Login leads me a broken link if full name contains Unicode letters

[sneetsher]

This how I produce the issue:

1. Open the main page

2. Login

   This page comes: https://uappexplorer.com/auth/ubuntu/return

   The page you are trying to access does not exist Return to the main page

3. Click on main page link, takes me to main page but I'm still not logged in

[bhdouglass]

Just to verify, as part of the login process you are redirected to Ubuntu One and login there?

[sneetsher]

Yes, i login to Ubuntu One when it comes back, I get that return page.

[bhdouglass]

Interesting, what browser are you using? I can't seem to get this situation to happen.

[sneetsher]

hmm I've Firefox v53 64bit, Ubuntu 16.04, uBlock was active and blocks only one item:

https://www.google-analytics.com/analytics.js

I disabled ublock, but still same results. I tried chromium too.

[bhdouglass]

Did you try running it without ublock?

[sneetsher]

Yeah, I disabled ublock completely but still have same behavior. Also I tried Chromium and same page comes.

Probably something related to my connection: my location (IP could be blacklisted in some servers).

Here is the export of firefox debug info for that replay: Archive 17-04-29 14-11-21.har.zip

[sneetsher]

Yeah, I disabled ublock completely but still have same behavior. Also I tried Chromium and same page comes.

Probably something related to my connection: my location (IP could be blacklisted in some servers). However, I tried with a proxy but still same result, not found return page.

Here is the export of firefox debug info for that replay: Archive 17-04-29 14-11-21.har.zip

[bhdouglass]

Thanks for the debug info, I'll look into it and see what I can find.

[sneetsher]

@bhdouglass , I'm using Arabic letters in my full name for Ubuntu/LP account, so if the site does not expect Unicode then the issue could raise while handling it.

[bhdouglass]

Ok, so I think I fixed it. I'm not sure why it is happening, although it could be because of the Unicode characters in your name. Can you try it out and let me know if it works?

[sneetsher]

Not working yet, but it has different behavior:

• It keeps reloading Ubuntu login page: https://login.ubuntu.com/<hash>/+decide

  The hash is changing when i click login in Ubuntu page, so it seems like uappexplorer is asking again for login.

[sneetsher]

I just confirmed that the issue is with Unicode.

• I removed my original full name (Arabic letter) keeping only Latin letters, I could login successfully.

I'm not familiar with nodejs & openid , but Does openid encode Unicode letters (not in ASCII subset)? Like URL encoding %XX or \uxxxx. If yes, then nodejs should decode it.

[bhdouglass]

Progress! So that confirms that the problem is the Unicode characters. Ubuntu is sending a POST request because of the Unicode characters (normally it's doing a GET request). Do you mind sharing a few of the Unicode characters from your name? That'll make it easier to reproduce the problem.

[sneetsher]

Sure:

شلي (Chelli)

Arabic has a right-to-left cursive script, you may not get same shape if not supported but you should see at least these letters ش,ل,ي .

[bhdouglass]

So I was able to use your name to login to uApp Explorer, it seems the POST request worked. But since your keep getting a redirect loop can you try logging out of both uApp Explorer and Ubuntu and possibly clear out any cookies involved with both sites? Let me know if that works.

[sneetsher]

Nice I could login but not with my complete name :). I use a long name (origin+latin):

عبدالله شلي (Abdellah Chelli)

If I remove some letters, I can login, otherwise it loops me again.

The code may contain a limit on name length. Btw, UTF-8 has variable char size, Arabic char use 2bytes, Chinese char may reach 4bytes.

My full name is around 10x2+14x1+5=39bytes

[bhdouglass]

Ok, I think I finally found the root of the problem! Apparently the library I'm using for openid logins, doesn't properly support POST requests. I've modified my Ubuntu login wrapper lib to handle it. Try it now and let me know if it works!

[sneetsher]

@bhdouglass, yes I confirm that, I can login with my full name.

[bhdouglass]

Awesome! Thanks for bearing with me.