SEC-3190: Add support for colons in remember-me token values
We have an issue where token strings that contain a colon break the existing decoding strategy, which tokenizes on colons. so this change urlencodes the individual tokens when creating the cookie string; and urldecodes them decoding the cookie and extracting the tokens. This also eliminates the need for existing code to deal with openid tokens which contain urls, and thus colons.
This commit is contained in:
@@ -90,7 +90,7 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
@Test
|
||||
public void cookieShouldBeCorrectlyEncodedAndDecoded() throws Exception {
|
||||
String[] cookie = new String[] { "name", "cookie", "tokens", "blah" };
|
||||
String[] cookie = new String[] { "name:with:colon", "cookie", "tokens", "blah" };
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
|
||||
String encoded = services.encodeCookie(cookie);
|
||||
@@ -98,7 +98,7 @@ public class AbstractRememberMeServicesTests {
|
||||
assertThat(encoded.endsWith("=")).isFalse();
|
||||
String[] decoded = services.decodeCookie(encoded);
|
||||
|
||||
assertThat(decoded).containsExactly("name", "cookie", "tokens", "blah");
|
||||
assertThat(decoded).containsExactly("name:with:colon", "cookie", "tokens", "blah");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
Reference in New Issue
Block a user