jmarca
Bad ticket validation regexp
The ticket ID validation regexp in ticket.js does not match IDs sent by the CAS server I work with.
Need to be /^ST-.{26,256}$/ instead of /^ST-.{28,256}$/.
OK for you if I create a PR?
Um sure make a PR and I’ll look it over
I haven’t used this myself in a while, but I do try to keep it current. Is there a reason upstream for the change? Which version of CAS server are you using? Is it possible to set up a test case with that version of server?
James
On Sep 5, 2022, at 01:03, Emmanuel Saracco @.***> wrote:
The ticket ID validation regexp in ticket.js does not match IDs sended by the CAS server I work with. Need to be /^ST-.{26,256}$/ instead of /^ST-.{28,256}$/. OK for you if I create a PR?
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.
Can you tell me which document the comment in ticket.js:63 is referring to:
MUST begin with the characters, "ST-", and must be between 32 and 256 characters in length.
For my part, I found this:
Proxy tickets MUST begin with either the characters, “ST-“ or “PT-“. Back-end services MUST be able to accept proxy tickets of up to 32 characters in length. It is RECOMMENDED that back-end services support proxy tickets of up to 256 characters in length.
Extract from Apereo Service Ticket Properties
I don't see any mention of a minimum length.
You are right, I must have misread the spec all those years ago.
I'm reading now "must accept up to 32" and "should accept up to 256"
I'm also not a big fan of short tickets, but if the spec says there is no minimum then I have to accept from 1 on up. Any thoughts or opinions on that?
James
On Tue, Sep 06, 2022 at 04:57:52AM -0700, Emmanuel Saracco wrote:
Can you tell me which document the comment in
ticket.js:63is referring to:MUST begin with the characters, "ST-", and must be between 32 and 256 characters in length.
For my part, I found this:
Proxy tickets MUST begin with either the characters, “ST-“ or “PT-“. Back-end services MUST be able to accept proxy tickets of up to 32 characters in length. It is RECOMMENDED that back-end services support proxy tickets of up to 256 characters in length.
Extract from Apereo Service Ticket Properties
I don't see any mention of a minimum length.
-- Reply to this email directly or view it on GitHub: https://github.com/jmarca/cas_validate/issues/82#issuecomment-1238047302 You are receiving this because you commented.
Message ID: @.***>
So let's go for a minimum value of 26 and let users tell us later if it should be reduced again :)
I will address this later today. While I am at it I am also going to rename the branch to "main" like all my other active code, and generally do any required gardening and weeding (check security fixes on dependencies, etc)
James
On Tue, Sep 06, 2022 at 08:28:55AM -0700, Emmanuel Saracco wrote:
So let's go for a minimum value of 26 and let users tell us later if it should be reduced again :)
-- Reply to this email directly or view it on GitHub: https://github.com/jmarca/cas_validate/issues/82#issuecomment-1238309694 You are receiving this because you commented.
Message ID: @.***>
--
James E. Marca Activimetrics LLC
On Tue, Sep 06, 2022 at 08:28:55AM -0700, Emmanuel Saracco wrote:
So let's go for a minimum value of 26 and let users tell us later if it should be reduced again :)
No, much as I hate to do it, I'd rather stick to the spec and go for a minimum of 1. I'm embarrassed that my misreading caused you issues, and for sure someone else will come along next week asking why we're using 26 when their server is using 8, etc.
-- Reply to this email directly or view it on GitHub: https://github.com/jmarca/cas_validate/issues/82#issuecomment-1238309694 You are receiving this because you commented.
Message ID: @.***>
--
James E. Marca Activimetrics LLC