Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 21:33:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Add support for colons in remember-me token values"

Browse Source 
This reverts commit aceba1f1cf63625c00daaa0b05f30de0a5a7999d.
This commit is contained in:
Joe Grandja 2016-09-13 10:27:51 -04:00
parent 2b6821622e
commit a82cab7afd
2 changed files with 11 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
View File

@ -15,11 +15,7 @@
*/
package org.springframework.security.web.authentication.rememberme;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Method;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
@ -230,14 +226,13 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
String[] tokens = StringUtils.delimitedListToStringArray(cookieAsPlainText,
DELIMITER);
for (int i = 0; i < tokens.length; i++) {
try {
tokens[i] = URLDecoder.decode(tokens[i], StandardCharsets.UTF_8.name());
} catch (UnsupportedEncodingException uee) {
throw new InvalidCookieException(
"Unable to decode Cookie token using UTF-8; value was '" + tokens[i]
+ "'");
}
if ((tokens[0].equalsIgnoreCase("http") || tokens[0].equalsIgnoreCase("https"))
&& tokens[1].startsWith("//")) {
// Assume we've accidentally split a URL (OpenID identifier)
String[] newTokens = new String[tokens.length - 1];
newTokens[0] = tokens[0] + ":" + tokens[1];
System.arraycopy(tokens, 2, newTokens, 1, newTokens.length - 1);
tokens = newTokens;
}
return tokens;
@ -252,13 +247,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
protected String encodeCookie(String[] cookieTokens) {
StringBuilder sb = new StringBuilder();
for (int i = 0; i < cookieTokens.length; i++) {
try {
sb.append(URLEncoder.encode(cookieTokens[i], StandardCharsets.UTF_8.name()));
} catch (UnsupportedEncodingException uee) {
throw new InvalidCookieException(
"Unable to encode Cookie token using UTF-8; value was '" + cookieTokens[i]
+ "'");
}
sb.append(cookieTokens[i]);
if (i < cookieTokens.length - 1) {
sb.append(DELIMITER);
}

4
web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
View File

@ -88,7 +88,7 @@ public class AbstractRememberMeServicesTests {
@Test
public void cookieShouldBeCorrectlyEncodedAndDecoded() throws Exception {
String[] cookie = new String[] { "name:with:colon", "cookie", "tokens", "blah" };
String[] cookie = new String[] { "name", "cookie", "tokens", "blah" };
MockRememberMeServices services = new MockRememberMeServices(uds);
String encoded = services.encodeCookie(cookie);
@ -97,7 +97,7 @@ public class AbstractRememberMeServicesTests {
String[] decoded = services.decodeCookie(encoded);
assertThat(decoded.length).isEqualTo(4);
assertThat(decoded[0]).isEqualTo("name:with:colon");
assertThat(decoded[0]).isEqualTo("name");
assertThat(decoded[1]).isEqualTo("cookie");
assertThat(decoded[2]).isEqualTo("tokens");
assertThat(decoded[3]).isEqualTo("blah");