mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-07-12 21:33:30 +00:00
Revert "Add support for colons in remember-me token values"
This reverts commit aceba1f1cf63625c00daaa0b05f30de0a5a7999d.
This commit is contained in:
parent
2b6821622e
commit
a82cab7afd
@ -15,11 +15,7 @@
|
|||||||
*/
|
*/
|
||||||
package org.springframework.security.web.authentication.rememberme;
|
package org.springframework.security.web.authentication.rememberme;
|
||||||
|
|
||||||
import java.io.UnsupportedEncodingException;
|
|
||||||
import java.lang.reflect.Method;
|
import java.lang.reflect.Method;
|
||||||
import java.net.URLDecoder;
|
|
||||||
import java.net.URLEncoder;
|
|
||||||
import java.nio.charset.StandardCharsets;
|
|
||||||
|
|
||||||
import javax.servlet.http.Cookie;
|
import javax.servlet.http.Cookie;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
@ -230,14 +226,13 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
|
|||||||
String[] tokens = StringUtils.delimitedListToStringArray(cookieAsPlainText,
|
String[] tokens = StringUtils.delimitedListToStringArray(cookieAsPlainText,
|
||||||
DELIMITER);
|
DELIMITER);
|
||||||
|
|
||||||
for (int i = 0; i < tokens.length; i++) {
|
if ((tokens[0].equalsIgnoreCase("http") || tokens[0].equalsIgnoreCase("https"))
|
||||||
try {
|
&& tokens[1].startsWith("//")) {
|
||||||
tokens[i] = URLDecoder.decode(tokens[i], StandardCharsets.UTF_8.name());
|
// Assume we've accidentally split a URL (OpenID identifier)
|
||||||
} catch (UnsupportedEncodingException uee) {
|
String[] newTokens = new String[tokens.length - 1];
|
||||||
throw new InvalidCookieException(
|
newTokens[0] = tokens[0] + ":" + tokens[1];
|
||||||
"Unable to decode Cookie token using UTF-8; value was '" + tokens[i]
|
System.arraycopy(tokens, 2, newTokens, 1, newTokens.length - 1);
|
||||||
+ "'");
|
tokens = newTokens;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return tokens;
|
return tokens;
|
||||||
@ -252,13 +247,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
|
|||||||
protected String encodeCookie(String[] cookieTokens) {
|
protected String encodeCookie(String[] cookieTokens) {
|
||||||
StringBuilder sb = new StringBuilder();
|
StringBuilder sb = new StringBuilder();
|
||||||
for (int i = 0; i < cookieTokens.length; i++) {
|
for (int i = 0; i < cookieTokens.length; i++) {
|
||||||
try {
|
sb.append(cookieTokens[i]);
|
||||||
sb.append(URLEncoder.encode(cookieTokens[i], StandardCharsets.UTF_8.name()));
|
|
||||||
} catch (UnsupportedEncodingException uee) {
|
|
||||||
throw new InvalidCookieException(
|
|
||||||
"Unable to encode Cookie token using UTF-8; value was '" + cookieTokens[i]
|
|
||||||
+ "'");
|
|
||||||
}
|
|
||||||
if (i < cookieTokens.length - 1) {
|
if (i < cookieTokens.length - 1) {
|
||||||
sb.append(DELIMITER);
|
sb.append(DELIMITER);
|
||||||
}
|
}
|
||||||
|
@ -88,7 +88,7 @@ public class AbstractRememberMeServicesTests {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void cookieShouldBeCorrectlyEncodedAndDecoded() throws Exception {
|
public void cookieShouldBeCorrectlyEncodedAndDecoded() throws Exception {
|
||||||
String[] cookie = new String[] { "name:with:colon", "cookie", "tokens", "blah" };
|
String[] cookie = new String[] { "name", "cookie", "tokens", "blah" };
|
||||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||||
|
|
||||||
String encoded = services.encodeCookie(cookie);
|
String encoded = services.encodeCookie(cookie);
|
||||||
@ -97,7 +97,7 @@ public class AbstractRememberMeServicesTests {
|
|||||||
String[] decoded = services.decodeCookie(encoded);
|
String[] decoded = services.decodeCookie(encoded);
|
||||||
|
|
||||||
assertThat(decoded.length).isEqualTo(4);
|
assertThat(decoded.length).isEqualTo(4);
|
||||||
assertThat(decoded[0]).isEqualTo("name:with:colon");
|
assertThat(decoded[0]).isEqualTo("name");
|
||||||
assertThat(decoded[1]).isEqualTo("cookie");
|
assertThat(decoded[1]).isEqualTo("cookie");
|
||||||
assertThat(decoded[2]).isEqualTo("tokens");
|
assertThat(decoded[2]).isEqualTo("tokens");
|
||||||
assertThat(decoded[3]).isEqualTo("blah");
|
assertThat(decoded[3]).isEqualTo("blah");
|
||||||
|
Loading…
x
Reference in New Issue
Block a user