You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:18:28 UTC

[sling-org-apache-sling-auth-form] 11/26: SLING-1744 Split the authentication data into exactly three fields leaving any excess field separators in the user name field thus supporting user names with @ signs such as email addresses.

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.2
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git

commit 93fe53e6b64f918ca61369dae3b2823cd920e3d7
Author: Felix Meschberger <fm...@apache.org>
AuthorDate: Fri Sep 10 08:04:24 2010 +0000

    SLING-1744 Split the authentication data into exactly three fields leaving any excess field separators in the user name field thus supporting user names with @ signs such as email addresses.
    
    git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@995694 13f79535-47bb-0310-9956-ffa450edef68
---
 .../auth/form/impl/FormAuthenticationHandler.java  |  7 +++----
 .../apache/sling/auth/form/impl/TokenStore.java    | 22 ++++++++++++++++++++--
 .../form/impl/FormAuthenticationHandlerTest.java   |  2 +-
 3 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
index 57b7ce3..7835e0a 100644
--- a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
+++ b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
@@ -35,7 +35,6 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.lang.StringUtils;
 import org.apache.felix.scr.annotations.Component;
 import org.apache.felix.scr.annotations.Properties;
 import org.apache.felix.scr.annotations.Property;
@@ -844,8 +843,8 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
      */
     String getUserId(final String authData) {
         if (authData != null) {
-            String[] parts = StringUtils.split(authData, "@");
-            if (parts != null && parts.length == 3) {
+            String[] parts = TokenStore.split(authData);
+            if (parts != null) {
                 return parts[2];
             }
         }
@@ -864,7 +863,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
         if (authData == null) {
             updateCookie = true;
         } else {
-            String[] parts = StringUtils.split(authData, "@");
+            String[] parts = TokenStore.split(authData);
             if (parts != null && parts.length == 3) {
                 long cookieTime = Long.parseLong(parts[1].substring(1));
                 if (System.currentTimeMillis() + (sessionTimeout / 2) > cookieTime) {
diff --git a/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java b/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
index e06ff82..ed9b0ac 100644
--- a/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
+++ b/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
@@ -178,6 +178,24 @@ class TokenStore {
     }
 
     /**
+     * Splits the authentication data into the three parts packed together while
+     * encoding the cookie.
+     *
+     * @param authData The authentication data to split in three parts
+     * @return A string array with three elements being the three parts of the
+     *         cookie value or <code>null</code> if the input is
+     *         <code>null</code> or if the string does not contain (at least)
+     *         three '@' separated parts.
+     */
+    static String[] split(final String authData) {
+        String[] parts = StringUtils.split(authData, "@", 3);
+        if (parts != null && parts.length == 3) {
+            return parts;
+        }
+        return null;
+    }
+
+    /**
      * Returns <code>true</code> if the <code>value</code> is a valid secure
      * token as follows:
      * <ul>
@@ -192,8 +210,8 @@ class TokenStore {
      * Otherwise the method returns <code>false</code>.
      */
     boolean isValid(String value) {
-        String[] parts = StringUtils.split(value, "@");
-        if (parts != null && parts.length == 3) {
+        String[] parts = split(value);
+        if (parts != null) {
 
             // single digit token number
             int tokenNumber = parts[1].charAt(0) - '0';
diff --git a/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java b/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java
index 20f5054..589bf30 100644
--- a/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java
+++ b/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java
@@ -92,7 +92,7 @@ public class FormAuthenticationHandlerTest extends TestCase {
         assertEquals(null, handler.getUserId("field0"));
         assertEquals(null, handler.getUserId("field0@field1"));
         assertEquals("field3", handler.getUserId("field0@field1@field3"));
-        assertEquals(null, handler.getUserId("field0@field1@field3@field4"));
+        assertEquals("field3@field4", handler.getUserId("field0@field1@field3@field4"));
     }
 
     /**

-- 
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.