Using e-mail as the username - chars according to RFC

[Pascal Langenstein <Pa...@united-security-providers.ch>]

Hi

There is an issue with E-Mail addresses as a `username`. It all works fine for an alpha, numeric, minus, dot and underscore in addresses.
However, there are a bunch more allowed signs[1] [2]. For example, catchall+syncope@example.com<ma...@example.com> is valid.

Does there is a specific reason for `org.apache.syncope.common.lib.SyncopeConstants#NAME_PATTERN` (syncope-common-lib.2.0.12) allowing only the defined set of chars[3]? Could it be expanded?

Regards

Pascal

[1] https://tools.ietf.org/html/rfc822#section-6.1
[2] https://stackoverflow.com/a/2049510/1221807

[3] SyncopeConstants.java:44 public static final String NAME_PATTERN = "[\\p{L}\\p{gc=Mn}\\p{gc=Me}\\p{gc=Mc}\\p{Digit}\\p{gc=Pc} \\-@.]+";

Re: AW: Using e-mail as the username - chars according to RFC

[Francesco Chicchiriccò <il...@apache.org>]

On 20/05/19 12:19, Pascal Langenstein wrote:
>
> Hi Francesco
>
> The requirement from Customers. They want to be able to login with the 
> email address, which _in_ their cases also contains symbols like >’<.
>
> For the REST access to something like /syncope/rest/users/username, I 
> assume usernames are encoded. So it would be the following:
> foo@bar.com <ma...@bar.com> -> /syncope/rest/users/foo%40bar.com
> fo’o@bar.com -> /syncope/rest/users/fo%27o%40bar.com
> fo+o@bar.com <ma...@bar.com> -> /syncope/rest/users/fo%2Bo%40bar.com
>
> Therefore it should not be an issue?
>
> Is there may be a solution to set the email property as login name?
>
Yes, there is: see

http://syncope.apache.org/docs/2.1/reference-guide.html#configuration-parameters

under "authentication.attributes"

HTH
Regards.

> *Von:*Francesco Chicchiriccò <il...@apache.org>
> *Gesendet:* Freitag, 17. Mai 2019 06:45
> *An:* user@syncope.apache.org
> *Betreff:* Re: Using e-mail as the username - chars according to RFC
>
> On 16/05/19 15:22, Pascal Langenstein wrote:
>
>     Hi
>
>     There is an issue with E-Mail addresses as a `username`. It all
>     works fine for an alpha, numeric, minus, dot and underscore in
>     addresses.
>
>     However, there are a bunch more allowed signs[1] [2]. For example,
>     catchall+syncope@example.com
>     <ma...@example.com>is valid.
>
>
>     Does there is a specific reason for
>     `org.apache.syncope.common.lib.SyncopeConstants#NAME_PATTERN`
>     (syncope-common-lib.2.0.12) allowing only the defined set of
>     chars[3]? Could it be expanded?
>
> Hi,
> the idea behind SyncopeConstants#NAME is to limit what can be 
> potentially used in REST URLs, as for example
>
> /syncope/rest/users/username
>
> where "username" is the value of username for a given user.
> Please also note that SyncopeConstants#NAME is not used only by Users, 
> but for several other entities, as Groups, Any Objects, External 
> Resources, etc. - all with the same idea about REST URLs.
>
> There is a more comprehensive SyncopeConstants#EMAIL_PATTERN which 
> should allow what needed, and that can be used for validating plain 
> attributes used as e-mail addresses.
>
> Is there any particular reason why you need that usernames should be 
> e-mail addresses?
> Regards.
>
>     [1] https://tools.ietf.org/html/rfc822#section-6.1
>
>     [2]https://stackoverflow.com/a/2049510/1221807
>
>     [3] SyncopeConstants.java:44 *public static final *String */NAME_PATTERN /*= *"[**\\**p{L}**\\**p{gc=Mn}**\\**p{gc=Me}**\\**p{gc=Mc}**\\**p{Digit}**\\**p{gc=Pc} **\\**-@.]+"*;
>
> -- 
> Francesco Chicchiriccò
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/


-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

AW: Using e-mail as the username - chars according to RFC

[Pascal Langenstein <Pa...@united-security-providers.ch>]

Hi Francesco

The requirement from Customers. They want to be able to login with the email address, which in their cases also contains symbols like >’<.

For the REST access to something like /syncope/rest/users/username, I assume usernames are encoded. So it would be the following:
foo@bar.com<ma...@bar.com> -> /syncope/rest/users/foo%40bar.com
fo’o@bar.com -> /syncope/rest/users/fo%27o%40bar.com
fo+o@bar.com<ma...@bar.com> -> /syncope/rest/users/fo%2Bo%40bar.com

Therefore it should not be an issue?

Is there may be a solution to set the email property as login name?

Von: Francesco Chicchiriccò <il...@apache.org>
Gesendet: Freitag, 17. Mai 2019 06:45
An: user@syncope.apache.org
Betreff: Re: Using e-mail as the username - chars according to RFC

On 16/05/19 15:22, Pascal Langenstein wrote:
Hi

There is an issue with E-Mail addresses as a `username`. It all works fine for an alpha, numeric, minus, dot and underscore in addresses.
However, there are a bunch more allowed signs[1] [2]. For example, catchall+syncope@example.com<ma...@example.com> is valid.

Does there is a specific reason for `org.apache.syncope.common.lib.SyncopeConstants#NAME_PATTERN` (syncope-common-lib.2.0.12) allowing only the defined set of chars[3]? Could it be expanded?

Hi,
the idea behind SyncopeConstants#NAME is to limit what can be potentially used in REST URLs, as for example

/syncope/rest/users/username

where "username" is the value of username for a given user.
Please also note that SyncopeConstants#NAME is not used only by Users, but for several other entities, as Groups, Any Objects, External Resources, etc. - all with the same idea about REST URLs.

There is a more comprehensive SyncopeConstants#EMAIL_PATTERN which should allow what needed, and that can be used for validating plain attributes used as e-mail addresses.

Is there any particular reason why you need that usernames should be e-mail addresses?
Regards.
[1] https://tools.ietf.org/html/rfc822#section-6.1
[2] https://stackoverflow.com/a/2049510/1221807

[3] SyncopeConstants.java:44 public static final String NAME_PATTERN = "[\\p{L}\\p{gc=Mn}\\p{gc=Me}\\p{gc=Mc}\\p{Digit}\\p{gc=Pc} \\-@.]+";

--

Francesco Chicchiriccò



Tirasa - Open Source Excellence

http://www.tirasa.net/



Member at The Apache Software Foundation

Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail

http://home.apache.org/~ilgrosso/

Re: Using e-mail as the username - chars according to RFC

[Francesco Chicchiriccò <il...@apache.org>]

On 16/05/19 15:22, Pascal Langenstein wrote:
>
> Hi
>
> There is an issue with E-Mail addresses as a `username`. It all works 
> fine for an alpha, numeric, minus, dot and underscore in addresses.
>
> However, there are a bunch more allowed signs[1] [2]. For example, 
> catchall+syncope@example.com <ma...@example.com> is 
> valid.
>
>
> Does there is a specific reason for 
> `org.apache.syncope.common.lib.SyncopeConstants#NAME_PATTERN` 
> (syncope-common-lib.2.0.12) allowing only the defined set of chars[3]? 
> Could it be expanded?
>
Hi,
the idea behind SyncopeConstants#NAME is to limit what can be 
potentially used in REST URLs, as for example

/syncope/rest/users/username

where "username" is the value of username for a given user.
Please also note that SyncopeConstants#NAME is not used only by Users, 
but for several other entities, as Groups, Any Objects, External 
Resources, etc. - all with the same idea about REST URLs.

There is a more comprehensive SyncopeConstants#EMAIL_PATTERN which 
should allow what needed, and that can be used for validating plain 
attributes used as e-mail addresses.

Is there any particular reason why you need that usernames should be 
e-mail addresses?
Regards.

> [1] https://tools.ietf.org/html/rfc822#section-6.1
>
> [2]https://stackoverflow.com/a/2049510/1221807
>
> [3]SyncopeConstants.java:44 *public static final *String */NAME_PATTERN /*= *"[**\\**p{L}**\\**p{gc=Mn}**\\**p{gc=Me}**\\**p{gc=Mc}**\\**p{Digit}**\\**p{gc=Pc} **\\**-@.]+"*;

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/