This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.2 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit 93fe53e6b64f918ca61369dae3b2823cd920e3d7 Author: Felix Meschberger <[email protected]> AuthorDate: Fri Sep 10 08:04:24 2010 +0000 SLING-1744 Split the authentication data into exactly three fields leaving any excess field separators in the user name field thus supporting user names with @ signs such as email addresses. git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@995694 13f79535-47bb-0310-9956-ffa450edef68 --- .../auth/form/impl/FormAuthenticationHandler.java | 7 +++---- .../apache/sling/auth/form/impl/TokenStore.java | 22 ++++++++++++++++++++-- .../form/impl/FormAuthenticationHandlerTest.java | 2 +- 3 files changed, 24 insertions(+), 7 deletions(-) diff --git a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java index 57b7ce3..7835e0a 100644 --- a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java +++ b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java @@ -35,7 +35,6 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.codec.binary.Base64; -import org.apache.commons.lang.StringUtils; import org.apache.felix.scr.annotations.Component; import org.apache.felix.scr.annotations.Properties; import org.apache.felix.scr.annotations.Property; @@ -844,8 +843,8 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { */ String getUserId(final String authData) { if (authData != null) { - String[] parts = StringUtils.split(authData, "@"); - if (parts != null && parts.length == 3) { + String[] parts = TokenStore.split(authData); + if (parts != null) { return parts[2]; } } @@ -864,7 +863,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { if (authData == null) { updateCookie = true; } else { - String[] parts = StringUtils.split(authData, "@"); + String[] parts = TokenStore.split(authData); if (parts != null && parts.length == 3) { long cookieTime = Long.parseLong(parts[1].substring(1)); if (System.currentTimeMillis() + (sessionTimeout / 2) > cookieTime) { diff --git a/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java b/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java index e06ff82..ed9b0ac 100644 --- a/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java +++ b/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java @@ -178,6 +178,24 @@ class TokenStore { } /** + * Splits the authentication data into the three parts packed together while + * encoding the cookie. + * + * @param authData The authentication data to split in three parts + * @return A string array with three elements being the three parts of the + * cookie value or <code>null</code> if the input is + * <code>null</code> or if the string does not contain (at least) + * three '@' separated parts. + */ + static String[] split(final String authData) { + String[] parts = StringUtils.split(authData, "@", 3); + if (parts != null && parts.length == 3) { + return parts; + } + return null; + } + + /** * Returns <code>true</code> if the <code>value</code> is a valid secure * token as follows: * <ul> @@ -192,8 +210,8 @@ class TokenStore { * Otherwise the method returns <code>false</code>. */ boolean isValid(String value) { - String[] parts = StringUtils.split(value, "@"); - if (parts != null && parts.length == 3) { + String[] parts = split(value); + if (parts != null) { // single digit token number int tokenNumber = parts[1].charAt(0) - '0'; diff --git a/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java b/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java index 20f5054..589bf30 100644 --- a/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java +++ b/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java @@ -92,7 +92,7 @@ public class FormAuthenticationHandlerTest extends TestCase { assertEquals(null, handler.getUserId("field0")); assertEquals(null, handler.getUserId("field0@field1")); assertEquals("field3", handler.getUserId("field0@field1@field3")); - assertEquals(null, handler.getUserId("field0@field1@field3@field4")); + assertEquals("field3@field4", handler.getUserId("field0@field1@field3@field4")); } /** -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
