New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Normalize usernames before checking rights #18

Closed
GoogleCodeExporter opened this Issue Mar 21, 2015 · 4 comments

Comments

Projects
None yet
1 participant
@GoogleCodeExporter

GoogleCodeExporter commented Mar 21, 2015

https://en.wikipedia.org/w/index.php?title=User_talk:MER-C/Wiki.java&diff=prev&o
ldid=511377253

===========BEGIN QUOTE============

Hi, im developing [[commons:Commons:VicuñaUploader|Commons:VicuñaUploader]] 
and I found bug related with cookies. If someone will log in not using 
uppercase in first letter (eg. "myaccount"), method 
<code>user.getUsername()</code> will return "myaccount", but cookies contatins 
"Myaccount" received from server. As a result CredentialExpiredException will 
be returned, but it should't. The same situation with spaces and underscores: 
server will return plus instead.

Fix below:
<pre>
    protected boolean checkRights(int level, boolean move) throws IOException, CredentialException
    {
        // check if we are logged out
        String s = user.getUsername();
        s = s.substring(0,1).toUpperCase() + s.substring(1); //first to upper
        s = s.replace(" ", "+").replace("_", "+");           //spc to plus

        if (!cookies.containsValue(s))
        {
            logger.log(Level.SEVERE, "Cookies have expired");
            logout();
            throw new CredentialExpiredException("Cookies have expired.");
        }
//(...)
</pre>
Cheers, [[user:Yarl|Yarl]] [[user talk:Yarl|✉]] 14:00, 8 September 2012 (UTC)

============END QUOTE============

Original issue reported on code.google.com by stop.squark on 10 Sep 2012 at 3:35

@GoogleCodeExporter

This comment has been minimized.

GoogleCodeExporter commented Mar 21, 2015

This issue was closed by revision r89.

Original comment by stop.squark on 17 Sep 2012 at 8:24

  • Changed state: Fixed
@GoogleCodeExporter

This comment has been minimized.

GoogleCodeExporter commented Mar 21, 2015

There is more: user name is encoded, so non-latin alphabets are unsupported now.

Fix for version 97, line 6398:

String username = URLEncoder.encode(user.getUsername(), "UTF-8").replace('_', 
'+');

Original comment by carebone on 4 Oct 2012 at 4:39

@GoogleCodeExporter

This comment has been minimized.

GoogleCodeExporter commented Mar 21, 2015

[deleted comment]
@GoogleCodeExporter

This comment has been minimized.

GoogleCodeExporter commented Mar 21, 2015

This issue was closed by revision r98.

Original comment by stop.squark on 8 Oct 2012 at 12:15

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment