-
Notifications
You must be signed in to change notification settings - Fork 308
Encoding is busted in BountySource linking URL #1020
Comments
Does BountySource accept non-ASCII characters in the URL? How should they be encoded? |
Well, my name shows up as "André" in the URL and BountySource form. It's saved in gittip as "André". At very least you could send BountySource the same data you already have... On Fri, Jun 7, 2013 at 7:06 AM, Lyndsy Simon [email protected]
|
Possibly related? |
FWIW, I did not see that... BountySource successfully displayed the bytes they were being sent (which, afaict, was unicode decoded as latin-1, and then re-encoded as unicode before being given to my browser). |
Does anyone know where are bountysource api docs? It seems a lot has changed since our part was implemented. I am thinking about busting https://github.com/gittip/www.gittip.com/blob/master/www/on/bountysource/redirect.spt#L31-L80 since the account creation is now based on liking github and others anyway. I just want to make sure I do it right. |
@corytheboyd I see that you've contributed the original code to connect to bountysource. Do you happen to have a link to the current bountysource api docs? |
Shall we block this on #1369 too? It is also noted by Sentry but I don't know how to link to this issue from the sentry page without creating a new issue. |
Referencing #1521 to link these together. |
Right, I've ticketed that with Sentry: getsentry/sentry#841. |
Hmmm ... we could, although the Bountysource integration is different enough from the others (it's a sort of hacked pseudo-oauth) that refactoring may not really address this. |
I wouldn't block this on #1369, no. |
I don't see where we send you to https://www.bountysource.com/#auth/gittip/connect. I do see where we send to https://www.bountysource.com/#auth/gittip/confirm. |
So the way redirect.spt works is that we pull profile information from existing connections (GitHub, Twitter, Bitbucket), and we send that to Bountysource so that in case you don't have an account to sign up with, they can prepopulate the sign-up form you get. |
However, I'm not seeing that the form prepopulation still exists on the Bountysource side. I notice that the URL redirects: From https://www.bountysource.com/#/auth/gittip/confirm to https://www.bountysource.com/auth/gittip/confirm and then to https://www.bountysource.com/signin. On the sign in form if I enter an email address I get additional fields for first/last name and display name, but these aren't prepopulated: So I'm guessing a) that this bug is no longer an issue (can you confirm, @indirect?) and b) we can just rip out the part where we pull profile information from existing connections. |
Ping @corytheboyd. Also, IRC. |
@whit537 I am for rip out :). Well, I've already said so in #1020 (comment) so that is probably not a surprise 😄 |
Ripped out in b7387dc. |
We should use the |
I think we've resolved this, @indirect. |
Cool, thanks everybody! On Wed, Nov 27, 2013 at 11:31 AM, Chad Whitacre [email protected]
|
When you try to link a gittip account to BountySource, and have a non-ASCII character in your name, gittip sends utf-8 characters interpreted as latin-1 encoding. Here's an example of a BountySource URL for linking with just the name and redirect parameters left:
https://www.bountysource.com/#auth/gittip/connect?first_name=André&last_name=Arko&login=indirect&redirect_url=https%3A%2F%2Fwww.gittip.com%2Fon%2Fbountysource%2Fassociate&status=error_needs_account/
The text was updated successfully, but these errors were encountered: