Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure email param is properly encoded in delete_connection_user [SDK-2660] #280

Merged
merged 5 commits into from
Jul 20, 2021

Conversation

Widcket
Copy link
Contributor

@Widcket Widcket commented Jul 14, 2021

Changes

This PR modifies the delete_connection_user method, putting the email query param inside the body hash parameter of the delete method, so it gets properly encoded and added as a query param to the URL by the rest-client gem.

Previously, this query param was added directly to the endpoint path, which resulted in it not being properly percent-encoded (the reserved characters as per RFC 3986 were not encoded). This resulted in the endpoint returning an error due to the input validation failed with emails like [email protected], because + was not percent-encoded.

See similar instance: https://github.com/auth0/ruby-auth0/blob/master/lib/auth0/api/v2/user_blocks.rb#L30

Why the query param needs to be added to body

See https://github.com/auth0/ruby-auth0/blob/master/lib/auth0/mixins/httpproxy.rb.

This is the body parameter of the delete method:
Screen Shot 2021-07-13 at 21 49 51

When the HTTP method is :delete, that method calls the call method to make the HTTP request with rest-client.

Screen Shot 2021-07-13 at 21 56 13

Due to the peculiar API rest-client offers to pass parameters when using arbitrary HTTP methods, the parameters (the body hash in the case of :delete) must to be added to the headers hash:
Screen Shot 2021-07-13 at 21 06 08

The call method then invokes rest-client with that headers hash containing the query params, that are then properly encoded and added to the URL:

Screen Shot 2021-07-13 at 22 04 48

Testing

This change has been tested on ruby 2.7.1p83.

  • This change adds unit test coverage
  • This change adds integration test coverage
  • This change has been tested on the latest version of Ruby

Checklist

@Widcket Widcket requested a review from a team as a code owner July 14, 2021 01:07
@Widcket Widcket added this to the vnext milestone Jul 14, 2021
evansims
evansims previously approved these changes Jul 14, 2021
@Widcket Widcket linked an issue Jul 16, 2021 that may be closed by this pull request
@davidpatrick davidpatrick merged commit da57c90 into master Jul 20, 2021
@davidpatrick davidpatrick mentioned this pull request Jul 20, 2021
@stevehobbsdev stevehobbsdev deleted the fix/delete-connection-user branch September 29, 2023 10:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

delete_connection_user does not URL encode the provided email address
3 participants