Project

General

Profile

Bug #5646

oauthservicee::decodeState fails due to more than one '|' symbol in the string representation of base64decoded state

Added by Alex Ignatov over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
04/06/2017
Due date:
% Done:

0%

Estimated time:

Description

In the OAuthService::decodeState method after the state is decoded with Wt::Utils::base64Decode its string representation may occasionally contain more than 1 '|' symbol before the actual url. So when std::string::find is used to find the beginning of the url it fails and includes symbols preceding to the url which in turn leads to failure in the authorization process. One could use std::find_last_of('|') but I'm not sure if url itself maybe can contain this symbol.

#1

Updated by Michiel Derhaeg over 4 years ago

  • Status changed from New to Implemented @Emweb

The url could technically contain a '|', so I'll just look for "|http" instead.

#2

Updated by Michiel Derhaeg over 4 years ago

We used a better fix: we base64 encode the hash first, no '|' can randomly occur then.

#3

Updated by Roel Standaert over 4 years ago

  • Status changed from Implemented @Emweb to Resolved
#4

Updated by Roel Standaert over 4 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF