.08.2022 o 15:13, Sander Apweiler pisze: > Hi Krzystzof, > after I had a longer debug session with an administrator of a service > who said there where a problem in unity, I was able to show him, that > he created a wrong config. He entered in the OAuth return URL a > linebreak. > > To avoid such problems, would it make sense to prohibit whitespace > characters to some attributes like return URL or email addresses? A > valid value never contains whitespace character. Yes, this situation unfortunately can happen. It is because we don't have a dedicated attribute value type for URLs (or URIs). And so OAuth client's return URL is stored in a plain string attribute. We were talking about that few times, but never approached that as we are bit afraid of the migration: it may happen that current values are not parsable as URL -> what then? Anyway as this was raised also on community side, not only randomly internally, I'm opening a ticket to cover that: introduce URL attribute value type, with proper validation, and migrate all system attributes to that type. Migration details TBD. In the case of emails this problem should not exist: we have a dedicated type for that, so as long as verifiableEmail type is used in attribute intended to store email, any invalid string should not be allowed. Best, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2022-08-30 07:23:48
Attachments:
smime.p7s
|
Good morning Krzysztof, maybe you do not need a url attribute type. But parsing the input by the java trim function removes all whitespace in the beginning and at the end. This should also remove linebreak characters. This might be useful for all attributes. What do you think? Best regards, Sander On Mon, 2022-08-29 at 13:15 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 25.08.2022 o 15:13, Sander Apweiler pisze: > > Hi Krzystzof, > > after I had a longer debug session with an administrator of a > > service > > who said there where a problem in unity, I was able to show him, > > that > > he created a wrong config. He entered in the OAuth return URL a > > linebreak. > > > > To avoid such problems, would it make sense to prohibit whitespace > > characters to some attributes like return URL or email addresses? A > > valid value never contains whitespace character. > > Yes, this situation unfortunately can happen. It is because we don't > have a dedicated attribute value type for URLs (or URIs). And so > OAuth > client's return URL is stored in a plain string attribute. > > We were talking about that few times, but never approached that as we > are bit afraid of the migration: it may happen that current values > are > not parsable as URL -> what then? Anyway as this was raised also on > community side, not only randomly internally, I'm opening a ticket to > cover that: introduce URL attribute value type, with proper > validation, > and migrate all system attributes to that type. Migration details > TBD. > > > In the case of emails this problem should not exist: we have a > dedicated > type for that, so as long as verifiableEmail type is used in > attribute > intended to store email, any invalid string should not be allowed. > > Best, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2022-09-02 09:25:13
|
Hi Sander, W dniu 30.08.2022 o 09:12, Sander Apweiler pisze: > Good morning Krzysztof, > maybe you do not need a url attribute type. But parsing the input by > the java trim function removes all whitespace in the beginning and at > the end. This should also remove linebreak characters. This might be > useful for all attributes. What do you think? I'm afraid not. First of all range of use cases of string attributes is wide. We can not just start trimming all whitespaces, aven leading or trailing, may break many setups. Feature to trim whitespaces from strings (as an optional setting in attribute type definition) can be considered. Anyway proper support for URLs is still needed. Whitespaces are one edge case, what about other mistakes in syntax? So I'm afraid we do need the extra type anyway. Best, Krzysztof > Best regards, > Sander > > On Mon, 2022-08-29 at 13:15 +0200, Krzysztof Benedyczak wrote: >> Hi Sander, >> >> W dniu 25.08.2022 o 15:13, Sander Apweiler pisze: >>> Hi Krzystzof, >>> after I had a longer debug session with an administrator of a >>> service >>> who said there where a problem in unity, I was able to show him, >>> that >>> he created a wrong config. He entered in the OAuth return URL a >>> linebreak. >>> >>> To avoid such problems, would it make sense to prohibit whitespace >>> characters to some attributes like return URL or email addresses? A >>> valid value never contains whitespace character. >> Yes, this situation unfortunately can happen. It is because we don't >> have a dedicated attribute value type for URLs (or URIs). And so >> OAuth >> client's return URL is stored in a plain string attribute. >> >> We were talking about that few times, but never approached that as we >> are bit afraid of the migration: it may happen that current values >> are >> not parsable as URL -> what then? Anyway as this was raised also on >> community side, not only randomly internally, I'm opening a ticket to >> cover that: introduce URL attribute value type, with proper >> validation, >> and migrate all system attributes to that type. Migration details >> TBD. >> >> >> In the case of emails this problem should not exist: we have a >> dedicated >> type for that, so as long as verifiableEmail type is used in >> attribute >> intended to store email, any invalid string should not be allowed. >> >> Best, >> Krzysztof >> |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X