Invalid query: Syntax error when calling /api/v2/users

Alex0 · September 24, 2021, 9:38pm

I’m testing a way to break my API calls by using emails with special characters, and I’m receiving a 400 error when calling the /api/v2/users call when using the following email:

test+!#$%&'*±/=?^_`{|}~à@email.com

on my API I’m encoding the email using the javascript encodeURIComponent() and results in this encoded email string:

test%2B!%23%24%25%26'*%2B-%2F%3D%3F%5E_%60%7B%7C%7D~%C3%A0%40email.com

the final API url looks like this:
[auth0 URL]./api/v2/users?q=${encodedURIEmail}&search_engine=v3

and this is the response I’m getting:
{ statusCode: 400, error: 'Bad Request', message: 'Invalid query: Syntax Error, cannot parse test+!#$%&\'*+-/=?^_{|}~à@email.com: Lexical error at line 1, column 39. Encountered: after : "/=?^_{|}~\\u00e0@email.com" ' }

the user belongs to an auth0 IdP and that email was created through the create user from the user management section on auth0, so I assume the email was validated before I was able to create it.

is there any reason why the encoded email is triggering this error on the auth0 API?

nicolas_sabena · September 26, 2021, 5:15pm

It looks like this is breaking the free test search. Can you try doing this search instead? (properly URL-encoded):

email:"test+!#$%&'*±/=?^_`{|}~à@email.com"

Fully encoded, you’d have:

https://{your_auth0_domain}/api/v2/users?q=email%3A%22test%2B!%23%24%25%26'*%C2%B1%2F%3D%3F%5E_%60%7B%7C%7D~%C3%A0%40email.com%22

Does that work?

Alex0 · September 27, 2021, 6:10pm

yes, that did the trick, should we expect a fix for the free test search?

nicolas_sabena · September 28, 2021, 3:50pm

I don’t see a formal definition for the syntax so it’s hard to say whether this should work or not. I can report it internally, but I’m not sure if this will be addressed.

Hope you are not the person having to type this email address on every login

nicolas_sabena · September 29, 2021, 2:51pm

Hey @Alex0 . Just checked with the engineering team. We accept a Lucene query syntax there, and that search term alone is not valid. I could not find a BNF grammar definition for the term (see Apache Lucene - Query Parser Syntax), but I’d recommend using the field qualifier (email:) if you expect these types of email addresses.