SMTP URL doesn't support # in password

[bernardolk]

Describe the bug

Whenever trying to use the email courier with a SMTP URL where the credentials (password) requires a hashtag, it won't work, possibly because of this line of code:

kratos/driver/config/config.go

Line 709 in c21bb80

i := strings.IndexByte(s, '#')

Reproducing the bug

Steps to reproduce the behavior:

Expected behavior

For the code to parse correctly the password section of the SMTP URL and if it's not possible to have a particular character, emit an error message explaining that it encountered this problem.

Environment

• Version: v0.6.6
• Environment: Terraform + Helm Charts, k8s

[aeneasr]

Try the url encoded form %23

[bernardolk]

I've tried, but then google will give bad credentials.
Also, if my password has %23 exactly, how would it differentiate between a # and literal %23? For the email part it makes all the sense since special characters are invalid.

[aeneasr]

You would supply url encoding, which encodes to % to %25 so you would end up with %2523`. Please read more about urlencoding: https://www.w3schools.com/tags/ref_urlencode.ASP

Someone else had a similar problem and there the encoding worked: #1539 (reply in thread)

It's also a bit confusing that urlencoding it doesn't work, as it would skip the linked code

kratos/driver/config/config.go

Line 709 in c21bb80

i := strings.IndexByte(s, '#')

because %23 would be converted to # later.

I wouldn't supply your password to this website, but you should try to url encode the password using https://www.urlencoder.org

Maybe you have made a typo by mistake which caused the urlencoded password to fail.

[aeneasr]

The best way to prove your suspicion would be to add a failing test case to https://github.com/Zippersk/kratos/blob/master/driver/config/config_test.go which proves that hashtags in passwords (urlencoded) do not work - then we can supply a fix :)

[bernardolk]

@aeneasr thanks for the reply. I will have to replace the SMTP configurations soon, so I can test that again when I get to it (probably next week).

[github-actions]

Hello contributors!

I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue

• open a PR referencing and resolving the issue;
• leave a comment on it and discuss ideas on how you could contribute towards resolving it;
• leave a comment and describe in detail why this issue is critical for your use case;
• open a new issue with updated details and a plan for resolving the issue.

Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.

Unfortunately, burnout has become a topic of concern amongst open-source projects.

It can lead to severe personal and health issues as well as opening catastrophic attack vectors.

The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.

If this issue was marked as stale erroneously you can exempt it by adding the backlog label, assigning someone, or setting a milestone for it.

Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!

Thank you 🙏✌️