Add support for colons in remember-me token values
We have an issue where token strings that contain a colon break the existing decoding strategy, which tokenizes on colons. This change urlencodes the individual tokens when creating the cookie string; and urldecodes them decoding the cookie and extracting the tokens. This also eliminates the need for existing code to deal with openid tokens which contain urls, and thus colons. Fixes gh-3355
This commit is contained in:
committed by
Joe Grandja
parent
37c6605062
commit
aceba1f1cf
@@ -88,7 +88,7 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
@Test
|
||||
public void cookieShouldBeCorrectlyEncodedAndDecoded() throws Exception {
|
||||
String[] cookie = new String[] { "name", "cookie", "tokens", "blah" };
|
||||
String[] cookie = new String[] { "name:with:colon", "cookie", "tokens", "blah" };
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
|
||||
String encoded = services.encodeCookie(cookie);
|
||||
@@ -97,7 +97,7 @@ public class AbstractRememberMeServicesTests {
|
||||
String[] decoded = services.decodeCookie(encoded);
|
||||
|
||||
assertThat(decoded.length).isEqualTo(4);
|
||||
assertThat(decoded[0]).isEqualTo("name");
|
||||
assertThat(decoded[0]).isEqualTo("name:with:colon");
|
||||
assertThat(decoded[1]).isEqualTo("cookie");
|
||||
assertThat(decoded[2]).isEqualTo("tokens");
|
||||
assertThat(decoded[3]).isEqualTo("blah");
|
||||
|
||||
Reference in New Issue
Block a user