Maybe Fix the non escaped password in the logi request body #22
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bin-bash-mak
commented
Oct 30, 2024
| @@ -30,7 +30,10 @@ int SupabaseRealtime::_login_process() | |||
| Loginhttps.addHeader("apikey", key); | |||
| Loginhttps.addHeader("Content-Type", "application/json"); | |||
|
|
|||
| String query = "{\"" + loginMethod + "\": \"" + phone_or_email + "\", \"password\": \"" + password + "\"}"; | |||
| String escapedPassword = password; | |||
| escapedPassword.replace("\"", "\\\""); | |||
There was a problem hiding this comment.
I really don't like this. Can we consider the use of ArduinoJson's Serialization
bin-bash-mak
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I am really sorry but I don't have the means to currently test the changes on an actual esp but the code builds
The issue with current approach is that maybe the json becomes invalid if a
"is present in the password. the issue should also happen if the user includes a"in the email / phone.Small question, is there any reason why we're not using the ArduinoJson's to serialize the json.
Also if I have maybe some changes in the future to to deduplicate some shared logic between the realtime and supabase classes and add some functionality for using the refresh token functionality as an example . Is it ok to open issues and feature requests to collaborate on implementing the changes in a clean interface that is inline with the collaborator's vision for the library?