[Cosmo-dev] Re: [Bug 5886] cannot sign up for account with single
quote character in username
Brian Moseley
bcm at osafoundation.org
Thu May 11 13:19:49 PDT 2006
in the spirit of keeping conversations on the mailing list rather than
in bugzilla, i'm replying here. see
<http://bugzilla.osafoundation.org/show_bug.cgi?id=5886> for the
previous discussion.
towns, the goal is for people to be able to use any utf-8 character in
their username. this lets folks create usernames that better reflect
their identity.
the '/' character is an exception to this policy, since it is the http
uri path separator character. if a username contained that character,
then we wouldn't be able to formulate a url for his home directory.
consider the username "ix/jonez" - the homedir url would be
"http://server:port/cosmo/home/ix/jonez/", which has an obvious
problem.
there's no other protocol-level reason to disallow any other
characters from usernames. however, using jcr for storage has its own
complications. in our schema, home directory nodes are named according
to username - the "client" (dav, atom, cmp, web console) path /bcm
corresponds to the repository path /b/bc/bcm. certain characters are
illegal in jcr names, including colon, forward slash, and you guessed
it - single quote.
the way we get around this is by hex escaping the username when
constructing the repository path in a manner similar to url escaping.
so the username "bc:m" is translated to the node name "bc%3am". a
similar translation occurs when going from repository path to client
path.
last night i thought that the bug occurred in the code that does hex
escaping. for some reason (the heat? the late hour?) that the escaping
code was just ignoring the single quote char. turns out that the
problem was one layer higher, in the PathTranslator class that
converts from client paths to repository paths and vice versa. i found
that all of the segments of the path following the username were being
escaped, but the username itself was *not* being escaped.
the unit tests didn't catch this because they used usernames that
didn't have any illegal characters in them, even tho later parts of
the tested paths did. the migration tool worked because it
re-implemented path translation manually (i didn't want the migration
tool have to include cosmo classes, which would have blown it up in
size) and got this part right.
i've committed a fix and updated unit tests (r1977).
On 5/11/06, bug-comment at osafoundation.org <bug-comment at osafoundation.org> wrote:
> http://bugzilla.osafoundation.org/show_bug.cgi?id=5886
>
>
>
>
>
> ------- Comment #2 from todd at agulnick.com 2006-05-11 09:03 PST -------
> (In reply to comment #1)
>
> We can decide to do whatever we want here. In practical terms, there are only
> three existing users (out of 20k+) that have created account names with ' in
> them.
>
> The issue is that ths spec has said that ' is allowable since 0.2 and Foxmarks
> dutifully mirrors that spec in determining what's allowable in a username.
> Further, usernames with ' worked in 0.2 but got broken in 0.3, so this is
> regression.
>
> If we want to change the spec to disallow ', I'm okay with that, but I still
> think it'd be valuable to understand how what got built got broken, why testing
> didn't detect that it was broken, why the migrator successfully migrated these
> (3!) accounts that are in fact not accessible, etc.
>
>
> --
> Configure bugmail: http://bugzilla.osafoundation.org/userprefs.cgi?tab=email
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.
> You are the assignee for the bug, or are watching the assignee.
>
>
More information about the cosmo-dev
mailing list