This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit 1a4413c5912b55ac9306dc97e3e0dc1b5ea0dfc7 Author: Robert Munteanu <[email protected]> AuthorDate: Fri May 8 14:29:18 2020 +0200 SLING-9433 - Do not log stack trace in case of cookies with no match in the token store --- src/main/java/org/apache/sling/auth/form/impl/TokenStore.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java b/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java index b97ac15..8ff67fd 100644 --- a/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java +++ b/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java @@ -222,6 +222,10 @@ class TokenStore { try { SecretKey secretKey = currentTokens[tokenNumber]; + if ( secretKey == null ) { + log.error("AuthNCookie value '{}' points to an unknown token number", value); + return false; + } String hmac = encode(cookieTime, parts[2], tokenNumber, secretKey); return value.equals(hmac);
