I put some shit on git.sr.ht and hg.sr.ht; mostly stuff moved over from bitbucket.

My other stuff is elsewhere. I probably link to it on my website.

#370 imap: size of Literal is not equal to Len() (169980 != 169982) 5 months ago

Ticket created by ~sqwishy on ~sircmpwn/aerc2

I routinely get errors an error when moving sent mail to my sent mail folder when the mail has attachments with more than about 3k or 4k bytes.

I ran this four times with the same message (as far as I can tell) and attachment (just a bunch of zeros) and it failed the first two times.

2020/04/03 14:27:45 imap: size of Literal is not equal to Len() (169980 != 169982)
2020/04/03 14:28:21 imap: size of Literal is not equal to Len() (169981 != 169980)

hRVQNg APPEND "Sent" (\Seen) " 3-Apr-2020 14:27:45 -0700" {169980}
bU3NKg APPEND "Sent" (\Seen) " 3-Apr-2020 14:28:21 -0700" {169981}
IDLsuA APPEND "Sent" (\Seen) " 3-Apr-2020 14:29:10 -0700" {169981}
IDLsuA OK [APPENDUID 1418035046 817] Completed
mdrEZg APPEND "Sent" (\Seen) " 3-Apr-2020 14:35:16 -0700" {169980}
mdrEZg OK [APPENDUID 1418035046 818] Completed

It's a little weird that the length is different?

#52 Email validation skipped when updating profile 2 years ago

Ticket created by ~sqwishy on ~sircmpwn/meta.sr.ht

The registration tests the email length and uniqueness. But this is not enforced in profile_POST().

I feel like a lot of this validation might be better off in the ORM? It can often delegate these checks to the database which is nice for things like supporting bulk updates or ensuring uniqueness without race conditions by creating an index. At the moment, I think concurrent POSTs to /register might create users with the same email or username if those requests handlers do their uniqueness checks before the other handlers commit the session. (I could be wrong about that; I'm not real familiar with sqlalchemy.orm.)

Also, you can also register with the email foo@example.com; bar@example.com but I don't think it sends two emails so maybe that doesn't matter. And I can't think of a way in which either this or skipping email validation could be used to harm other users, so this is not super serious afaik.

Also you can kind of get around the uniqueness constraint on both fields with trailing whitespace. And zero width characters are permitted in usernames (and encode properly in the site's hyperlinks) but could maybe be a way for like a homograph attack or something?

There are different points in here; it's not real concise, sorry. The title of this todo is the only thing I think is a proper bug. Maybe I'm just being pedantic about the other things but I figure I'd mention them in case you have an opinion.

#51 Error adding SSH key 2 years ago

Ticket created by ~sqwishy on ~sircmpwn/meta.sr.ht

When adding the following key to https://meta.sr.ht/keys/ssh-keys, it fails with "This is not a valid SSH key".

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWF1iX7NWbx7rGsByUWclbOGcF1ZvP9mpeRdocf22jtg5Zjnjv+5psTtDKzYC0IQ1A/Mp2KJTY62O2gl0nPid1wx7OlFnyn3jhZ1kEEx46rQaAgbCGX9hBtbBZ5mEOT0PQgy/1ME6ssEV+4wVD29Of3KJOqcrnzonz8lNSidJZfD190bU/X+jdt4e4KipmRb+KU4NbZzNGGrfZ+cW1wd0Ww9dWtzAvCAL3YSh4xt2p9gJ2a/cpK13CDciC62PdK+dMvPPg2cLnoy40fwdTgJgQCWMajywLpNaLQpYMXRCXqdKrofuYGy07OUJHvW0PVSEIB2F5F6Z5PmousbgzBRQn sqwishy@coconut

I can't reproduce this on my own local setup of meta.sr.ht. I'm using sshpubkeys 3.1.0.

#50 Form errors on /keys hidden by CSS. 2 years ago

Ticket created by ~sqwishy on ~sircmpwn/meta.sr.ht

milesrout noticed form errors were hidden when submitting a GPG key at https://meta.sr.ht/keys/pgp-keys

It looks like .is-invalid is on the parent div.form-group when it's supposed to be on the textarea/input widget.

This is probably just a matter of moving valid.cls() a short distance in templates/keys.html?

See also: https://getbootstrap.com/docs/4.1/components/forms/#server-side