#2438: Authentication of non-ascii user names does not work in TG 2.x
---------------------------------+------------------------------------------
Reporter: chrisz | Owner: Gustavo
Type: defect | Status: reopened
Priority: high | Milestone: 2.1
Component: TurboGears | Version: trunk
Severity: major | Resolution:
Keywords: repoze.who identity |
---------------------------------+------------------------------------------
Comment (by Gustavo):
Hello, Christoph.
Replying to [comment:11 chrisz]:
> Ok, I've added accept-charset="UTF-8" to the login form now.
>
> In fact the HTML specs say: "The default value for this attribute is the
reserved string "UNKNOWN". User agents may interpret this value as the
character encoding that was used to transmit the document containing this
FORM element."
>
> So that behavior is not against the specs and in practice, all browsers
seem to do this, but it cannot harm to explictly set the accept-charset
attribute.
The HTML specification is for user agents (e.g., browsers) only, not for
server-side stuff. This is problem is within the scope of HTTP and out of
the scope of HTML, and the HTTP says I have to assume the charset is
Latin-1.
I don't like that either (I prefer UTF-8 too) and I know that's just
theory, but I'm not going to implement something against the HTTP
specification.
> The problem is now how friendlyforms gets the information that the data
is encoded as utf-8. As Ian writes, the browser could send the encoding as
`Content-Type: application/x-www-form-urlencoded; charset=utf8`, but
browsers seldom set this. In fact, all browsers I tested sent only
`Content-Type: application/x-www-form-urlencoded`. So we must somehow
explicitely tell friendlyforms to use utf-8 as default encoding instead of
iso-8859-1 since it does not get this information from the browser.
I was aware of that and I agree with the option to override it, hence I
updated repoze.who-friendlyform and now it's also possible to make repoze
.what-quickstart pass the charset to that plugin:
http://code.gustavonarea.net/repoze.what-quickstart/News.html
So TG2 projects can be generated with the following line on app_cfg.py:
{{{
base_config.sa_auth.charset = "utf-8"
}}}
Cheers!
--
Ticket URL: <http://trac.turbogears.org/ticket/2438#comment:13>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--
You received this message because you are subscribed to the Google
Groups "TurboGears Tickets" group.
This group is read-only. No posting by normal members allowed.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en?hl=en
