Hi,
I work actually on a framework to manage a Proxmox server. The Proxmox solution is based on a strange REST API… :-( To get informations about an user, I must send a string with the login and the authentication domain. The two values are separated by a character @. For example: GET /api2/extjs/access/users/auverlot@LIFL My first problem with Zinc is that the client find the character @ and the client think that this is an URL with authentication. I tried to use an encoding string with %40 but Proxmox don't find the user. The solution must be to modify the method ZnUrl>>#parseAuthority:from:to: to do a better detection of authentication pattern: parseAuthority: string from: start to: stop | index | index := string indexOf: $@ startingAt: start. (index > 0 and: [ (string indexOf: $: startingAt: start) < index and: [ index < (string indexOf: $/ startingAt: start) ] ]) ifTrue: [ self parseUserInfo: (ReadStream on: string from: start to: index - 1). self parseHostPort: (ReadStream on: string from: index 1 to: stop ) ] ifFalse: [ self parseHostPort: (ReadStream on: string from: start to: stop ) ] But, it's not the end of the road :-( Because in the next steps, Zinc encodes the character @ in the url. How to disabled the automatic encoding and using special characters in the url ? Thanks for your help. Best regards Olivier ;-) |
Hi Olivier,
On 22 Oct 2013, at 09:57, Olivier Auverlot <[hidden email]> wrote: > Hi, > > I work actually on a framework to manage a Proxmox server. The Proxmox solution is based on a strange REST API… :-( > > To get informations about an user, I must send a string with the login and the authentication domain. The two values are separated by a character @. > > For example: GET /api2/extjs/access/users/auverlot@LIFL > > My first problem with Zinc is that the client find the character @ and the client think that this is an URL with authentication. I tried to use an encoding string with %40 but Proxmox don't find the user. According to http://en.wikipedia.org/wiki/Urlencoding and thus http://tools.ietf.org/html/rfc3986 which is the URI spec, @ is a reserved character and has to be encoded. Which means that both as input for parsing as well as in rendered output it should be percent encoded, at least that is how I understand it. Do you have a different opinion ? Can you make the REST call using curl ? > The solution must be to modify the method ZnUrl>>#parseAuthority:from:to: to do a better detection of authentication pattern: > > parseAuthority: string from: start to: stop > | index | > > index := string indexOf: $@ startingAt: start. > > (index > 0 and: [ (string indexOf: $: startingAt: start) < index and: [ index < (string indexOf: $/ startingAt: start) ] ]) > ifTrue: [ > self parseUserInfo: (ReadStream on: string from: start to: index - 1). > self parseHostPort: (ReadStream on: string from: index 1 to: stop ) > ] > ifFalse: [ self parseHostPort: (ReadStream on: string from: start to: stop ) ] I am not convinced (yet) that the parser have to change. I guess one hack could be to subclass ZnUrl and overwrite #encode:on: to use a customised ZnPercentEncoder where @ is in the safe set. Sven > But, it's not the end of the road :-( Because in the next steps, Zinc encodes the character @ in the url. How to disabled the automatic encoding and using special characters in the url ? > > Thanks for your help. > > Best regards > Olivier ;-) |
Hi Sven,
I'm totally agree with you. The Proxmox team had a bad idea to use @ but I must find a solution to resolve the problem. One solution could be to encode automaticaly the special characters in the url but to let the possibility to desactivate the encoding with an option in ZnClient. This approach don't modify the actual behaviour but allow to manage bad usages of HTTP. Otherwise, I will follow your suggestion and use a subclass of ZnUrl. Le 22 oct. 2013 à 13:39, Sven Van Caekenberghe a écrit : > Hi Olivier, > > On 22 Oct 2013, at 09:57, Olivier Auverlot <[hidden email]> wrote: > >> Hi, >> >> I work actually on a framework to manage a Proxmox server. The Proxmox solution is based on a strange REST API… :-( >> >> To get informations about an user, I must send a string with the login and the authentication domain. The two values are separated by a character @. >> >> For example: GET /api2/extjs/access/users/auverlot@LIFL >> >> My first problem with Zinc is that the client find the character @ and the client think that this is an URL with authentication. I tried to use an encoding string with %40 but Proxmox don't find the user. > > According to http://en.wikipedia.org/wiki/Urlencoding and thus http://tools.ietf.org/html/rfc3986 which is the URI spec, @ is a reserved character and has to be encoded. Which means that both as input for parsing as well as in rendered output it should be percent encoded, at least that is how I understand it. > > Do you have a different opinion ? > > Can you make the REST call using curl ? > >> The solution must be to modify the method ZnUrl>>#parseAuthority:from:to: to do a better detection of authentication pattern: >> >> parseAuthority: string from: start to: stop >> | index | >> >> index := string indexOf: $@ startingAt: start. >> >> (index > 0 and: [ (string indexOf: $: startingAt: start) < index and: [ index < (string indexOf: $/ startingAt: start) ] ]) >> ifTrue: [ >> self parseUserInfo: (ReadStream on: string from: start to: index - 1). >> self parseHostPort: (ReadStream on: string from: index 1 to: stop ) >> ] >> ifFalse: [ self parseHostPort: (ReadStream on: string from: start to: stop ) ] > > I am not convinced (yet) that the parser have to change. > > I guess one hack could be to subclass ZnUrl and overwrite #encode:on: to use a customised ZnPercentEncoder where @ is in the safe set. > > Sven > >> But, it's not the end of the road :-( Because in the next steps, Zinc encodes the character @ in the url. How to disabled the automatic encoding and using special characters in the url ? >> >> Thanks for your help. >> >> Best regards >> Olivier ;-) > > |
I'd say you can encode @ with % in the URL (but it is not needed in any case) indeed but in the rendered output? (Do you mean in hrefs="xxx" ?) Some things must be encoded indeed:
As '@' is in the ASCII set, why should it be encoded?
URL Encoding of @ is %40 indeed but digits also have encodings. Not a reason to use them :-) I'd say that the issue is in ZnClient, basically defaulting to a capability that is linked to server interpretation of URLs.
There is no reason why the URL you use must be associated with authentication, only that mainstream servers can do that with mod_auth or something. Other than that it is just a pathinfo string.
A ZnClient option saying 'enableAuthority:' maybe? I do not think that a better parsing of options would solve the situation as someone may want to have the same scheme but for other purposes.
Phil |
On 22 Oct 2013, at 15:49, "[hidden email]" <[hidden email]> wrote: > I'd say you can encode @ with % in the URL (but it is not needed in any case) indeed but in the rendered output? (Do you mean in hrefs="xxx" ?) > > Some things must be encoded indeed: > > http://en.wikipedia.org/wiki/Character_entity_reference > http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Character_entity_references_in_HTML > http://www.w3schools.com/tags/ref_urlencode.asp > > As '@' is in the ASCII set, why should it be encoded? Because that is what the spec says: http://en.wikipedia.org/wiki/Percent-encoding#Types_of_URI_characters These characters, ! * ' ( ) ; : @ & = + $ , / ? # [ ] have to be percent encoded in external (printed) representations of URLs, ASCII or not. This has nothing to do with HTML or XML. ZnPercentEncoder uses the following A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 - _ . ~ as its safe set (characters that do not have to be encoded), just like the spec says. I could be wrong, but I don't think so. Sven > URL Encoding of @ is %40 indeed but digits also have encodings. Not a reason to use them :-) > > > I'd say that the issue is in ZnClient, basically defaulting to a capability that is linked to server interpretation of URLs. > There is no reason why the URL you use must be associated with authentication, only that mainstream servers can do that with mod_auth or something. > > Other than that it is just a pathinfo string. > > A ZnClient option saying 'enableAuthority:' maybe? I do not think that a better parsing of options would solve the situation as someone may want to have the same scheme but for other purposes. > > Phil |
On 22 Oct 2013, at 16:07, Sven Van Caekenberghe <[hidden email]> wrote: > On 22 Oct 2013, at 15:49, "[hidden email]" <[hidden email]> wrote: > >> I'd say you can encode @ with % in the URL (but it is not needed in any case) indeed but in the rendered output? (Do you mean in hrefs="xxx" ?) >> >> Some things must be encoded indeed: >> >> http://en.wikipedia.org/wiki/Character_entity_reference >> http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Character_entity_references_in_HTML >> http://www.w3schools.com/tags/ref_urlencode.asp >> >> As '@' is in the ASCII set, why should it be encoded? > > Because that is what the spec says: > > http://en.wikipedia.org/wiki/Percent-encoding#Types_of_URI_characters > > These characters, > > ! * ' ( ) ; : @ & = + $ , / ? # [ ] > > have to be percent encoded in external (printed) representations of URLs, ASCII or not. > > This has nothing to do with HTML or XML. > > ZnPercentEncoder uses the following > > A B C D E F G H I J K L M N O P Q R S T U V W X Y Z > a b c d e f g h i j k l m n o p q r s t u v w x y z > 0 1 2 3 4 5 6 7 8 9 - _ . ~ > > as its safe set (characters that do not have to be encoded), just like the spec says. > > I could be wrong, but I don't think so. Well, the finer point is of course <quote> When a character from the reserved set (a "reserved character") has special meaning (a "reserved purpose") in a certain context, and a URI scheme says that it is necessary to use that character for some other purpose, then the character must be percent-encoded. </quote> and <quote> Reserved characters that have no reserved purpose in a particular context may also be percent-encoded but are not semantically different from those that are not. In the "query" component of a URI (the part after a ? character), for example, "/" is still considered a reserved character but it normally has no reserved purpose, unless a particular URI scheme says otherwise. The character does not need to be percent-encoded when it has no reserved purpose. </quote> So in each context (scheme, url part) it might be slightly different. ZnPercentEncoder takes the better safe than sorry route. > Sven > >> URL Encoding of @ is %40 indeed but digits also have encodings. Not a reason to use them :-) >> >> >> I'd say that the issue is in ZnClient, basically defaulting to a capability that is linked to server interpretation of URLs. >> There is no reason why the URL you use must be associated with authentication, only that mainstream servers can do that with mod_auth or something. >> >> Other than that it is just a pathinfo string. >> >> A ZnClient option saying 'enableAuthority:' maybe? I do not think that a better parsing of options would solve the situation as someone may want to have the same scheme but for other purposes. >> >> Phil > |
Ok, point taken. Still, ZnClient is unusable for the intended purpose as is. No matter what encoding, % or not, Olivier cannot get the URL to work. Couldn't the ZnClient use something like the StampClient does: options? (where prefetch-count can be set for example - I also discovered the little inbox thing after some hair pulling sessions BTW).Phil |
On 22 Oct 2013, at 18:27, "[hidden email]" <[hidden email]> wrote: > Ok, point taken. > > Still, ZnClient is unusable for the intended purpose as is. No matter what encoding, % or not, Olivier cannot get the URL to work. Couldn't the ZnClient use something like the StampClient does: options? (where prefetch-count can be set for example - I also discovered the little inbox thing after some hair pulling sessions BTW). > > > Phil But Olivier's problem is that he is talking to a server that does not do proper percent decoding, IMHO. A server parsing a URL should resolve all percent encodings, after parsing using the significant delimiters (/ : ? #). http://foo.com/abc and http://foo.com/%61%62%63 are the same thing, just like http://foo.com/abc@1 and http://foo.com/abc%401 are - again as far as I understand it. That being said, I am going to study the specs again and might change what gets encoded or not depending on the URL element, instead of encoding aggressively in the better safe than sorry way. Olivier's suggestion about safer authorisation parsing does make sense and will get added as well - Thanks Olivier ! Sven PS: BTW, ZnClient has such an option object already. |
BTW, I like the way you code clients and am learning a hefty bit from your damn great code :-) And I mean it. |
On 22 Oct 2013, at 22:26, "[hidden email]" <[hidden email]> wrote: > BTW, I like the way you code clients and am learning a hefty bit from your damn great code :-) > > And I mean it. Thanks! |
In reply to this post by Sven Van Caekenberghe-2
Thanks for the improvement. Don't hesitate to contact me if I can help you
Olivier ;-) Le 22 oct. 2013 à 18:49, Sven Van Caekenberghe a écrit : > > On 22 Oct 2013, at 18:27, "[hidden email]" <[hidden email]> wrote: > >> Ok, point taken. >> >> Still, ZnClient is unusable for the intended purpose as is. No matter what encoding, % or not, Olivier cannot get the URL to work. Couldn't the ZnClient use something like the StampClient does: options? (where prefetch-count can be set for example - I also discovered the little inbox thing after some hair pulling sessions BTW). >> >> >> Phil > > But Olivier's problem is that he is talking to a server that does not do proper percent decoding, IMHO. A server parsing a URL should resolve all percent encodings, after parsing using the significant delimiters (/ : ? #). > > http://foo.com/abc and http://foo.com/%61%62%63 are the same thing, just like http://foo.com/abc@1 and http://foo.com/abc%401 are - again as far as I understand it. > > That being said, I am going to study the specs again and might change what gets encoded or not depending on the URL element, instead of encoding aggressively in the better safe than sorry way. > > Olivier's suggestion about safer authorisation parsing does make sense and will get added as well - Thanks Olivier ! > > Sven > > PS: BTW, ZnClient has such an option object already. > > |
Hi Olivier,
Can you please test the latest Zn with your use case ? You can load ConfigurationOfZincHTTPComponents from StHub and do ConfigurationOfZincHTTPComponents project bleedingEdge load. The are the relevant commits: === Name: Zinc-Character-Encoding-Core-SvenVanCaekenberghe.22 Author: SvenVanCaekenberghe Time: 24 October 2013, 10:40:00.795063 am UUID: 3d7bc73c-48b3-40af-8c01-5ba533472a92 Ancestors: Zinc-Character-Encoding-Core-SvenVanCaekenberghe.21 Made the default safeSet of ZnPercentEncoder an explicit constant named #rfc3986UnreservedCharacters === Name: Zinc-Resource-Meta-Core-SvenVanCaekenberghe.21 Author: SvenVanCaekenberghe Time: 24 October 2013, 10:48:32.342296 am UUID: 7401fc4c-0f26-46e4-8f7d-b0bf10e8352c Ancestors: Zinc-Resource-Meta-Core-SvenVanCaekenberghe.20 Rewrote ZnUrl percent encoding to use safe sets per component; Fixed a bug in ZnUrl>>#parseAuthority:from:to: where end was not respected (Thx Olivier Auverlot); Removed/renamed ZnResourceMetaUtils class>>#encodePercent:withEncoding to #encodePercent:[safeSet:]encoding: Added some safeSet constants to ZnResourceMetaUtils === Name: Zinc-Resource-Meta-Tests-SvenVanCaekenberghe.13 Author: SvenVanCaekenberghe Time: 24 October 2013, 10:50:11.698368 am UUID: 2d73205c-3415-4597-8d98-abcff1e16259 Ancestors: Zinc-Resource-Meta-Tests-SvenVanCaekenberghe.12 Added ZnUrlTests>>#testComponentSpecificEncoding Fixed ZnUrlTests>>#testQueryEncoding Fixed ZnMimeTypeTests>>#testLegacy === It should work, let me know how it goes ;-) Sven On 24 Oct 2013, at 08:01, Olivier Auverlot <[hidden email]> wrote: > Thanks for the improvement. Don't hesitate to contact me if I can help you > > Olivier ;-) > > Le 22 oct. 2013 à 18:49, Sven Van Caekenberghe a écrit : > >> >> On 22 Oct 2013, at 18:27, "[hidden email]" <[hidden email]> wrote: >> >>> Ok, point taken. >>> >>> Still, ZnClient is unusable for the intended purpose as is. No matter what encoding, % or not, Olivier cannot get the URL to work. Couldn't the ZnClient use something like the StampClient does: options? (where prefetch-count can be set for example - I also discovered the little inbox thing after some hair pulling sessions BTW). >>> >>> >>> Phil >> >> But Olivier's problem is that he is talking to a server that does not do proper percent decoding, IMHO. A server parsing a URL should resolve all percent encodings, after parsing using the significant delimiters (/ : ? #). >> >> http://foo.com/abc and http://foo.com/%61%62%63 are the same thing, just like http://foo.com/abc@1 and http://foo.com/abc%401 are - again as far as I understand it. >> >> That being said, I am going to study the specs again and might change what gets encoded or not depending on the URL element, instead of encoding aggressively in the better safe than sorry way. >> >> Olivier's suggestion about safer authorisation parsing does make sense and will get added as well - Thanks Olivier ! >> >> Sven >> >> PS: BTW, ZnClient has such an option object already. >> >> > > |
Hi Sven,
Fantastic work ! I just tested the new version and it seem that all is ok. Olivier ;-) |
Good, thanks a lot for the feedback !
Sven On 24 Oct 2013, at 12:05, Olivier Auverlot <[hidden email]> wrote: > Hi Sven, > > Fantastic work ! I just tested the new version and it seem that all is ok. > > Olivier ;-) > > |
Free forum by Nabble | Edit this page |