Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CST-4767] Password are not properly url encoded at login #1375

Merged
merged 2 commits into from
Oct 26, 2021
Merged

[CST-4767] Password are not properly url encoded at login #1375

merged 2 commits into from
Oct 26, 2021

Conversation

davide-negretti
Copy link
Contributor

@davide-negretti davide-negretti commented Oct 25, 2021
edited by tdonohue
Loading

References

Description

When submitting login form only a few special characters were manually URL encoded. Now all special characters are automatically encoded with encodeURIComponent().

Instructions for Reviewers

Login should now be possible when username and password contain special characters like #%+!
List of changes in this PR:

  • encode-decode.util.ts has been fixed

Checklist

  • My PR is small in size (e.g. less than 1,000 lines of code, not including comments & specs/tests), or I have provided reasons as to why that's not possible.
  • My PR passes TSLint validation using yarn run lint
  • My PR doesn't introduce circular dependencies
  • My PR includes TypeDoc comments for all new (or modified) public methods and classes. It also includes TypeDoc for large or complex private methods.
  • My PR passes all specs/tests and includes new/updated specs or tests based on the Code Testing Guide.
  • If my PR includes new, third-party dependencies (in package.json), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.

@tdonohue tdonohue added 1 APPROVAL pull request only requires a single approval to merge authentication: general general authentication issues bug high priority labels Oct 25, 2021
@tdonohue tdonohue requested review from tdonohue and artlowel October 25, 2021 16:46
@tdonohue tdonohue added this to the 7.1 milestone Oct 25, 2021
@tdonohue
Copy link
Member

@artlowel : Added you as a secondary reviewer...it might only need a very quick glance from you. I'll give it a test myself though.

tdonohue
tdonohue approved these changes Oct 25, 2021
View reviewed changes
Copy link
Member

@tdonohue tdonohue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Verified the bug on demo7.dspace.org with the "test@example.com" account as described in #1367. Also verified that this PR fixes that bug, and login works as expected even when a username or password includes special characters. Thanks @davidenegretti-4science !

artlowel
artlowel requested changes Oct 26, 2021
View reviewed changes
Copy link
Member

@artlowel artlowel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @davidenegretti-4science!

It works, but why not simply get rid of the loginEncodeUrl method and the encode-decode.util.ts file, and use encodeURIComponent directly?

@davide-negretti
Copy link
Contributor Author

Thanks @davidenegretti-4science!

It works, but why not simply get rid of the loginEncodeUrl method and the encode-decode.util.ts file, and use encodeURIComponent directly?

The method was kept in order to mantain test coverage. Now I have removed it and tested again

artlowel
artlowel approved these changes Oct 26, 2021
View reviewed changes
Copy link
Member

@artlowel artlowel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@tdonohue tdonohue merged commit 30b9eae into DSpace:main Oct 26, 2021
@abollini abollini deleted the CST-4767 branch October 28, 2021 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@artlowel artlowel artlowel approved these changes

@tdonohue tdonohue tdonohue approved these changes

Assignees

@davide-negretti davide-negretti

Labels
1 APPROVAL pull request only requires a single approval to merge authentication: general general authentication issues bug high priority
Projects
None yet
Milestone
7.1
Development

Successfully merging this pull request may close these issues.

Password are not properly url encoded at login
3 participants
@davide-negretti @tdonohue @artlowel