Actions
Bug #5646
closedoauthservicee::decodeState fails due to more than one '|' symbol in the string representation of base64decoded state
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
04/06/2017
Due date:
% Done:
0%
Estimated time:
Description
In the OAuthService::decodeState method after the state is decoded with Wt::Utils::base64Decode its string representation may occasionally contain more than 1 '|' symbol before the actual url. So when std::string::find is used to find the beginning of the url it fails and includes symbols preceding to the url which in turn leads to failure in the authorization process. One could use std::find_last_of('|') but I'm not sure if url itself maybe can contain this symbol.
Updated by Michiel Derhaeg about 7 years ago
- Status changed from New to Implemented @Emweb
The url could technically contain a '|', so I'll just look for "|http" instead.
Updated by Michiel Derhaeg about 7 years ago
We used a better fix: we base64 encode the hash first, no '|' can randomly occur then.
Updated by Roel Standaert about 7 years ago
- Status changed from Implemented @Emweb to Resolved
Updated by Roel Standaert over 6 years ago
- Status changed from Resolved to Closed
Actions