transport: Accept international email address when making auth headers #5178
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chrisbobbe
added
severe: crash
chrisbobbe
force-pushed
the
pr-utf8-auth-headers
branch
from
fca7a84 to
128e3c8
Compare
|
Just rebased, resolving a conflict in url-test.js. |
The base64.encode function requires all the code points in its input to be in the range U+0000..U+00FF. Effectively it requires that it can type-pun the string as a string of bytes, because the Base64 encoding itself is defined on sequences of bytes. But email addresses aren't restricted to that range, and haven't been for a long time. RFC 6532, "Internationalized Email Headers", dates to 2012. So some users have email addresses containing code points outside that range, and we should handle them so that those users are able to use the app. Here in the HTTP basic-auth header, one is generally supposed to do so (though the spec stops short of quite mandating this) by encoding the user-id and password -- which for Zulip means the user's email and API key -- in UTF-8, and then Base64-encoding those bytes. And indeed that's what the Zulip server expects. See discussion: https://chat.zulip.org/#narrow/stream/378-api-design/topic/Non-ASCII.20email.2Fapi_key.3F/near/1300660 So do that here. [greg: wrote new commit message]
gnprice
force-pushed
the
pr-utf8-auth-headers
branch
from
128e3c8 to
aa470d2
Compare
|
Thanks! Wrote a new commit message, and merging. |
|
Thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Anders points out on CZO [1] that non-ASCII UTF-8 characters are now
allowed in email addresses:
So, we need to accept those characters. Otherwise, you could have a
valid email address and be unable to make any authenticated API
requests in the app.
Use our handy helper function for base64 encoding that accepts UTF-8
as input.
[1] https://chat.zulip.org/#narrow/stream/378-api-design/topic/Non-ASCII.20email.2Fapi_key.3F/near/1300579