Zinc: How to use the @ character in an URL

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

Zinc: How to use the @ character in an URL

Olivier Auverlot
Hi,

I work actually on a framework to manage a Proxmox server. The Proxmox solution is based on a strange REST API… :-(

To get informations about an user, I must send a string with the login and the authentication domain. The two values are separated by a character @.

For example: GET /api2/extjs/access/users/auverlot@LIFL

My first problem with Zinc is that the client find the character @ and the client think that this is an URL with authentication. I tried to use an encoding string with %40 but Proxmox don't find the user.

The solution must be to modify the method ZnUrl>>#parseAuthority:from:to: to do a better detection of authentication pattern:

parseAuthority: string from: start to: stop
        | index  |

        index := string indexOf: $@ startingAt: start.
       
        (index > 0 and: [ (string indexOf: $: startingAt: start) < index and: [ index < (string indexOf: $/ startingAt: start) ] ])
                ifTrue: [  
                        self parseUserInfo: (ReadStream on: string from: start to: index - 1).
                        self parseHostPort: (ReadStream on: string from: index   1 to: stop )
                ]
                ifFalse: [  self parseHostPort: (ReadStream on: string from: start to: stop ) ]

But, it's not the end of the road :-( Because in the next steps, Zinc encodes the character @ in the url.  How to disabled the automatic encoding and using special characters in the url ?

Thanks for your help.

Best regards
Olivier ;-)
Reply | Threaded
Open this post in threaded view
|

Re: Zinc: How to use the @ character in an URL

Sven Van Caekenberghe-2
Hi Olivier,

On 22 Oct 2013, at 09:57, Olivier Auverlot <[hidden email]> wrote:

> Hi,
>
> I work actually on a framework to manage a Proxmox server. The Proxmox solution is based on a strange REST API… :-(
>
> To get informations about an user, I must send a string with the login and the authentication domain. The two values are separated by a character @.
>
> For example: GET /api2/extjs/access/users/auverlot@LIFL
>
> My first problem with Zinc is that the client find the character @ and the client think that this is an URL with authentication. I tried to use an encoding string with %40 but Proxmox don't find the user.

According to http://en.wikipedia.org/wiki/Urlencoding and thus http://tools.ietf.org/html/rfc3986 which is the URI spec, @ is a reserved character and has to be encoded. Which means that both as input for parsing as well as in rendered output it should be percent encoded, at least that is how I understand it.

Do you have a different opinion ?

Can you make the REST call using curl ?

> The solution must be to modify the method ZnUrl>>#parseAuthority:from:to: to do a better detection of authentication pattern:
>
> parseAuthority: string from: start to: stop
> | index  |
>
> index := string indexOf: $@ startingAt: start.
>
> (index > 0 and: [ (string indexOf: $: startingAt: start) < index and: [ index < (string indexOf: $/ startingAt: start) ] ])
> ifTrue: [  
> self parseUserInfo: (ReadStream on: string from: start to: index - 1).
> self parseHostPort: (ReadStream on: string from: index   1 to: stop )
> ]
> ifFalse: [  self parseHostPort: (ReadStream on: string from: start to: stop ) ]

I am not convinced (yet) that the parser have to change.

I guess one hack could be to subclass ZnUrl and overwrite #encode:on: to use a customised ZnPercentEncoder where @ is in the safe set.

Sven

> But, it's not the end of the road :-( Because in the next steps, Zinc encodes the character @ in the url.  How to disabled the automatic encoding and using special characters in the url ?
>
> Thanks for your help.
>
> Best regards
> Olivier ;-)


Reply | Threaded
Open this post in threaded view
|

Re: Zinc: How to use the @ character in an URL

Olivier Auverlot
Hi Sven,

I'm totally agree with you. The Proxmox team had a bad idea to use @ but I must find a solution to resolve the problem.

One solution could be to encode automaticaly the special characters in the url but to let the possibility to desactivate the encoding with an option in ZnClient. This approach don't modify the actual behaviour but allow to manage bad usages of HTTP.

Otherwise, I will follow your suggestion and use a subclass of ZnUrl.

Le 22 oct. 2013 à 13:39, Sven Van Caekenberghe a écrit :

> Hi Olivier,
>
> On 22 Oct 2013, at 09:57, Olivier Auverlot <[hidden email]> wrote:
>
>> Hi,
>>
>> I work actually on a framework to manage a Proxmox server. The Proxmox solution is based on a strange REST API… :-(
>>
>> To get informations about an user, I must send a string with the login and the authentication domain. The two values are separated by a character @.
>>
>> For example: GET /api2/extjs/access/users/auverlot@LIFL
>>
>> My first problem with Zinc is that the client find the character @ and the client think that this is an URL with authentication. I tried to use an encoding string with %40 but Proxmox don't find the user.
>
> According to http://en.wikipedia.org/wiki/Urlencoding and thus http://tools.ietf.org/html/rfc3986 which is the URI spec, @ is a reserved character and has to be encoded. Which means that both as input for parsing as well as in rendered output it should be percent encoded, at least that is how I understand it.
>
> Do you have a different opinion ?
>
> Can you make the REST call using curl ?
>
>> The solution must be to modify the method ZnUrl>>#parseAuthority:from:to: to do a better detection of authentication pattern:
>>
>> parseAuthority: string from: start to: stop
>> | index  |
>>
>> index := string indexOf: $@ startingAt: start.
>>
>> (index > 0 and: [ (string indexOf: $: startingAt: start) < index and: [ index < (string indexOf: $/ startingAt: start) ] ])
>> ifTrue: [  
>> self parseUserInfo: (ReadStream on: string from: start to: index - 1).
>> self parseHostPort: (ReadStream on: string from: index   1 to: stop )
>> ]
>> ifFalse: [  self parseHostPort: (ReadStream on: string from: start to: stop ) ]
>
> I am not convinced (yet) that the parser have to change.
>
> I guess one hack could be to subclass ZnUrl and overwrite #encode:on: to use a customised ZnPercentEncoder where @ is in the safe set.
>
> Sven
>
>> But, it's not the end of the road :-( Because in the next steps, Zinc encodes the character @ in the url.  How to disabled the automatic encoding and using special characters in the url ?
>>
>> Thanks for your help.
>>
>> Best regards
>> Olivier ;-)
>
>


Reply | Threaded
Open this post in threaded view
|

Re: Zinc: How to use the @ character in an URL

philippeback
I'd say you can encode @ with % in the URL (but it is not needed in any case) indeed but in the rendered output? (Do you mean in hrefs="xxx" ?)
 
Some things must be encoded indeed:
 
 
As '@' is in the ASCII set, why should it be encoded?
 
URL Encoding of @ is %40 indeed but digits also have encodings. Not a reason to use them :-)
 
 
 I'd say that the issue is in ZnClient, basically defaulting to a capability that is linked to server interpretation of URLs.
There is no reason why the URL you use must be associated with authentication, only that mainstream servers can do that with mod_auth or something.
 
Other than that it is just a pathinfo string.
 
A ZnClient option saying 'enableAuthority:' maybe? I do not think that a better parsing of options would solve the situation as someone may want to have the same scheme but for other purposes.
 
Phil
Reply | Threaded
Open this post in threaded view
|

Re: Zinc: How to use the @ character in an URL

Sven Van Caekenberghe-2

On 22 Oct 2013, at 15:49, "[hidden email]" <[hidden email]> wrote:

> I'd say you can encode @ with % in the URL (but it is not needed in any case) indeed but in the rendered output? (Do you mean in hrefs="xxx" ?)
>  
> Some things must be encoded indeed:
>  
> http://en.wikipedia.org/wiki/Character_entity_reference
> http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Character_entity_references_in_HTML
> http://www.w3schools.com/tags/ref_urlencode.asp
>  
> As '@' is in the ASCII set, why should it be encoded?

Because that is what the spec says:

http://en.wikipedia.org/wiki/Percent-encoding#Types_of_URI_characters

These characters,

! * ' ( ) ; : @ & = + $ , / ? # [ ]

have to be percent encoded in external (printed) representations of URLs, ASCII or not.

This has nothing to do with HTML or XML.

ZnPercentEncoder uses the following

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 - _ . ~

as its safe set (characters that do not have to be encoded), just like the spec says.

I could be wrong, but I don't think so.

Sven

> URL Encoding of @ is %40 indeed but digits also have encodings. Not a reason to use them :-)
>  
>  
>  I'd say that the issue is in ZnClient, basically defaulting to a capability that is linked to server interpretation of URLs.
> There is no reason why the URL you use must be associated with authentication, only that mainstream servers can do that with mod_auth or something.
>  
> Other than that it is just a pathinfo string.
>  
> A ZnClient option saying 'enableAuthority:' maybe? I do not think that a better parsing of options would solve the situation as someone may want to have the same scheme but for other purposes.
>  
> Phil


Reply | Threaded
Open this post in threaded view
|

Re: Zinc: How to use the @ character in an URL

Sven Van Caekenberghe-2

On 22 Oct 2013, at 16:07, Sven Van Caekenberghe <[hidden email]> wrote:

> On 22 Oct 2013, at 15:49, "[hidden email]" <[hidden email]> wrote:
>
>> I'd say you can encode @ with % in the URL (but it is not needed in any case) indeed but in the rendered output? (Do you mean in hrefs="xxx" ?)
>>
>> Some things must be encoded indeed:
>>
>> http://en.wikipedia.org/wiki/Character_entity_reference
>> http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Character_entity_references_in_HTML
>> http://www.w3schools.com/tags/ref_urlencode.asp
>>
>> As '@' is in the ASCII set, why should it be encoded?
>
> Because that is what the spec says:
>
> http://en.wikipedia.org/wiki/Percent-encoding#Types_of_URI_characters
>
> These characters,
>
> ! * ' ( ) ; : @ & = + $ , / ? # [ ]
>
> have to be percent encoded in external (printed) representations of URLs, ASCII or not.
>
> This has nothing to do with HTML or XML.
>
> ZnPercentEncoder uses the following
>
> A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
> a b c d e f g h i j k l m n o p q r s t u v w x y z
> 0 1 2 3 4 5 6 7 8 9 - _ . ~
>
> as its safe set (characters that do not have to be encoded), just like the spec says.
>
> I could be wrong, but I don't think so.

Well, the finer point is of course

<quote>
When a character from the reserved set (a "reserved character") has special meaning (a "reserved purpose") in a certain context, and a URI scheme says that it is necessary to use that character for some other purpose, then the character must be percent-encoded.
</quote>

and

<quote>
Reserved characters that have no reserved purpose in a particular context may also be percent-encoded but are not semantically different from those that are not.
In the "query" component of a URI (the part after a ? character), for example, "/" is still considered a reserved character but it normally has no reserved purpose, unless a particular URI scheme says otherwise. The character does not need to be percent-encoded when it has no reserved purpose.
</quote>

So in each context (scheme, url part) it might be slightly different.

ZnPercentEncoder takes the better safe than sorry route.

> Sven
>
>> URL Encoding of @ is %40 indeed but digits also have encodings. Not a reason to use them :-)
>>
>>
>> I'd say that the issue is in ZnClient, basically defaulting to a capability that is linked to server interpretation of URLs.
>> There is no reason why the URL you use must be associated with authentication, only that mainstream servers can do that with mod_auth or something.
>>
>> Other than that it is just a pathinfo string.
>>
>> A ZnClient option saying 'enableAuthority:' maybe? I do not think that a better parsing of options would solve the situation as someone may want to have the same scheme but for other purposes.
>>
>> Phil
>


Reply | Threaded
Open this post in threaded view
|

Re: Zinc: How to use the @ character in an URL

philippeback
Ok, point taken.

Still, ZnClient is unusable for the intended purpose as is. No matter what encoding, % or not, Olivier cannot get the URL to work. Couldn't the ZnClient use something like the StampClient does: options? (where prefetch-count can be set for example - I also discovered the little inbox thing after some hair pulling sessions BTW).


Phil
Reply | Threaded
Open this post in threaded view
|

Re: Zinc: How to use the @ character in an URL

Sven Van Caekenberghe-2

On 22 Oct 2013, at 18:27, "[hidden email]" <[hidden email]> wrote:

> Ok, point taken.
>
> Still, ZnClient is unusable for the intended purpose as is. No matter what encoding, % or not, Olivier cannot get the URL to work. Couldn't the ZnClient use something like the StampClient does: options? (where prefetch-count can be set for example - I also discovered the little inbox thing after some hair pulling sessions BTW).
>
>
> Phil

But Olivier's problem is that he is talking to a server that does not do proper percent decoding, IMHO. A server parsing a URL should resolve all percent encodings, after parsing using the significant delimiters (/ : ? #).

http://foo.com/abc and http://foo.com/%61%62%63 are the same thing, just like http://foo.com/abc@1 and http://foo.com/abc%401 are - again as far as I understand it.

That being said, I am going to study the specs again and might change what gets encoded or not depending on the URL element, instead of encoding aggressively in the better safe than sorry way.

Olivier's suggestion about safer authorisation parsing does make sense and will get added as well - Thanks Olivier !

Sven

PS: BTW, ZnClient has such an option object already.


Reply | Threaded
Open this post in threaded view
|

Re: Zinc: How to use the @ character in an URL

philippeback
BTW, I like the way you code clients and am learning a hefty bit from your damn great code :-)

And I mean it.
Reply | Threaded
Open this post in threaded view
|

Re: Zinc: How to use the @ character in an URL

Sven Van Caekenberghe-2

On 22 Oct 2013, at 22:26, "[hidden email]" <[hidden email]> wrote:

> BTW, I like the way you code clients and am learning a hefty bit from your damn great code :-)
>
> And I mean it.

Thanks!
Reply | Threaded
Open this post in threaded view
|

Re: Zinc: How to use the @ character in an URL

Olivier Auverlot
In reply to this post by Sven Van Caekenberghe-2
Thanks for the improvement. Don't hesitate to contact me if I can help you

Olivier ;-)

Le 22 oct. 2013 à 18:49, Sven Van Caekenberghe a écrit :

>
> On 22 Oct 2013, at 18:27, "[hidden email]" <[hidden email]> wrote:
>
>> Ok, point taken.
>>
>> Still, ZnClient is unusable for the intended purpose as is. No matter what encoding, % or not, Olivier cannot get the URL to work. Couldn't the ZnClient use something like the StampClient does: options? (where prefetch-count can be set for example - I also discovered the little inbox thing after some hair pulling sessions BTW).
>>
>>
>> Phil
>
> But Olivier's problem is that he is talking to a server that does not do proper percent decoding, IMHO. A server parsing a URL should resolve all percent encodings, after parsing using the significant delimiters (/ : ? #).
>
> http://foo.com/abc and http://foo.com/%61%62%63 are the same thing, just like http://foo.com/abc@1 and http://foo.com/abc%401 are - again as far as I understand it.
>
> That being said, I am going to study the specs again and might change what gets encoded or not depending on the URL element, instead of encoding aggressively in the better safe than sorry way.
>
> Olivier's suggestion about safer authorisation parsing does make sense and will get added as well - Thanks Olivier !
>
> Sven
>
> PS: BTW, ZnClient has such an option object already.
>
>


Reply | Threaded
Open this post in threaded view
|

Re: Zinc: How to use the @ character in an URL

Sven Van Caekenberghe-2
Hi Olivier,

Can you please test the latest Zn with your use case ?

You can load ConfigurationOfZincHTTPComponents from StHub and do

  ConfigurationOfZincHTTPComponents project bleedingEdge load.

The are the relevant commits:

===
Name: Zinc-Character-Encoding-Core-SvenVanCaekenberghe.22
Author: SvenVanCaekenberghe
Time: 24 October 2013, 10:40:00.795063 am
UUID: 3d7bc73c-48b3-40af-8c01-5ba533472a92
Ancestors: Zinc-Character-Encoding-Core-SvenVanCaekenberghe.21

Made the default safeSet of ZnPercentEncoder an explicit constant named #rfc3986UnreservedCharacters
===
Name: Zinc-Resource-Meta-Core-SvenVanCaekenberghe.21
Author: SvenVanCaekenberghe
Time: 24 October 2013, 10:48:32.342296 am
UUID: 7401fc4c-0f26-46e4-8f7d-b0bf10e8352c
Ancestors: Zinc-Resource-Meta-Core-SvenVanCaekenberghe.20

Rewrote ZnUrl percent encoding to use safe sets per component;
Fixed a bug in ZnUrl>>#parseAuthority:from:to: where end was not respected (Thx Olivier Auverlot);
Removed/renamed ZnResourceMetaUtils class>>#encodePercent:withEncoding to #encodePercent:[safeSet:]encoding:
Added some safeSet constants to ZnResourceMetaUtils
===
Name: Zinc-Resource-Meta-Tests-SvenVanCaekenberghe.13
Author: SvenVanCaekenberghe
Time: 24 October 2013, 10:50:11.698368 am
UUID: 2d73205c-3415-4597-8d98-abcff1e16259
Ancestors: Zinc-Resource-Meta-Tests-SvenVanCaekenberghe.12

Added ZnUrlTests>>#testComponentSpecificEncoding
Fixed ZnUrlTests>>#testQueryEncoding
Fixed ZnMimeTypeTests>>#testLegacy
===

It should work, let me know how it goes ;-)

Sven

On 24 Oct 2013, at 08:01, Olivier Auverlot <[hidden email]> wrote:

> Thanks for the improvement. Don't hesitate to contact me if I can help you
>
> Olivier ;-)
>
> Le 22 oct. 2013 à 18:49, Sven Van Caekenberghe a écrit :
>
>>
>> On 22 Oct 2013, at 18:27, "[hidden email]" <[hidden email]> wrote:
>>
>>> Ok, point taken.
>>>
>>> Still, ZnClient is unusable for the intended purpose as is. No matter what encoding, % or not, Olivier cannot get the URL to work. Couldn't the ZnClient use something like the StampClient does: options? (where prefetch-count can be set for example - I also discovered the little inbox thing after some hair pulling sessions BTW).
>>>
>>>
>>> Phil
>>
>> But Olivier's problem is that he is talking to a server that does not do proper percent decoding, IMHO. A server parsing a URL should resolve all percent encodings, after parsing using the significant delimiters (/ : ? #).
>>
>> http://foo.com/abc and http://foo.com/%61%62%63 are the same thing, just like http://foo.com/abc@1 and http://foo.com/abc%401 are - again as far as I understand it.
>>
>> That being said, I am going to study the specs again and might change what gets encoded or not depending on the URL element, instead of encoding aggressively in the better safe than sorry way.
>>
>> Olivier's suggestion about safer authorisation parsing does make sense and will get added as well - Thanks Olivier !
>>
>> Sven
>>
>> PS: BTW, ZnClient has such an option object already.
>>
>>
>
>


Reply | Threaded
Open this post in threaded view
|

Re: Zinc: How to use the @ character in an URL

Olivier Auverlot
Hi Sven,

Fantastic work ! I just tested the new version and it seem that all is ok.

Olivier ;-)


Reply | Threaded
Open this post in threaded view
|

Re: Zinc: How to use the @ character in an URL

Sven Van Caekenberghe-2
Good, thanks a lot for the feedback !

Sven

On 24 Oct 2013, at 12:05, Olivier Auverlot <[hidden email]> wrote:

> Hi Sven,
>
> Fantastic work ! I just tested the new version and it seem that all is ok.
>
> Olivier ;-)
>
>