Skip to content

🐛(back) allow ASCII characters in user sub field #1295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 29, 2025
Merged

🐛(back) allow ASCII characters in user sub field #1295

merged 1 commit into from
Aug 29, 2025

Conversation

lunika
Copy link
Member

@lunika lunika commented Aug 22, 2025
edited
Loading

Purpose

All ASCII characters are allowed in a sub, we change the sub validator to reflect this.

Proposal

  • 🐛(back) allow ASCII characters in user sub field

Fix #1280

@lunika lunika requested a review from AntoLC August 22, 2025 10:05
@lunika lunika self-assigned this Aug 22, 2025
@lunika lunika added the bug Something isn't working label Aug 22, 2025
@lunika lunika mentioned this pull request Aug 22, 2025
Closed
@lunika lunika requested a review from qbey August 26, 2025 09:14
qbey
qbey reviewed Aug 26, 2025
View reviewed changes
Copy link
Member

@qbey qbey left a comment
edited by lunika
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check:

  • add a changelog?
  • update migrations (no-op)?

We can merge it like this, but I wonder whether we should be less restrictive on the sub field, wdyt?

src/backend/core/models.py Outdated
),
)

sub = models.CharField(
_("sub"),
help_text=_(
"Required. 255 characters or fewer. Letters, numbers, and @/./+/-/_/: characters only."
"Required. 255 characters or fewer. Letters, numbers, and @.+-_:=/ characters only."
Copy link
Member

@qbey qbey Aug 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually the OIDC spec says the sub can contain up to 255 ASCII characters (following RFC 20 https://www.rfc-editor.org/rfc/rfc20.txt)

Subject Identifier. A locally unique and never reassigned identifier within the Issuer for the End-User, which is intended to be consumed by the Client, e.g., 24400320 or AItOawmwtWwcT0k51BayewNvutrJUqsvl6qs7A4. It MUST NOT exceed 255 ASCII [RFC20] characters in length. The sub value is a case-sensitive string.

Should we be less restrictive?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we should remove the validator?

@lunika lunika force-pushed the fix/user-sub-validator branch from 0ea8aba to cd45ff6 Compare August 29, 2025 12:25
@lunika lunika changed the title 🐛(back) allow / and = characters in user sub field 🐛(back) allow ASCII characters in user sub field Aug 29, 2025
@lunika lunika requested a review from qbey August 29, 2025 12:26
@lunika
Copy link
Member Author

lunika commented Aug 29, 2025

@qbey ASCII characters are allowed now.

@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 29, 2025
edited
Loading

Size Change: -9 B (0%)

Total Size: 3.6 MB

compressed-size-action

@lunika lunika force-pushed the fix/user-sub-validator branch 3 times, most recently from 64f8ae6 to d556403 Compare August 29, 2025 13:24
@lunika lunika enabled auto-merge (squash) August 29, 2025 13:25
@lunika
🐛(backend) allow ASCII characters in user sub field
4f3430e 
All ASCII characters are allowed in a sub, we change the sub validator
to reflect this.
Fix #1280
@lunika lunika force-pushed the fix/user-sub-validator branch from d556403 to 4f3430e Compare August 29, 2025 13:28
@lunika lunika merged commit 09de014 into main Aug 29, 2025
27 of 29 checks passed
@lunika lunika deleted the fix/user-sub-validator branch August 29, 2025 13:59
@AntoLC AntoLC mentioned this pull request Sep 4, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qbey qbey qbey approved these changes

@AntoLC AntoLC Awaiting requested review from AntoLC

Assignees

@lunika lunika

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Docs incompatible with ADFS OIDC provider
2 participants
@lunika @qbey