svn commit: r1750060 - in /sling/trunk/bundles/auth/core/src: main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java

Fri, 24 Jun 2016 02:44:06 -0700 

Author: asanso
Date: Fri Jun 24 09:43:21 2016
New Revision: 1750060

URL: http://svn.apache.org/viewvc?rev=1750060&view=rev
Log:
SLING-5625 - Unable to impersonate user with surrogate pair character

Modified:
    
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
    
sling/trunk/bundles/auth/core/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java

Modified: 
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: 
http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1750060&r1=1750059&r2=1750060&view=diff
==============================================================================
--- 
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
 (original)
+++ 
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
 Fri Jun 24 09:43:21 2016
@@ -19,6 +19,8 @@
 package org.apache.sling.auth.core.impl;
 
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Dictionary;
@@ -1216,6 +1218,11 @@ public class SlingAuthenticator implemen
                 "sendSudoCookie: Failed to quote value '{}' of cookie {}: {}",
                 new Object[] { user, this.sudoCookieName, iae.getMessage() });
             return;
+        } catch (UnsupportedEncodingException e) {
+            log.error(
+                    "sendSudoCookie: Failed to quote value '{}' of cookie {}: 
{}",
+                    new Object[] { user, this.sudoCookieName, e.getMessage() 
});
+                return;
         }
 
         if (quotedUser != null) {
@@ -1456,11 +1463,12 @@ public class SlingAuthenticator implemen
      *
      * @param value The cookie value to quote
      * @return The quoted cookie value
+     * @throws UnsupportedEncodingException 
      * @throws IllegalArgumentException If the cookie value is 
<code>null</code>
      *             or cannot be quoted, primarily because it contains a quote
      *             sign.
      */
-    static String quoteCookieValue(final String value) {
+    static String quoteCookieValue(final String value) throws 
UnsupportedEncodingException {
         // method is package private to enable unit testing
 
         if (value == null) {
@@ -1477,7 +1485,7 @@ public class SlingAuthenticator implemen
                 throw new IllegalArgumentException(
                     "Cookie value may not contain CTL character");
             } else {
-                builder.append(c);
+                builder.append(URLEncoder.encode(String.valueOf(c), "UTF-8"));
             }
         }
         builder.append('"');

Modified: 
sling/trunk/bundles/auth/core/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
URL: 
http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java?rev=1750060&r1=1750059&r2=1750060&view=diff
==============================================================================
--- 
sling/trunk/bundles/auth/core/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
 (original)
+++ 
sling/trunk/bundles/auth/core/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
 Fri Jun 24 09:43:21 2016
@@ -18,6 +18,8 @@
  */
 package org.apache.sling.auth.core.impl;
 
+import java.io.UnsupportedEncodingException;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.sling.auth.core.impl.SlingAuthenticator;
@@ -33,7 +35,7 @@ public class SlingAuthenticatorTest exte
 
     private final Mockery context = new JUnit4Mockery();
     
-    public void test_quoteCookieValue() {
+    public void test_quoteCookieValue() throws UnsupportedEncodingException {
 
         try {
             SlingAuthenticator.quoteCookieValue(null);
@@ -44,10 +46,12 @@ public class SlingAuthenticatorTest exte
 
         checkQuote("\"", "\"\\\"\"");
         checkQuote("simplevalue", "\"simplevalue\"");
-        checkQuote("simple value", "\"simple value\"");
-        checkQuote("[email protected]", "\"[email protected]\"");
+        checkQuote("simple value", "\"simple+value\"");
+        checkQuote("[email protected]", "\"email%40address.com\"");
+
+        checkQuote("string\ttab", "\"string%09tab\"");
+        checkQuote("test中文", "\"test%E4%B8%AD%E6%96%87\"");
 
-        checkQuote("string\ttab", "\"string\ttab\"");
 
         try {
             SlingAuthenticator.quoteCookieValue("string\rCR");
@@ -74,7 +78,7 @@ public class SlingAuthenticatorTest exte
         checkUnQuote("\"string\ttab\"", "string\ttab");
     }
 
-    private void checkQuote(final String value, final String expected) {
+    private void checkQuote(final String value, final String expected) throws 
UnsupportedEncodingException {
         final String actual = SlingAuthenticator.quoteCookieValue(value);
         assertEquals(expected, actual);
     }

Reply via email to