-
Notifications
You must be signed in to change notification settings - Fork 360
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API js - use base64encode which can deal with UTF8 passwords #3682
Conversation
can't really assume the login screen will depend only on old JS anymore
`window.btoa("sněhulák")` fails on InvalidCharacterError: String contains an invalid character because it only expects latin1 chars We need to base64 encode the login:password pair even when the password uses non-latin1 chars :) Implementation adapted from https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding#Solution_2_%E2%80%93_rewrite_the_DOMs_atob()_and_btoa()_using_JavaScript's_TypedArrays_and_UTF-8 https://bugzilla.redhat.com/show_bug.cgi?id=1527316
Testing: add a user with special (unicode) characters in the password |
Checked commits https://github.com/himdel/manageiq-ui-classic/compare/af3c209964ca45c8cf4297b909383e2ab0e5e155~...6a0688bdc591be091cbb0cd822c9e827a9031745 with ruby 2.3.3, rubocop 0.52.1, haml-lint 0.20.0, and yamllint 1.10.0 |
gaprindashvili: Please backport together with #3687, which fixes a bug in older browsers |
@himdel Can this (and related PRs) be |
API js - use base64encode which can deal with UTF8 passwords (cherry picked from commit aa6b2fd) Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1562797
Gaprindashvili backport details:
|
@simaishi They can't, I think I need to create a separate PR - no webpack in fine. On it.. :) |
Fine version created in #3711 |
Backported to Fine via #3711 |
This adds 2 npm packages:
base64js
- JS implementation of base64 which can deal with arbitrary encodingstext-encoder-lite
- a shim for the TextEncoder api, useable for utf8 strings (even in IE)and replaces the
API.login
use ofwindow.btoa
with a custombase64encode
function implemented using the 2 libraries.This way, users can use passwords with unicode chars.
Note: on modern browsers, this will handle any unicode password, including emoji.
On IE, more modern unicode versions may not be fully supported (czech or japanese chars should be fine, emoji may not).
The difference:
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1527316