Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Ticket #11112 (closed defect: fixed)

Opened 1 year ago

Last modified 1 year ago

[PATCH] ActiveResource should allow setting user and password. this is required for using emails as usernames

Reported by: ernesto.jimenez Assigned to: core
Priority: normal Milestone: 2.x
Component: ActiveResource Version: edge
Severity: normal Keywords:
Cc: nzkoz

Description

Setting HTTP credentials in the URL is too much restrictive. URI restricts format from user and password with a RegExp.

It's too much restrictive. In a real app I use e-mails as usernames and those are not supported by URI.

e.g: 

irb(main):001:0> require 'uri'
=> true
irb(main):002:0> example = URI.parse('http://ernesto.jimenez:pass@tractis.com')
=> #<URI::HTTP:0x1c896e URL:http://ernesto.jimenez:pass@tractis.com>
irb(main):003:0> example.user
=> "ernesto.jimenez"
irb(main):004:0> example = URI.parse('http://ernesto.jimenez@negonation.com:pass@tractis.com')
URI::InvalidURIError: bad URI(is not URI?): http://ernesto.jimenez@negonation.com:pass@tractis.com
	from /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/uri/common.rb:436:in `split'
	from /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/uri/common.rb:485:in `parse'
	from (irb):4
	from /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/uri/ftp.rb:128
irb(main):005:0> example.user = 'ernesto.jimenez@negonation.com'
URI::InvalidComponentError: bad component(expected userinfo component or user component): ernesto.jimenez@negonation.com
	from /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/uri/generic.rb:269:in `check_user'
	from /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/uri/generic.rb:311:in `user='
	from (irb):5
	from /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/uri/ftp.rb:128

Attachments

active_resouce_accepts_user_and_password.diff (13.4 kB) - added by ernesto.jimenez on 02/16/08 02:08:45.
Removed trailing spaces and fixing grammar errors
active_resouce_accepts_user_and_password.2.diff (15.6 kB) - added by ernesto.jimenez on 02/16/08 12:48:48.
Improved tests and added explanation about why superclass_delegating_reader is not suitable for our delegated attributes

Change History

02/14/08 04:35:01 changed by blj 

  example = URI.parse('http://ernesto.jimenez@negonation.com:pass@tractis.com')

I wonder whether your example of having email address as the user name is allowed by standard URI scheme.

02/14/08 08:26:57 changed by pantulis

According to RFC1738, special characters in the user field should be encoded: 

The user name (and password), if present, are followed by a commercial at-sign "@". 
Within the user and password field, any ":", "@", or "/" must be encoded.

02/14/08 10:07:00 changed by ernesto.jimenez

Yes, pantulis, but then, by default URI will not encode e-mails. 

irb(main):001:0> require 'uri'
=> true
irb(main):002:0> URI.encode("ernesto.jimenez@negonation.com")
=> "ernesto.jimenez@negonation.com"
irb(main):003:0> URI.encode("ernesto.jimenez@negonation.com", Regexp.union(URI::REGEXP::UNSAFE, /@/))
=> "ernesto.jimenez%40negonation.com"

It's strange because the library has a private method for escaping user and pass: 

    def escape_userpass(v)
      v = URI.escape(v, /[@:\/]/o) # RFC 1738 section 3.1 #/
    end
    private :escape_userpass

But it's not used

Like ActiveResource says, most REST APIs will require credentials, so I think this should be more straightforward, and URI is not :)

02/16/08 02:08:45 changed by ernesto.jimenez

  • attachment active_resouce_accepts_user_and_password.diff added.

Removed trailing spaces and fixing grammar errors

02/16/08 02:15:28 changed by tpope

Sound concept and implementation; tests are numerous, appropriate, and passing. +1

02/16/08 12:48:48 changed by ernesto.jimenez

  • attachment active_resouce_accepts_user_and_password.2.diff added.

Improved tests and added explanation about why superclass_delegating_reader is not suitable for our delegated attributes

02/16/08 13:07:09 changed by ernesto.jimenez

  • cc changed from ernesto.jimenez to nzkoz.

nzkoz: I have considered using superclass_delegating_reader but it doesn't fit the expected behaviour

I have added a comment explaining why we are not using superclass_delegating_reader: 

        # Not using superclass_delegating_reader because don't want subclasses to modify superclass instance
        #
        # With superclass_delegating_reader
        #
        #   Parent.site = 'http://anonymous@test.com'
        #   Subclass.site # => 'http://anonymous@test.com'
        #   Subclass.site.user = 'david'
        #   Parent.site # => 'http://david@test.com'
        #
        # Without superclass_delegating_reader (expected behaviour)
        #
        #   Parent.site = 'http://anonymous@test.com'
        #   Subclass.site # => 'http://anonymous@test.com'
        #   Subclass.site.user = 'david' # => TypeError: can't modify frozen object
        #

Let me know what you thik :) thx

02/17/08 20:12:46 changed by david.calavera

+1, it works fine for me

02/18/08 00:21:21 changed by nzkoz

  • status changed from new to closed.
  • resolution set to fixed.

(In [8891]) Add user and password configuration options to ActiveResource::Base, not all credentials can be specified inline. Closes #11112 [ernesto.jimenez]