stig icon indicating copy to clipboard operation
stig copied to clipboard
verified publisher icon rndusr

Password with '@' causes a bug

Open thenightmail opened this issue 2 months ago • 4 comments

If the password has an '@' then the user saves the settings, the password is saved leading up to the first @ and puts the rest of the password into the host url.

thenightmail avatar Oct 18 '25 01:10 thenightmail

This is probably the relevent code that needs changing.

https://github.com/rndusr/stig/blob/805e2bc727733be405d1d917bb112e58b71cb34d/stig/client/utils.py#L624-L681

thenightmail avatar Oct 18 '25 01:10 thenightmail

a potential fix is checking if the url string contains multiple '@' symbols and handeling it differently if it does. Not sure if this is the best solution, any thoughts?

thenightmail avatar Oct 18 '25 01:10 thenightmail

Example URL:

***@***.***@localhost:9091

I suppose splitting at the rightmost "@" to get the username/password combo would solve your issue. But implementing this without unit tests (which are are broken and will probably stay broken) is very tedious.

And we still wouldn't know if the username is "username" or "username:http" or "username:http://foo", so there will always be some ambiguity.

If you have special characters in your "username:password" combo, using different settings should work:

set connect.url     http://localhost:9091
set connect.username user:name
set connect.password ***@***.***

rndusr avatar Oct 18 '25 16:10 rndusr

Ugh. GitHub can't process simple ASCII text in 2025, apparently. I'm afraid you have to use your imagination to fill in the asterisks, because I can't be arsed to work around shenanigans like that. Sorry. (But not sorry.)

rndusr avatar Oct 18 '25 16:10 rndusr