-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passwords with quotes breaks the JSON #79
Comments
BTW, Galene supports the hash of the passwords: https://github.com/jech/galene/blob/e673cf1225e4eeefd8c8f658c00675c7fbe53868/README#L178-L193 Couldn't we fix this issue by hashing it? |
No need to hash: you just need to escape the quote in the JSON string. https://datatracker.ietf.org/doc/html/rfc7159#section-7 Any JSON formatting library should do it for you automatically. |
Still, hashing passwords is a good practice, isn't it? |
Hashing is certainly a good idea, and I'll be glad to give you a hand with implementing compatible hashing in the Yunohost's interface. However, I understand that Yunohost already has its own authentication system, and you should consider whether it's better to spend time on implementing hashing, or whether it's better to work on integrating Galene into Yunohost's existing authentication system. Please see #64 for more on the latter. |
Describe the bug
When installing the application, if the password contains quotes, it breaks the configuration json file (
/home/yunohost.app/galene/groups/GROUP.json
)1"2"3"4"5
)/home/yunohost.app/galene/groups/GROUP.json
due to the quotes not being escapedLogs
Thanks for your work! 🙏
The text was updated successfully, but these errors were encountered: