Fix domains that start with UTF character #3560
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ukutaht
changed the title
|
I'm wondering if it wouldn't be better to encode and decode the domain using IDNA encoding (aka punycode) instead 🤔 iex(5)> :idna.encode("zaęółć.pl")
~c"xn--za-6ja4f2d1l.pl"
iex(6)> :idna.encode("zaęółć.pl") |> :idna.decode |> to_string
"zaęółć.pl"For reference: |
What I like about the current approach is that the domain name is displayed in the most 'native' format for the user. 
Also we need to encode |
Ah, you are right, I forgot we support that 🤦 |
zoldar
approved these changes
Nov 28, 2023
|
I went ahead trying to change the domain from ąęćż.pl to ćććąęćż.pl and upon submitting the domain change form got this:
Same with Reset Stats in the Danger Zone. |
aerosol
reviewed
Nov 28, 2023
aerosol
reviewed
Nov 28, 2023
ukutaht
force-pushed
the
fix-unicode-domains
branch
from
337e09f to
c2b1260
Compare
aerosol
approved these changes
Nov 29, 2023
9 tasks
zoldar
added a commit
that referenced
this pull request
Dec 4, 2023
zoldar
added a commit
that referenced
this pull request
Dec 5, 2023
zoldar
added a commit
that referenced
this pull request
Dec 5, 2023
zoldar
added a commit
that referenced
this pull request
Dec 6, 2023
* Add 2FA actions to `AuthController` * Hook up new `AuthController` actions to router * Add `qr_code` to project dependencies * Implement generic `qr_code` component rendering SVG QR code from text * Implement enabled and disabled 2FA setting state in user settings view * Implement view for initiating 2FA setup * Implement view for verifying 2FA setup * Implement view for rendering generated 2FA recovery codes * Implement view for verifying 2FA code * Implement view for verifying 2FA recovery code * Improve `input_with_clipboard` component * Improve view for initiating 2FA setup * Improve verify 2FA setup view * Implement `verify_2fa_input` component * Improve view for verifying 2FA setup * Improve view rendering generated 2FA recovery codes * Use `verify_2fa_input` component in verify 2FA view * Do not render PA contact on self-hosted instances * Improve flash message phrasing on generated recovery codes * Add byline with a warning to disable 2FA modal * Extract modal to component and move 2FA components to dedicated module * First pass on loading state for "generate new codes" * Adjust modal button logic * Fix button in verify_2fa_input component * Use button component in activate view * Implement wait states for recovery code related actions properly * Apply rate limiting to 2FA verification * Log failed 2FA code input attempts * Add ability to trust device and skip 2FA for 30 days * Improve styling in dark mode * Fix waiting state under Chrome and Safari * Delete trust cookie when disabling 2FA * Put 2FA behind a feature flag * Extract 2FA cookie deletion * ff fixup * Improve session management during 2FA login * Extract part of 2FA controller logic to a separate module and clean up a bit * Clear 2FA user session when rate limit hit * Add id to form in verify 2FA setup view * Add controller tests for 2FA actions and login action * Update CHANGELOG.md * Use `full_build?()` instead of `@is_selfhost` removed after rebase * Update `Auth.TOTP` moduledoc * Add TOTP token management and make `TOTP.enable` more test-friendly * Use TOTP token for device trust feature * Use zero-deps `eqrcode` instead of deps-heavy `qr_code` * Improve flash messages copy Co-authored-by: hq1 <[email protected]> * Make one more copy improvement Co-authored-by: hq1 <[email protected]> * Fix copy in remaining spots * Change redirect after login to accept URLs from #3560 (h/t @aerosol) * Add tests checking handling login_dest on login and 2FA verification * Fix regression in email activation form submit button behavior * Rename `PlausibleWeb.TwoFactor` -> `PlausibleWeb.TwoFactor.Session` * Move `qr_code` component under `Components.TwoFactor` * Set domain and secure options for new cookies --------- Co-authored-by: hq1 <[email protected]>
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
Currently the whole settings are is broken when the
site.domainstarts with a special character like ä.The issue seems to be Phoenix itself being a bit too eager in a security check: phoenixframework/phoenix#5508
Unfortunately it hasn't been fixed yet in Phoenix. The fix is to use
redirect(external: )rather thanredirect(to: )since the former will skip the problematic security check.Tests
Changelog
Documentation
Dark mode