clone from url with email address as username?(escaping @ symbol)

clone from url with email address as username?(escaping @ symbol)

[Ben Bennett]

Is there any escape sequence for the @ symbol when cloning?


Thanks,
Ben

Re: clone from url with email address as username?(escaping @ symbol)

[Sverre Rabbelier]

Heya,

On Tue, Sep 29, 2009 at 16:20, Ben Bennett <benbennett@gmail.com> wrote:
> Is there any escape sequence for the @ symbol when cloning?

I thought @ is not allowed to be in an url? What do you need to escape it for?

-- 
Cheers,

Sverre Rabbelier

Re: clone from url with email address as username?(escaping @ symbol)

[Matthieu Moy]

Sverre Rabbelier <srabbelier@gmail.com> writes:

> Heya,
>
> On Tue, Sep 29, 2009 at 16:20, Ben Bennett <benbennett@gmail.com> wrote:
>> Is there any escape sequence for the @ symbol when cloning?
>
> I thought @ is not allowed to be in an url? What do you need to
> escape it for?

If your username is "foo@bar.com", then the clone URL might well be

ssh://foo@bar.com@server.com/path/to/repo

The question is which @ is the login/server separator, and which one
is included in the login. A quick test with

git clone ssh://foo@bar.com@localhost/path/to/repo

shows me that Git does the right thing, i.e. uses "foo@bar.com" as the
login, without the need to escape it.

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/

Re: clone from url with email address as username?(escaping @ symbol)

[Sverre Rabbelier]

Heya,

On Tue, Sep 29, 2009 at 16:30, Matthieu Moy
<Matthieu.Moy@grenoble-inp.fr> wrote:
> The question is which @ is the login/server separator, and which one
> is included in the login. A quick test with

I think it only makes sense that this would work, since any @ can
never be part of the server name (since it's not an allowed
character), so I'm still curious why Ben wants to escape his @.

-- 
Cheers,

Sverre Rabbelier

Re: clone from url with email address as username?(escaping @ symbol)

[Ben Bennett]

I am attempting to do a https clone. The username is an email address
but when I do a clone here is what happens.

Here is what I get , I might be messing up the clone command . btw ,
if i leave switch it to ssh , yes it does resolve the url correctly.

git clone https://benjamin.j.bennett@fooserver.com@fooserver.com/git_repos/main-code.git/
test
Initialized empty Git repository in /home/benjamin/planning_workspace/test/.git/
Password:
error: Couldn't resolve host 'fooserver.com@fooserver.com' while
accessing https://benjamin.j.bennett@fooserver.com@myfooserver.com/git_repos/main-code.git//info/refs

On Tue, Sep 29, 2009 at 9:32 AM, Sverre Rabbelier <srabbelier@gmail.com> wrote:
> Heya,
>
> On Tue, Sep 29, 2009 at 16:30, Matthieu Moy
> <Matthieu.Moy@grenoble-inp.fr> wrote:
>> The question is which @ is the login/server separator, and which one
>> is included in the login. A quick test with
>
> I think it only makes sense that this would work, since any @ can
> never be part of the server name (since it's not an allowed
> character), so I'm still curious why Ben wants to escape his @.
>
> --
> Cheers,
>
> Sverre Rabbelier
>

Re: clone from url with email address as username?(escaping @ symbol)

[Matthieu Moy]

Ben Bennett <benbennett@gmail.com> writes:

> I am attempting to do a https clone. The username is an email address
> but when I do a clone here is what happens.

Hmm, right, it works with ssh, but not http.

I tried a quick fix like this:

diff --git a/http.c b/http.c
index 23b2a19..361a6be 100644
--- a/http.c
+++ b/http.c
@@ -281,9 +281,10 @@ static void http_auth_init(const char *url)
         * "proto://<host>/..."?
         */
        cp += 3;
-       at = strchr(cp, '@');
        colon = strchr(cp, ':');
        slash = strchrnul(cp, '/');
+       for(at = slash-1; *at != '@' && *at != '/'; at--)
+               continue;
        if (!at || slash <= at)
                return; /* No credentials */
        if (!colon || at <= colon) {

Unfortunately, it seems the complete URL is passed to curl, and curl
is the one doing it wrong. Indeed:

$ curl -v https://user@email.com@server.com/path/                                          
* getaddrinfo(3) failed for email.com@server.com:443
* Couldn't resolve host 'email.com@server.com'
* Closing connection #0
curl: (6) Couldn't resolve host 'email.com@server.com'

Now for the good news:

http://curl.haxx.se/mail/lib-2006-02/0134.html
http://sourceforge.net/tracker/index.php?func=detail&aid=2826621&group_id=976&atid=100976

In short, you have to use %40 to escape the @, and curl does it this
way because the RFC doesn't allow @ in usernames.

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/

Re: clone from url with email address as username?(escaping @ symbol)

[Matthieu Moy]

Matthieu Moy <Matthieu.Moy@grenoble-inp.fr> writes:

> In short, you have to use %40 to escape the @, and curl does it this
> way because the RFC doesn't allow @ in usernames.

I've added a FAQ on the wiki. Feel free to improve:

http://git.or.cz/gitwiki/GitFaq#Myusernamecontainsa.27.40.27.2CIcan.27tclonethroughHTTP.2BAC8-HTTPS

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/

Re: clone from url with email address as username?(escaping @ symbol)

[Daniel Stenberg]

On Tue, 29 Sep 2009, Matthieu Moy wrote:

> Unfortunately, it seems the complete URL is passed to curl, and curl
> is the one doing it wrong. Indeed:
>
> $ curl -v https://user@email.com@server.com/path/
> * getaddrinfo(3) failed for email.com@server.com:443

This is not exactly curl "doing it wrong". This is a user passing in something 
that isn't a URL to the command that asks for a URL to work on. The user part 
cannot legally have a '@' letter in a URL, you must encode it.

> In short, you have to use %40 to escape the @, and curl does it this way 
> because the RFC doesn't allow @ in usernames.

Exactly. So curl is not "wrong", it just can't work around this user-error.

-- 

  / daniel.haxx.se

Re: clone from url with email address as username?(escaping @ symbol)

[Ben Bennett]

Is it escaping the %40 when passed down? I am getting an error 401  ,
and checking the server logs , it is passing the %40 to the server in
the username.
Running curl from command line , I can connect, but through git , the
username is getting mangled or I have something screwed up.
 I will look at http.c tonight after work, to see if I am messing something up.

Thanks,
Ben


On Tue, Sep 29, 2009 at 11:59 AM, Matthieu Moy
<Matthieu.Moy@grenoble-inp.fr> wrote:
> Ben Bennett <benbennett@gmail.com> writes:
>
>> I am attempting to do a https clone. The username is an email address
>> but when I do a clone here is what happens.
>
> Hmm, right, it works with ssh, but not http.
>
> I tried a quick fix like this:
>
> diff --git a/http.c b/http.c
> index 23b2a19..361a6be 100644
> --- a/http.c
> +++ b/http.c
> @@ -281,9 +281,10 @@ static void http_auth_init(const char *url)
>         * "proto://<host>/..."?
>         */
>        cp += 3;
> -       at = strchr(cp, '@');
>        colon = strchr(cp, ':');
>        slash = strchrnul(cp, '/');
> +       for(at = slash-1; *at != '@' && *at != '/'; at--)
> +               continue;
>        if (!at || slash <= at)
>                return; /* No credentials */
>        if (!colon || at <= colon) {
>
> Unfortunately, it seems the complete URL is passed to curl, and curl
> is the one doing it wrong. Indeed:
>
> $ curl -v https://user@email.com@server.com/path/
> * getaddrinfo(3) failed for email.com@server.com:443
> * Couldn't resolve host 'email.com@server.com'
> * Closing connection #0
> curl: (6) Couldn't resolve host 'email.com@server.com'
>
> Now for the good news:
>
> http://curl.haxx.se/mail/lib-2006-02/0134.html
> http://sourceforge.net/tracker/index.php?func=detail&aid=2826621&group_id=976&atid=100976
>
> In short, you have to use %40 to escape the @, and curl does it this
> way because the RFC doesn't allow @ in usernames.
>
> --
> Matthieu Moy
> http://www-verimag.imag.fr/~moy/
>

Re: clone from url with email address as username?(escaping @ symbol)

[Matthieu Moy]

Ben Bennett <benbennett@gmail.com> writes:

> Is it escaping the %40 when passed down? I am getting an error 401  ,
> and checking the server logs , it is passing the %40 to the server in
> the username.
> Running curl from command line , I can connect, but through git , the
> username is getting mangled or I have something screwed up.

OK, so it seems Git should be fixed to unescape this %40 somewhere,
most likely in http_auth_init in http.c, in addition to by fix below.
http://curl.haxx.se/libcurl/c/curl_easy_unescape.html might help. I've
consumed by Git time budget for now, so if anyone else can have a
look ...

>> --- a/http.c
>> +++ b/http.c
>> @@ -281,9 +281,10 @@ static void http_auth_init(const char *url)
>>         * "proto://<host>/..."?
>>         */
>>        cp += 3;
>> -       at = strchr(cp, '@');
>>        colon = strchr(cp, ':');
>>        slash = strchrnul(cp, '/');
>> +       for(at = slash-1; *at != '@' && *at != '/'; at--)
>> +               continue;
>>        if (!at || slash <= at)
>>                return; /* No credentials */
>>        if (!colon || at <= colon) {
>>

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/

Re: clone from url with email address as username?(escaping @ symbol)

[Matthieu Moy]

Daniel Stenberg <daniel@haxx.se> writes:

> On Tue, 29 Sep 2009, Matthieu Moy wrote:
>
>> Unfortunately, it seems the complete URL is passed to curl, and curl
>> is the one doing it wrong. Indeed:
>>
>> $ curl -v https://user@email.com@server.com/path/
>> * getaddrinfo(3) failed for email.com@server.com:443
>
> This is not exactly curl "doing it wrong". This is a user passing in
> something that isn't a URL to the command that asks for a URL to work
> on. The user part cannot legally have a '@' letter in a URL, you must
> encode it.
>
>> In short, you have to use %40 to escape the @, and curl does it this
>> way because the RFC doesn't allow @ in usernames.
>
> Exactly. So curl is not "wrong", it just can't work around this user-error.

It may not want work around user-errors, but you can hardly say that
it _can't_. Many tools do in this case, Firefox is one of them. And
anyway, trying to connect to email.com@server.com is probably the
worst thing it can do.

At least, it could warn about two @ in the URL and say it can't
handle it ...

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/

Re: clone from url with email address as username?(escaping @ symbol)

[Matthieu Moy]

Matthieu Moy <Matthieu.Moy@grenoble-inp.fr> writes:

> OK, so it seems Git should be fixed to unescape this %40 somewhere,
> most likely in http_auth_init in http.c, in addition to by fix
> below.

... err, no not _in addition_ to it, forget this. There's one @ and
git finds it correctly.

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/

Re: clone from url with email address as username?(escaping @ symbol)

[Ben Bennett]

I will look at it tonight. But my fix would be to automatically escape
the @ symbol when  git passes onto curl.
Don't know if this would work easy or not, but it would be something
along the lines of .

https://(USERNAME)@(SERVER_ADDR)

The @ would be  the last index of the @ symbol in the URL.
Then somekind of function that escape_username_for_curl.




On Tue, Sep 29, 2009 at 1:12 PM, Matthieu Moy
<Matthieu.Moy@grenoble-inp.fr> wrote:
> Matthieu Moy <Matthieu.Moy@grenoble-inp.fr> writes:
>
>> OK, so it seems Git should be fixed to unescape this %40 somewhere,
>> most likely in http_auth_init in http.c, in addition to by fix
>> below.
>
> ... err, no not _in addition_ to it, forget this. There's one @ and
> git finds it correctly.
>
> --
> Matthieu Moy
> http://www-verimag.imag.fr/~moy/
>

Re: clone from url with email address as username?(escaping @ symbol)

[Daniel Stenberg]

On Tue, 29 Sep 2009, Matthieu Moy wrote:

>> Exactly. So curl is not "wrong", it just can't work around this user-error.
>
> It may not want work around user-errors, but you can hardly say that
> it _can't_.

It can't work around this error. In theory we could make it GUESS that one of 
the @-letters are actually supposed to be %40, but I won't. It could also 
guess that @ was accidentally a '2' with alt-gr pressed when using a nordic 
keyboard layout. Guessing here is crazy.

> Many tools do in this case, Firefox is one of them.

So what if you had that @ in your password and not in your user name?

> And anyway, trying to connect to email.com@server.com is probably the worst 
> thing it can do.

I understand that you're saying that as a git user and someone who's not into 
curl and libcurl details, but I'm in the opposite corner mostly and I claim 
that isn't at all such a bad outcome from that input. curl has that approach 
through-out its entire URL parser. It gets what it needs and then uses the 
rest unparsed. That way it is very liberal in what it accepts and it doesn't 
reject bad URLs as long as it only can extract the parts it needs.

If curl had a strict parser it would of course bluntly reject that URL at 
once.

> At least, it could warn about two @ in the URL and say it can't handle it

It could, sure. But curl has no such strict parser so it accepts all sorts of 
various violations.

I don't think this is the proper place to discuss what curl (or libcurl) 
should or shouldn't do with given URLs - but you're most welcome to bring your 
ideas and patches to the curl project and we can debate their virtues over 
there.

-- 

  / daniel.haxx.se

Re: clone from url with email address as username?(escaping @ symbol)

[Matthieu Moy]

Daniel Stenberg <daniel@haxx.se> writes:

>> Many tools do in this case, Firefox is one of them.
>
> So what if you had that @ in your password and not in your user
> name?

Then the last @ would still be the separator between the
login/password and the hostname, and looking at the '@' starting from
the right hand side would still work.

The problem is if you have a ":" in your login or password, _then_ it
is ambiguous (but by far less common), but the @ is here to split
something that can have a @ in it (login:pass) and something which
can't (hostname), so there isn't any ambiguity.

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/