[SHIRO-887] Do not trim passwords in FormAuthenticationFilter #369
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
这是自动回复邮件。你好,您的邮件已经发送到我的邮箱,我看过后会尽快给您回复。
|
|
Kindly re-target against 1.9.x instead. I cannot just change the branch here. Rationale: detect signature change of public methods. |
bmarwell
approved these changes
Jul 25, 2022
please write in english |
sebastianfrey
force-pushed
the
SHIRO-887-do-not-trim-password-strings
branch
from
8d93744
to
94461b3
Compare
sebastianfrey
commented
Jul 30, 2022
sebastianfrey
force-pushed
the
SHIRO-887-do-not-trim-password-strings
branch
from
94461b3
to
e47feeb
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes SHIRO-887.
This PR fixes an issue where passwords which start and/or end with spaces are trimmed by the FormAuthenticationFilter, which prevents login for users with such passwords.
Note: I am a first time contributor, so I have no CLA signed yet. In order to fulfill the contribution guidelines, I have sent the signed CLA to the Apache Software Foundations secretary office.
Update 2022/07/30: CLA is acknowledge.
Following this checklist to help us incorporate your contribution quickly and easily:
for the change (usually before you start working on it). Trivial changes like typos do not
require a JIRA issue. Your pull request should address just this issue, without pulling in other changes.
[SHIRO-XXX] - Fixes bug in SessionManager,where you replace
SHIRO-XXXwith the appropriate JIRA issue. Best practiceis to use the JIRA issue title in the pull request title and in the first line of the commit message.
mvn clean install apache-rat:checkto make sure basic checks pass. A more thorough check will be performed on your pull request automatically.git rebase -i.Trivial changes like typos do not require a JIRA issue (javadoc, comments...).
In this case, just format the pull request title like
(DOC) - Add javadoc in SessionManager.If this is your first contribution, you have to read the Contribution Guidelines
If your pull request is about ~20 lines of code you don't need to sign an Individual Contributor License Agreement
if you are unsure please ask on the developers list.
To make clear that you license your contribution under the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.