I have an application that stores information about a person onto a database, but when I try to use the URL to GET a user based on their email address users with a + in their email cannot be found.
Example URL that returns person:
https://www.someURL.com/api/people/johnsmith#someemail.com
Example URL that does not return person (returns null):
https://www.someURL.com/api/people/jane+doe#someemail.com
Both emails are in the database as written in the URL so it does not appear to be a typo issue, and I am using postman to test the GET method. Why am I not able to find them, and how can I make it so that they can be found even with the + character?
Working postman request
NOT working postman request
When I search with id I am able to find the person so I know the person exists.
Verification that person exists
My suggestion would be: change your server implementaion from GET to POST and provide an email as a String parameter within the body of request. It'll prevent this and any similar issue with escaping special characters in URI.
If it's not possible, try to frame email address with a single ' or double " quotes, depending on how your web server treats incoming request it may help as well.
Nice to know that "+" is not really a 'valid' character for a lot of email providers for a reason. For instance, Gmail will not let you to create an email address with anything but [A-z0-9] (alphanumeric) and dot (.) characters. I'm pretty sure they were tired of validating input emails with complex regular expression and just limited it to basic ones.
'+' is a reserved character in URIs, so in order to prevent it being interpreted as a space character you would need to percent-encode it. In your example, replace '+' with '%2B'.
https://www.someURL.com/api/people/jane%2Bdoe#someemail.com
There are other characters that are allowed in email addresses but are reserved characters in URIs, so it would be best to percent-encode the whole email address, just in case.
Related
I have been using the sendgrid-ruby gem for sending emails. The subject of the email doesn't decode special characters properly.
Eg. Sending this subject for the email How's it going translates to this in the actual email How's it going
I have tried encoding the string for subject to different formats such as ASCII, ISO_8859_1 but none of this works.
#body_json['personalizations'][0]['dynamic_template_data'] = {
'email_title': #email_title,
'content': #description,
'subject': "How's it going"
}
SendGrid::API.new(api_key: ENV['SENDGRID_API_KEY']).client.mail._('send').post(request_body: #body_json)
The subject for email should show special characters correctly such as ' & :
You should be using triple brackets in your subject section i.e. {{{subject}}} for subjects with special characters.
If you use the double brackets approach your string is going to be HTML encoded.
Check this link from SendGrid repository https://github.com/sendgrid/sendgrid-nodejs/issues/741#issuecomment-422026634
Okay so after chatting with sendgrid support I was able to figure this out. The issue is not with the sendgrid request from my side. Whenever making a template always be sure that subject title in header is inside double brackets i.e. {{subject}}. This will ensure that all special characters work inside this block.
I am implementing email verification by sending email to user on registration. On successful registration a mail with link to "http://mydomain.com/Account/Activate/EncryptedKeyID." Sometime i got '/' or special character that cant be passed to the url. So, I use HttpUtility.UrlEncode to encode. But this does not help. When I click on the email it gives IIS error because of extra slash in "http://mydomain.com/Account/Activate/JLU/YmtRdRAFmBdqhR7tnA==". I have used Rijndael/AES for encrypt and decrypt.
My Questions are:
Should i go for another encryption method?
Is there any alternative?
thanks in advance for your time and help
After digging around, I find that HttpUtility.UrlEncode wont work for my case and i have to use HttpServerUtility.UrlTokenEncode as it is safer for url. It does not contain any potentially dangerous character '+' and '/' chars with '-' and '_' instead. For my case i use var ativationLink=HttpServerUtility.UrlTokenEncode(Convert.FromBase64String(Rij.Encrypt(param))); for link to add in email.
And to retrieve original param i used
var param= Rij.Decrypt(Convert.ToBase64String(HttpServerUtility.UrlTokenDecode(ActivationKey)));
IM/Email type scenario:
User types whatever they want and sends it to their buddy. If they enter a URL, I want to make it clickable for the recipient. This means we need to identify a sequence of characters within the string is a valid URI and make a hyperlink out of it.
Is there a library to help parse the user input and detect if the user types an internationalized domain name as part of a string?
example:
hey dude this Russian McDonald's site макдональдс.рф is cool - check it out!
Note I am not talking about parsing the URI or doing punycode/Unicode conversions - I need to be able to identify this as a URI first before doing any of that...
Facebook sends email notifications when a new message has arrived in a facebook message thread. The email allows you to reply on it without going to Facebook.
I think it is being done by Facebook by generating a reply to email address that is linked to the message thread.
Example of such a reply-to email adress of a facebook email notification (I modified some characters, so it won't work):
m+51r6w8e000000bu1jfpbziio6jmfnvvtkaevxrgojnel8qv#reply.facebook.com
I'm trying to implement a similar feature in my rails app.
I'm still a newbie in rails and wondering how I should approach this issue.
I was trying to encrypt the id of my message thread using the encryptor gem, then using this as an email adress in the form: encryptedId#mydomain.com. Issue is that the encrypted output contains characters that are not allowed in an email address.
As I know little about encryption I googled and found the possibility to base64 encode the encrypted output. This is common practice for urls. But still, this has characters (for example %) that are not allowed in an email adress.
I found that RC4 should be an encrytpion algorythm that has hexadecimal output. But the encryptor gem gives me 1 non-hexadecimal character when using this algorythm, so it doesn't seem to work. Conclusion: I'm a bit stuck.
Maybe I'm looking to far. Are there other appoaches that I could consider?
EDIT: extra info: I'm trying to make the email address non-guessable.
Thanks!
If you are trying to keep your response email addresses non-predictable, you can create your email address out of a concatenation of:
some unique aspect of the message thread such as a row ID
a similar unique attribute of the user being sent the email
a MD5 encoded hash of both of those items plus a unique string known only by your system
a random salt to the MD5
So if user 7812 posts in thread 8299 you could make your base string
u7812t8299
then take that string "u7812t8299" plus the time the email was sent (say 12:31), and a string known to your system like "purpleumbrella"
Your result string is "u7812t82991231purpleumbrella". Using:
Digest::MD5.hexdigest("u7812t82991231purpleumbrella")
we get an MD5 hash of:
5822aceca1f70afdb06f53b5c7e4df99
now send the user an e-mail with a return address of
u7812t8299-1231-5822aceca1f70afdb06f53b5c7e4df99#yoursite
When you get an e-mail back to that address, your system will know that it's for user 7812 posting in thread 8299, and because only your system knows the password required to create the MD5 sum for this combination that would result in an MD5 string starting with 5822aceca1, you can verify to a certain extent that this is not a randomly generated email by someone trying to spam your system.
I'm currently modifying my regex for this:
Extracting email addresses in an html block in ruby/rails
basically, im making another obfuscator that uses ROT13 by parsing a block of text for all links that contain a mailto referrer(using hpricot). One use case this doesn't catch is that if the user just typed in an email address(without turning it into a link via tinymce)
So here's the basic flow of my method:
1. parse a block of text for all tags with href="mailto:..."
2. replace each tag with a javascript function that changes this into ROT13 (using this script: http://unixmonkey.net/?p=20)
3. once all links are obfuscated, pass the resulting block of text into another function that parses for all emails(this one has an email regex that reverses the email address and then adds a span to that email - to reverse it back)
step 3 is supposed to clean the block of text for remaining emails that AREN'T in a href tags(meaning it wasn't parsed by hpricot). Problem with this is that the emails that were converted to ROT13 are still found by my regex. What i want to catch are just emails that WEREN'T CONVERTED to ROT13.
How do i do this? well all emails the WERE CONVERTED have a trailing "'.replace" in them. meaning, i need to get all emails WITHOUT that string. so far i have this regex:
/\b([A-Z0-9._%+-]+#[A-Z0-9.-]+.[A-Z]{2,4}('.replace))\b/i
but this gets all the emails with the trailing '.replace i want to get the opposite and I'm currently stumped with this. any help from regex gurus out there?
MORE INFO:
Here's the regex + the block of text im parsing:
http://www.rubular.com/r/NqXIHrNqjI
as you can see, the first two 'email addresses' are already obfuscated using ROT13. I need a regex that gets the emails ohhellzyeah#ribute.com and kaboom#yahoo.com
On negative lookaheads
You can use a negative lookahead to assert that a pattern doesn't match.
For example, the following regex matches all strings that doesn't end with ".replace" string:
^(?!.*\.replace$).*$
As another example, this regex matches all a*b*, except aabb:
^(?!aabb$)a*b*$
Ideally,
See also
regular-expressions.info/Lookaheads and anchors
Flavor comparison - unfortunately, Ruby doesn't support lookbehinds
Specific solution
The following regex works in this scenario: (see on rubular.com):
/\b([A-Z0-9._%+-]+#(?![A-Z0-9.-]*'\.replace\b)[A-Z0-9.-]+\.[A-Z]{2,4})\b/i