#2438: Authentication of non-ascii user names does not work in TG 2.x
---------------------------------+------------------------------------------
Reporter: chrisz | Owner: Gustavo
Type: defect | Status: reopened
Priority: high | Milestone: 2.1
Component: TurboGears | Version: trunk
Severity: major | Resolution:
Keywords: repoze.who identity |
---------------------------------+------------------------------------------
Comment (by Gustavo):
Hello,
Replying to [comment:6 chrisz]:
> My original patch suggested `utf-8` as default encoding, but you changed
this to `iso-8859-1`, probably because that actually once was the default
encoding for http 1.1. But as a result the patch does not play well
together with TG now, which is using `utf-8`.
ISO-8859-1 has always been the default character encoding for HTTP/1.1, as
far as I know.
> You can test this by quickstarting a project and creating a user with a
non-ascii name using the admin tool. The browser (I tested this with
Firefox) is simply using the encoding of the page containing the form,
which in the case of TG is `utf-8` by default. The details are explained
[http://www.alanflavell.org.uk/charset/form-i18n.html here].
>
> As a solution, I suggest making the default charset configurable with an
additional parameter in the `__init__` method of the `FriendlyFormPlugin`.
The default could be either `utf-8` or `iso-8859-1` but I'd prefer the
former. Then that parameter should be set to `utf-8` in the
`setup_sql_auth` method of repoze.what.quickstart. Or this could also be
passed in to `setup_sql_auth` from the TG config, similar to other
parameters such as `login_handler` or `logout_handler`.
>
> I can attach the necessary patches if you agree that's the way to go.
I'm afraid that's the only option we have.
In theory, we should put the charset in our forms (in either "enctype" or
"accept-charset") and the user agent will submit the form specifying the
charset it decided to use in the CONTENT_TYPE header (because we might
have given more than one option). But in practice, the browser (at least
Firefox and Konqueror) doesn't include the charset used for the submitted
form... So !WebOb doesn't work the way I was expecting. :/
I've just added this option to repoze.who-friendlyform (which defaults to
ISO-8859-1) and I'll release it to PYPI shortly, but it's too late here to
make setup_sql_auth() (in repoze.what-quickstart) pass the charset to that
plugin, so I'll do it this weekend -- Although if you'd like to do it,
please let me know and I'll wait ;)
Cheers!
--
Ticket URL: <http://trac.turbogears.org/ticket/2438#comment:8>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--
You received this message because you are subscribed to the Google
Groups "TurboGears Tickets" group.
This group is read-only. No posting by normal members allowed.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en?hl=en
