Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Middleware Core
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
4
Merge Requests
4
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Environments
Packages & Registries
Packages & Registries
Package Registry
Container Registry
Analytics
Analytics
CI / CD
Code Review
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
Middleware
Middleware Core
Commits
e734e040
Commit
e734e040
authored
Dec 17, 2020
by
tobias.friedrich
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
MWB-806: Don't trim decoded strings from basic authentication header
parent
7b6ad716
Pipeline
#133427
passed with stages
in 6 minutes and 45 seconds
Changes
3
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
87 additions
and
4 deletions
+87
-4
com.openexchange.server/src/com/openexchange/tools/servlet/http/Authorization.java
...rc/com/openexchange/tools/servlet/http/Authorization.java
+3
-3
com.openexchange.server/test/com/openexchange/i18n/tools/replacement/AuthorizationTest.java
...penexchange/i18n/tools/replacement/AuthorizationTest.java
+82
-0
com.openexchange.server/test/com/openexchange/server/UnitTests.java
...change.server/test/com/openexchange/server/UnitTests.java
+2
-1
No files found.
com.openexchange.server/src/com/openexchange/tools/servlet/http/Authorization.java
View file @
e734e040
...
...
@@ -204,10 +204,10 @@ public final class Authorization {
private
static
final
char
UNKNOWN
=
'\ufffd'
;
public
static
Credentials
decode
(
final
String
auth
)
throws
UnsupportedCharsetException
{
final
byte
[]
decoded
=
Base64
.
decode
(
auth
.
substring
(
BASIC_AUTH
.
length
()
+
1
));
String
userpass
=
new
String
(
decoded
,
com
.
openexchange
.
java
.
Charsets
.
UTF_8
)
.
trim
()
;
final
byte
[]
decoded
=
Base64
.
decode
(
auth
.
substring
(
BASIC_AUTH
.
length
()
+
1
)
.
trim
()
);
String
userpass
=
new
String
(
decoded
,
com
.
openexchange
.
java
.
Charsets
.
UTF_8
);
if
(
userpass
.
indexOf
(
UNKNOWN
)
>=
0
)
{
userpass
=
new
String
(
decoded
,
com
.
openexchange
.
java
.
Charsets
.
ISO_8859_1
)
.
trim
()
;
userpass
=
new
String
(
decoded
,
com
.
openexchange
.
java
.
Charsets
.
ISO_8859_1
);
}
final
int
delimiter
=
userpass
.
indexOf
(
':'
);
String
login
=
""
;
...
...
com.openexchange.server/test/com/openexchange/i18n/tools/replacement/AuthorizationTest.java
0 → 100644
View file @
e734e040
/*
*
* OPEN-XCHANGE legal information
*
* All intellectual property rights in the Software are protected by
* international copyright laws.
*
*
* In some countries OX, OX Open-Xchange, open xchange and OXtender
* as well as the corresponding Logos OX Open-Xchange and OX are registered
* trademarks of the OX Software GmbH group of companies.
* The use of the Logos is not covered by the GNU General Public License.
* Instead, you are allowed to use these Logos according to the terms and
* conditions of the Creative Commons License, Version 2.5, Attribution,
* Non-commercial, ShareAlike, and the interpretation of the term
* Non-commercial applicable to the aforementioned license is published
* on the web site http://www.open-xchange.com/EN/legal/index.html.
*
* Please make sure that third-party modules and libraries are used
* according to their respective licenses.
*
* Any modifications to this package must retain all copyright notices
* of the original copyright holder(s) for the original code used.
*
* After any such modifications, the original and derivative code shall remain
* under the copyright of the copyright holder(s) and/or original author(s)per
* the Attribution and Assignment Agreement that can be located at
* http://www.open-xchange.com/EN/developer/. The contributing author shall be
* given Attribution for the derivative code and a license granting use.
*
* Copyright (C) 2016-2020 OX Software GmbH
* Mail: info@open-xchange.com
*
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License, Version 2 as published
* by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., 59
* Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
package
com.openexchange.i18n.tools.replacement
;
import
static
org
.
junit
.
Assert
.
assertEquals
;
import
java.util.HashMap
;
import
java.util.Map
;
import
java.util.Map.Entry
;
import
org.junit.Test
;
import
com.openexchange.tools.servlet.http.Authorization
;
import
com.openexchange.tools.servlet.http.Authorization.Credentials
;
/**
* {@link AuthorizationTest}
*
* @author <a href="mailto:tobias.friedrich@open-xchange.com">Tobias Friedrich</a>
* @since 7.10.5
*/
public
class
AuthorizationTest
{
@Test
public
final
void
testDecodeBasicAuth
()
{
Map
<
String
,
Credentials
>
headerToCredentials
=
new
HashMap
<
String
,
Credentials
>();
headerToCredentials
.
put
(
"Basic aGFsbG86MTIz"
,
new
Credentials
(
"hallo"
,
"123"
));
headerToCredentials
.
put
(
"Basic MyQ1MyAgw7Z3QDIzIDJfN3ExXsKwYjpmc2VnZnNnZnNndmE="
,
new
Credentials
(
"3$53 \u00f6w@23 2_7q1^\u00b0b"
,
"fsegfsgfsgva"
));
headerToCredentials
.
put
(
"Basic dXNlcjU6ZW1wdHkxIA=="
,
new
Credentials
(
"user5"
,
"empty1 "
));
headerToCredentials
.
put
(
"Basic dXNlcjU6IGVtcHR5Mg=="
,
new
Credentials
(
"user5"
,
" empty2"
));
for
(
Entry
<
String
,
Credentials
>
entry
:
headerToCredentials
.
entrySet
())
{
Credentials
actual
=
Authorization
.
decode
(
entry
.
getKey
());
assertEquals
(
entry
.
getValue
().
getLogin
(),
actual
.
getLogin
());
assertEquals
(
entry
.
getValue
().
getPassword
(),
actual
.
getPassword
());
}
}
}
com.openexchange.server/test/com/openexchange/server/UnitTests.java
View file @
e734e040
...
...
@@ -115,7 +115,8 @@ import com.openexchange.lock.impl.AccessControlImplTest;
com
.
openexchange
.
folderstorage
.
internal
.
performers
.
UserSharedFoldersPerformerTest
.
class
,
com
.
openexchange
.
folderstorage
.
database
.
DatabaseFolderTest
.
class
,
com
.
openexchange
.
config
.
admin
.
internal
.
HideAdminServiceImplTest
.
class
,
AccessControlImplTest
.
class
AccessControlImplTest
.
class
,
com
.
openexchange
.
i18n
.
tools
.
replacement
.
AuthorizationTest
.
class
,
})
public
class
UnitTests
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment