You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2010/09/10 10:04:24 UTC
svn commit: r995694 - in /sling/trunk/bundles/auth/form/src: main/java/org/apache/sling/auth/form/impl/ test/java/org/apache/sling/auth/form/impl/

Author: fmeschbe
Date: Fri Sep 10 08:04:24 2010
New Revision: 995694

URL: http://svn.apache.org/viewvc?rev=995694&view=rev
Log:
SLING-1744 Split the authentication data into exactly three fields leaving any excess field separators in the user name field thus supporting user names with @ signs such as email addresses.

Modified:
    sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
    sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
    sling/trunk/bundles/auth/form/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java

Modified: sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java?rev=995694&r1=995693&r2=995694&view=diff
==============================================================================
--- sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java (original)
+++ sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java Fri Sep 10 08:04:24 2010
@@ -35,7 +35,6 @@ import javax.servlet.http.HttpServletRes
 import javax.servlet.http.HttpSession;
 
 import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.lang.StringUtils;
 import org.apache.felix.scr.annotations.Component;
 import org.apache.felix.scr.annotations.Properties;
 import org.apache.felix.scr.annotations.Property;
@@ -844,8 +843,8 @@ public class FormAuthenticationHandler e
      */
     String getUserId(final String authData) {
         if (authData != null) {
-            String[] parts = StringUtils.split(authData, "@");
-            if (parts != null && parts.length == 3) {
+            String[] parts = TokenStore.split(authData);
+            if (parts != null) {
                 return parts[2];
             }
         }
@@ -864,7 +863,7 @@ public class FormAuthenticationHandler e
         if (authData == null) {
             updateCookie = true;
         } else {
-            String[] parts = StringUtils.split(authData, "@");
+            String[] parts = TokenStore.split(authData);
             if (parts != null && parts.length == 3) {
                 long cookieTime = Long.parseLong(parts[1].substring(1));
                 if (System.currentTimeMillis() + (sessionTimeout / 2) > cookieTime) {

Modified: sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java?rev=995694&r1=995693&r2=995694&view=diff
==============================================================================
--- sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java (original)
+++ sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java Fri Sep 10 08:04:24 2010
@@ -178,6 +178,24 @@ class TokenStore {
     }
 
     /**
+     * Splits the authentication data into the three parts packed together while
+     * encoding the cookie.
+     *
+     * @param authData The authentication data to split in three parts
+     * @return A string array with three elements being the three parts of the
+     *         cookie value or <code>null</code> if the input is
+     *         <code>null</code> or if the string does not contain (at least)
+     *         three '@' separated parts.
+     */
+    static String[] split(final String authData) {
+        String[] parts = StringUtils.split(authData, "@", 3);
+        if (parts != null && parts.length == 3) {
+            return parts;
+        }
+        return null;
+    }
+
+    /**
      * Returns <code>true</code> if the <code>value</code> is a valid secure
      * token as follows:
      * <ul>
@@ -192,8 +210,8 @@ class TokenStore {
      * Otherwise the method returns <code>false</code>.
      */
     boolean isValid(String value) {
-        String[] parts = StringUtils.split(value, "@");
-        if (parts != null && parts.length == 3) {
+        String[] parts = split(value);
+        if (parts != null) {
 
             // single digit token number
             int tokenNumber = parts[1].charAt(0) - '0';

Modified: sling/trunk/bundles/auth/form/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/form/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java?rev=995694&r1=995693&r2=995694&view=diff
==============================================================================
--- sling/trunk/bundles/auth/form/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java (original)
+++ sling/trunk/bundles/auth/form/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java Fri Sep 10 08:04:24 2010
@@ -92,7 +92,7 @@ public class FormAuthenticationHandlerTe
         assertEquals(null, handler.getUserId("field0"));
         assertEquals(null, handler.getUserId("field0@field1"));
         assertEquals("field3", handler.getUserId("field0@field1@field3"));
-        assertEquals(null, handler.getUserId("field0@field1@field3@field4"));
+        assertEquals("field3@field4", handler.getUserId("field0@field1@field3@field4"));
     }
 
     /**