Revert "Add support for colons in remember-me token values"

This reverts commit aceba1f1cf63625c00daaa0b05f30de0a5a7999d.
This commit is contained in:
Joe Grandja 2016-09-13 10:27:51 -04:00
parent 2b6821622e
commit a82cab7afd
2 changed files with 11 additions and 21 deletions

View File

@ -15,11 +15,7 @@
*/ */
package org.springframework.security.web.authentication.rememberme; package org.springframework.security.web.authentication.rememberme;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import javax.servlet.http.Cookie; import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
@ -230,14 +226,13 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
String[] tokens = StringUtils.delimitedListToStringArray(cookieAsPlainText, String[] tokens = StringUtils.delimitedListToStringArray(cookieAsPlainText,
DELIMITER); DELIMITER);
for (int i = 0; i < tokens.length; i++) { if ((tokens[0].equalsIgnoreCase("http") || tokens[0].equalsIgnoreCase("https"))
try { && tokens[1].startsWith("//")) {
tokens[i] = URLDecoder.decode(tokens[i], StandardCharsets.UTF_8.name()); // Assume we've accidentally split a URL (OpenID identifier)
} catch (UnsupportedEncodingException uee) { String[] newTokens = new String[tokens.length - 1];
throw new InvalidCookieException( newTokens[0] = tokens[0] + ":" + tokens[1];
"Unable to decode Cookie token using UTF-8; value was '" + tokens[i] System.arraycopy(tokens, 2, newTokens, 1, newTokens.length - 1);
+ "'"); tokens = newTokens;
}
} }
return tokens; return tokens;
@ -252,13 +247,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
protected String encodeCookie(String[] cookieTokens) { protected String encodeCookie(String[] cookieTokens) {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
for (int i = 0; i < cookieTokens.length; i++) { for (int i = 0; i < cookieTokens.length; i++) {
try { sb.append(cookieTokens[i]);
sb.append(URLEncoder.encode(cookieTokens[i], StandardCharsets.UTF_8.name()));
} catch (UnsupportedEncodingException uee) {
throw new InvalidCookieException(
"Unable to encode Cookie token using UTF-8; value was '" + cookieTokens[i]
+ "'");
}
if (i < cookieTokens.length - 1) { if (i < cookieTokens.length - 1) {
sb.append(DELIMITER); sb.append(DELIMITER);
} }

View File

@ -88,7 +88,7 @@ public class AbstractRememberMeServicesTests {
@Test @Test
public void cookieShouldBeCorrectlyEncodedAndDecoded() throws Exception { public void cookieShouldBeCorrectlyEncodedAndDecoded() throws Exception {
String[] cookie = new String[] { "name:with:colon", "cookie", "tokens", "blah" }; String[] cookie = new String[] { "name", "cookie", "tokens", "blah" };
MockRememberMeServices services = new MockRememberMeServices(uds); MockRememberMeServices services = new MockRememberMeServices(uds);
String encoded = services.encodeCookie(cookie); String encoded = services.encodeCookie(cookie);
@ -97,7 +97,7 @@ public class AbstractRememberMeServicesTests {
String[] decoded = services.decodeCookie(encoded); String[] decoded = services.decodeCookie(encoded);
assertThat(decoded.length).isEqualTo(4); assertThat(decoded.length).isEqualTo(4);
assertThat(decoded[0]).isEqualTo("name:with:colon"); assertThat(decoded[0]).isEqualTo("name");
assertThat(decoded[1]).isEqualTo("cookie"); assertThat(decoded[1]).isEqualTo("cookie");
assertThat(decoded[2]).isEqualTo("tokens"); assertThat(decoded[2]).isEqualTo("tokens");
assertThat(decoded[3]).isEqualTo("blah"); assertThat(decoded[3]).isEqualTo("blah");