SEC-3190: Add support for colons in remember-me token values

We have an issue where token strings that contain a colon break
the existing decoding strategy, which tokenizes on colons.  so this 
change urlencodes the individual tokens when creating the cookie 
string; and urldecodes them decoding the cookie and extracting the 
tokens.  This also eliminates the need for existing code to deal with
openid tokens which contain urls, and thus colons.
This commit is contained in:
Jeremy Waters
2016-01-11 13:16:55 -05:00
committed by Rob Winch
parent 8d717c62af
commit 832f5c39c1
2 changed files with 25 additions and 11 deletions

View File

@@ -90,7 +90,7 @@ public class AbstractRememberMeServicesTests {
@Test
public void cookieShouldBeCorrectlyEncodedAndDecoded() throws Exception {
String[] cookie = new String[] { "name", "cookie", "tokens", "blah" };
String[] cookie = new String[] { "name:with:colon", "cookie", "tokens", "blah" };
MockRememberMeServices services = new MockRememberMeServices(uds);
String encoded = services.encodeCookie(cookie);
@@ -98,7 +98,7 @@ public class AbstractRememberMeServicesTests {
assertThat(encoded.endsWith("=")).isFalse();
String[] decoded = services.decodeCookie(encoded);
assertThat(decoded).containsExactly("name", "cookie", "tokens", "blah");
assertThat(decoded).containsExactly("name:with:colon", "cookie", "tokens", "blah");
}
@Test