Merge pull request #2973 from Abyss777/fix_password_cookie

Wait cookie credentials in base64
author: Anton Tananaev <anton.tananaev@gmail.com> 2017-03-03 21:50:59 +1300
committer: GitHub <noreply@github.com> 2017-03-03 21:50:59 +1300
commit: 111c5ad0288dc4ff6d84039301010c4c11e40aa3 (patch)
tree: 97d9c8a3d2a3c180ae6dd35f36efef4186f698e2 /src
parent: 4aa952d70b186d77838682a3a906fae1a7b4157f (diff)
parent: 3995cfc37b2485e555043c9d15f23c8013752829 (diff)
download: trackermap-server-111c5ad0288dc4ff6d84039301010c4c11e40aa3.tar.gz
trackermap-server-111c5ad0288dc4ff6d84039301010c4c11e40aa3.tar.bz2
trackermap-server-111c5ad0288dc4ff6d84039301010c4c11e40aa3.zip
1 files changed, 12 insertions, 3 deletions
diff --git a/src/org/traccar/api/resource/SessionResource.java b/src/org/traccar/api/resource/SessionResource.java
index 5f1c597d1..acdbb7c87 100644
--- a/src/org/traccar/api/resource/SessionResource.java
+++ b/src/org/traccar/api/resource/SessionResource.java
@@ -33,6 +33,11 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import javax.xml.bind.DatatypeConverter;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
 import java.sql.SQLException;
 
 @Path("session")
@@ -49,7 +54,7 @@ public class SessionResource extends BaseResource {
 
     @PermitAll
     @GET
-    public User get(@QueryParam("token") String token) throws SQLException {
+    public User get(@QueryParam("token") String token) throws SQLException, UnsupportedEncodingException {
         Long userId = (Long) request.getSession().getAttribute(USER_ID_KEY);
         if (userId == null) {
             Cookie[] cookies = request.getCookies();
@@ -57,10 +62,14 @@ public class SessionResource extends BaseResource {
             if (cookies != null) {
                 for (int i = 0; i < cookies.length; i++) {
                     if (cookies[i].getName().equals(USER_COOKIE_KEY)) {
-                        email = cookies[i].getValue();
+                        byte[] emailBytes = DatatypeConverter.parseBase64Binary(
+                                URLDecoder.decode(cookies[i].getValue(), StandardCharsets.US_ASCII.name()));
+                        email = new String(emailBytes, StandardCharsets.UTF_8);
                     }
                     if (cookies[i].getName().equals(PASS_COOKIE_KEY)) {
-                        password = cookies[i].getValue();
+                        byte[] passwordBytes = DatatypeConverter.parseBase64Binary(
+                                URLDecoder.decode(cookies[i].getValue(), StandardCharsets.US_ASCII.name()));
+                        password = new String(passwordBytes, StandardCharsets.UTF_8);
                     }
                 }
             }
author	Anton Tananaev <anton.tananaev@gmail.com>	2017-03-03 21:50:59 +1300
committer	GitHub <noreply@github.com>	2017-03-03 21:50:59 +1300
commit	111c5ad0288dc4ff6d84039301010c4c11e40aa3 (patch)
tree	97d9c8a3d2a3c180ae6dd35f36efef4186f698e2 /src
parent	4aa952d70b186d77838682a3a906fae1a7b4157f (diff)
parent	3995cfc37b2485e555043c9d15f23c8013752829 (diff)
download	trackermap-server-111c5ad0288dc4ff6d84039301010c4c11e40aa3.tar.gz trackermap-server-111c5ad0288dc4ff6d84039301010c4c11e40aa3.tar.bz2 trackermap-server-111c5ad0288dc4ff6d84039301010c4c11e40aa3.zip