diff options
author | Anton Tananaev <anton.tananaev@gmail.com> | 2017-03-03 21:50:59 +1300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-03-03 21:50:59 +1300 |
commit | 111c5ad0288dc4ff6d84039301010c4c11e40aa3 (patch) | |
tree | 97d9c8a3d2a3c180ae6dd35f36efef4186f698e2 /src/org/traccar | |
parent | 4aa952d70b186d77838682a3a906fae1a7b4157f (diff) | |
parent | 3995cfc37b2485e555043c9d15f23c8013752829 (diff) | |
download | trackermap-server-111c5ad0288dc4ff6d84039301010c4c11e40aa3.tar.gz trackermap-server-111c5ad0288dc4ff6d84039301010c4c11e40aa3.tar.bz2 trackermap-server-111c5ad0288dc4ff6d84039301010c4c11e40aa3.zip |
Merge pull request #2973 from Abyss777/fix_password_cookie
Wait cookie credentials in base64
Diffstat (limited to 'src/org/traccar')
-rw-r--r-- | src/org/traccar/api/resource/SessionResource.java | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/org/traccar/api/resource/SessionResource.java b/src/org/traccar/api/resource/SessionResource.java index 5f1c597d1..acdbb7c87 100644 --- a/src/org/traccar/api/resource/SessionResource.java +++ b/src/org/traccar/api/resource/SessionResource.java @@ -33,6 +33,11 @@ import javax.ws.rs.QueryParam; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; +import javax.xml.bind.DatatypeConverter; + +import java.io.UnsupportedEncodingException; +import java.net.URLDecoder; +import java.nio.charset.StandardCharsets; import java.sql.SQLException; @Path("session") @@ -49,7 +54,7 @@ public class SessionResource extends BaseResource { @PermitAll @GET - public User get(@QueryParam("token") String token) throws SQLException { + public User get(@QueryParam("token") String token) throws SQLException, UnsupportedEncodingException { Long userId = (Long) request.getSession().getAttribute(USER_ID_KEY); if (userId == null) { Cookie[] cookies = request.getCookies(); @@ -57,10 +62,14 @@ public class SessionResource extends BaseResource { if (cookies != null) { for (int i = 0; i < cookies.length; i++) { if (cookies[i].getName().equals(USER_COOKIE_KEY)) { - email = cookies[i].getValue(); + byte[] emailBytes = DatatypeConverter.parseBase64Binary( + URLDecoder.decode(cookies[i].getValue(), StandardCharsets.US_ASCII.name())); + email = new String(emailBytes, StandardCharsets.UTF_8); } if (cookies[i].getName().equals(PASS_COOKIE_KEY)) { - password = cookies[i].getValue(); + byte[] passwordBytes = DatatypeConverter.parseBase64Binary( + URLDecoder.decode(cookies[i].getValue(), StandardCharsets.US_ASCII.name())); + password = new String(passwordBytes, StandardCharsets.UTF_8); } } } |