Skip to content

Commit

Permalink
Support auth cookies with : characters
Browse files Browse the repository at this point in the history 
The parts of a couchdb authentication cookie are separated by
colons. One of these parts can contain colons and, more rarely, runs
of colons. The string:tokens function silently drops any empty token,
thus giving a spurious failure for valid input. The fix changes this
mechanism to one that losslessly decodes this part.

COUCHDB-1607
  • Loading branch information
@rnewson
rnewson committed Nov 18, 2012
1 parent 2774531 commit d9566c8
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/couchdb/couch_httpd_auth.erl
View file
Expand Up @@ -160,7 +160,7 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
Cookie -> Cookie ->
[User, TimeStr | HashParts] = try [User, TimeStr | HashParts] = try
AuthSession = couch_util:decodeBase64Url(Cookie), AuthSession = couch_util:decodeBase64Url(Cookie),
[_A, _B | _Cs] = string:tokens(?b2l(AuthSession), ":") [_A, _B | _Cs] = re:split(?b2l(AuthSession), ":", [{return, list}])
catch catch
_:_Error -> _:_Error ->
Reason = <<"Malformed AuthSession cookie. Please clear your cookies.">>, Reason = <<"Malformed AuthSession cookie. Please clear your cookies.">>,
Expand Down

0 comments on commit d9566c8

Please sign in to comment.