You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Pascal Langenstein <Pa...@united-security-providers.ch> on 2019/05/16 13:22:44 UTC
Using e-mail as the username - chars according to RFC
Hi
There is an issue with E-Mail addresses as a `username`. It all works fine for an alpha, numeric, minus, dot and underscore in addresses.
However, there are a bunch more allowed signs[1] [2]. For example, catchall+syncope@example.com<ma...@example.com> is valid.
Does there is a specific reason for `org.apache.syncope.common.lib.SyncopeConstants#NAME_PATTERN` (syncope-common-lib.2.0.12) allowing only the defined set of chars[3]? Could it be expanded?
Regards
Pascal
[1] https://tools.ietf.org/html/rfc822#section-6.1
[2] https://stackoverflow.com/a/2049510/1221807
[3] SyncopeConstants.java:44 public static final String NAME_PATTERN = "[\\p{L}\\p{gc=Mn}\\p{gc=Me}\\p{gc=Mc}\\p{Digit}\\p{gc=Pc} \\-@.]+";
Re: AW: Using e-mail as the username - chars according to RFC
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 20/05/19 12:19, Pascal Langenstein wrote:
>
> Hi Francesco
>
> The requirement from Customers. They want to be able to login with the
> email address, which _in_ their cases also contains symbols like >’<.
>
> For the REST access to something like /syncope/rest/users/username, I
> assume usernames are encoded. So it would be the following:
> foo@bar.com <ma...@bar.com> -> /syncope/rest/users/foo%40bar.com
> fo’o@bar.com -> /syncope/rest/users/fo%27o%40bar.com
> fo+o@bar.com <ma...@bar.com> -> /syncope/rest/users/fo%2Bo%40bar.com
>
> Therefore it should not be an issue?
>
> Is there may be a solution to set the email property as login name?
>
Yes, there is: see
http://syncope.apache.org/docs/2.1/reference-guide.html#configuration-parameters
under "authentication.attributes"
HTH
Regards.
> *Von:*Francesco Chicchiriccò <il...@apache.org>
> *Gesendet:* Freitag, 17. Mai 2019 06:45
> *An:* user@syncope.apache.org
> *Betreff:* Re: Using e-mail as the username - chars according to RFC
>
> On 16/05/19 15:22, Pascal Langenstein wrote:
>
> Hi
>
> There is an issue with E-Mail addresses as a `username`. It all
> works fine for an alpha, numeric, minus, dot and underscore in
> addresses.
>
> However, there are a bunch more allowed signs[1] [2]. For example,
> catchall+syncope@example.com
> <ma...@example.com>is valid.
>
>
> Does there is a specific reason for
> `org.apache.syncope.common.lib.SyncopeConstants#NAME_PATTERN`
> (syncope-common-lib.2.0.12) allowing only the defined set of
> chars[3]? Could it be expanded?
>
> Hi,
> the idea behind SyncopeConstants#NAME is to limit what can be
> potentially used in REST URLs, as for example
>
> /syncope/rest/users/username
>
> where "username" is the value of username for a given user.
> Please also note that SyncopeConstants#NAME is not used only by Users,
> but for several other entities, as Groups, Any Objects, External
> Resources, etc. - all with the same idea about REST URLs.
>
> There is a more comprehensive SyncopeConstants#EMAIL_PATTERN which
> should allow what needed, and that can be used for validating plain
> attributes used as e-mail addresses.
>
> Is there any particular reason why you need that usernames should be
> e-mail addresses?
> Regards.
>
> [1] https://tools.ietf.org/html/rfc822#section-6.1
>
> [2]https://stackoverflow.com/a/2049510/1221807
>
> [3] SyncopeConstants.java:44 *public static final *String */NAME_PATTERN /*= *"[**\\**p{L}**\\**p{gc=Mn}**\\**p{gc=Me}**\\**p{gc=Mc}**\\**p{Digit}**\\**p{gc=Pc} **\\**-@.]+"*;
>
> --
> Francesco Chicchiriccò
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
AW: Using e-mail as the username - chars according to RFC
Posted by Pascal Langenstein <Pa...@united-security-providers.ch>.
Hi Francesco
The requirement from Customers. They want to be able to login with the email address, which in their cases also contains symbols like >’<.
For the REST access to something like /syncope/rest/users/username, I assume usernames are encoded. So it would be the following:
foo@bar.com<ma...@bar.com> -> /syncope/rest/users/foo%40bar.com
fo’o@bar.com -> /syncope/rest/users/fo%27o%40bar.com
fo+o@bar.com<ma...@bar.com> -> /syncope/rest/users/fo%2Bo%40bar.com
Therefore it should not be an issue?
Is there may be a solution to set the email property as login name?
Von: Francesco Chicchiriccò <il...@apache.org>
Gesendet: Freitag, 17. Mai 2019 06:45
An: user@syncope.apache.org
Betreff: Re: Using e-mail as the username - chars according to RFC
On 16/05/19 15:22, Pascal Langenstein wrote:
Hi
There is an issue with E-Mail addresses as a `username`. It all works fine for an alpha, numeric, minus, dot and underscore in addresses.
However, there are a bunch more allowed signs[1] [2]. For example, catchall+syncope@example.com<ma...@example.com> is valid.
Does there is a specific reason for `org.apache.syncope.common.lib.SyncopeConstants#NAME_PATTERN` (syncope-common-lib.2.0.12) allowing only the defined set of chars[3]? Could it be expanded?
Hi,
the idea behind SyncopeConstants#NAME is to limit what can be potentially used in REST URLs, as for example
/syncope/rest/users/username
where "username" is the value of username for a given user.
Please also note that SyncopeConstants#NAME is not used only by Users, but for several other entities, as Groups, Any Objects, External Resources, etc. - all with the same idea about REST URLs.
There is a more comprehensive SyncopeConstants#EMAIL_PATTERN which should allow what needed, and that can be used for validating plain attributes used as e-mail addresses.
Is there any particular reason why you need that usernames should be e-mail addresses?
Regards.
[1] https://tools.ietf.org/html/rfc822#section-6.1
[2] https://stackoverflow.com/a/2049510/1221807
[3] SyncopeConstants.java:44 public static final String NAME_PATTERN = "[\\p{L}\\p{gc=Mn}\\p{gc=Me}\\p{gc=Mc}\\p{Digit}\\p{gc=Pc} \\-@.]+";
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Using e-mail as the username - chars according to RFC
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 16/05/19 15:22, Pascal Langenstein wrote:
>
> Hi
>
> There is an issue with E-Mail addresses as a `username`. It all works
> fine for an alpha, numeric, minus, dot and underscore in addresses.
>
> However, there are a bunch more allowed signs[1] [2]. For example,
> catchall+syncope@example.com <ma...@example.com> is
> valid.
>
>
> Does there is a specific reason for
> `org.apache.syncope.common.lib.SyncopeConstants#NAME_PATTERN`
> (syncope-common-lib.2.0.12) allowing only the defined set of chars[3]?
> Could it be expanded?
>
Hi,
the idea behind SyncopeConstants#NAME is to limit what can be
potentially used in REST URLs, as for example
/syncope/rest/users/username
where "username" is the value of username for a given user.
Please also note that SyncopeConstants#NAME is not used only by Users,
but for several other entities, as Groups, Any Objects, External
Resources, etc. - all with the same idea about REST URLs.
There is a more comprehensive SyncopeConstants#EMAIL_PATTERN which
should allow what needed, and that can be used for validating plain
attributes used as e-mail addresses.
Is there any particular reason why you need that usernames should be
e-mail addresses?
Regards.
> [1] https://tools.ietf.org/html/rfc822#section-6.1
>
> [2]https://stackoverflow.com/a/2049510/1221807
>
> [3]SyncopeConstants.java:44 *public static final *String */NAME_PATTERN /*= *"[**\\**p{L}**\\**p{gc=Mn}**\\**p{gc=Me}**\\**p{gc=Mc}**\\**p{Digit}**\\**p{gc=Pc} **\\**-@.]+"*;
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/