Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Escaping username/roles parameters to allow usernames/roles with special characters. #3570

Merged
merged 4 commits into from Mar 7, 2017

Conversation

@dennisoelkers
Copy link
Member

@dennisoelkers dennisoelkers commented Mar 6, 2017

Description

Motivation and Context

Before this change it was possible to create user/role names containing one or more slashes or other special characters, but it was not possible to delete them afterwards from the web interface.

After this change, the user/role name used to construct the URL to the backend is escaped properly, so deletions suceed even if the user/role name contains one or more special characters.

Fixes #3569. Should also be merged into 2.2.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
@dennisoelkers dennisoelkers added this to the 2.3.0 milestone Mar 6, 2017
@dennisoelkers dennisoelkers changed the title Escaping username component to allow usernames with slash. Escaping username/roles parameters to allow usernames/roles with special characters. Mar 6, 2017
Copy link
Contributor

@joschi joschi left a comment

Basically a question of style, but shouldn't the call to encodeURIComponent be added to the routes in Routes.jsx instead to every occurrence in other source locations?
That way it can't be forgotten by other authors.

@joschi joschi self-assigned this Mar 6, 2017
@dennisoelkers
Copy link
Member Author

@dennisoelkers dennisoelkers commented Mar 7, 2017

I totally understand your question and had the same idea at first. Unfortunately we cannot do it that way, because we also use those routes to generate the route map for our application and reuse the parameters with placeholders (:username etc.) to generate dynamic routes for react-router. So fixing it this way was the least intrusive way for now. I would like to spend some time to think about how to refactor it properly though, but this would be a bit beyond the scope of this PR. Thanks for the input!

Copy link
Contributor

@joschi joschi left a comment

There still seem to be some places missing.

For example I'm unable to log in with a user named "foo/bar".

The Chrome Console shows the following error message:

There was an error fetching a resource: cannot GET http://127.0.0.1:9000/api/users/foo/bar (404). Additional information: HTTP 404 Not Found

Unhandled rejection Error: cannot GET http://127.0.0.1:9000/api/users/foo/bar (404)

@dennisoelkers dennisoelkers force-pushed the issue-3569 branch from ce490be to b1ad52a Mar 7, 2017
@dennisoelkers
Copy link
Member Author

@dennisoelkers dennisoelkers commented Mar 7, 2017

, also rebased to current master.

@joschi
joschi approved these changes Mar 7, 2017
Copy link
Contributor

@joschi joschi left a comment

LGTM. 👍

@joschi joschi merged commit 34446c2 into master Mar 7, 2017
3 of 4 checks passed
3 of 4 checks passed
continuous-integration/travis-ci/push The Travis CI build is in progress
Details
@garybot2
ci-web-linter Jenkins build graylog-pr-linter-check 1407 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
licence/cla Contributor License Agreement is signed.
Details
@joschi joschi deleted the issue-3569 branch Mar 7, 2017
dennisoelkers added a commit that referenced this pull request Mar 7, 2017
* Escaping username component to allow usernames with slash.
* Allowing to handle deletion/updates of roles with special characters.
* Allowing editing/updating/deleting users with special characters in name
* Using proper route methods, escaping username in CurrentUserStore.

Fixes #3569

(cherry picked from commit 34446c2)
joschi added a commit that referenced this pull request Mar 7, 2017
* Escaping username component to allow usernames with slash.
* Allowing to handle deletion/updates of roles with special characters.
* Allowing editing/updating/deleting users with special characters in name
* Using proper route methods, escaping username in CurrentUserStore.

Fixes #3569

(cherry picked from commit 34446c2 / PR #3570)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

2 participants