#103 Fixed bug when cookie encryption was enabled

mangooio-core/src/main/documentation/changelog.asciidoc

@@ -4,7 +4,8 @@
 
 [small]#Released at 21.12.2015#
 
-* https://github.com/svenkubiak/mangooio/issues/102[#102] Made Cache eviction configurable (MarkVink)
+* https://github.com/svenkubiak/mangooio/issues/103[#103] Fixed bug when cookie encryption was enabled (svenkubiak)
+* https://github.com/svenkubiak/mangooio/issues/102[#102] Made Cache eviction configurable (svenkubiak)
 * https://github.com/svenkubiak/mangooio/issues/101[#101] Fixed keys in archetype (MarkVink)
 * https://github.com/svenkubiak/mangooio/issues/97[#97] Fixed incorrect Form documentation (svenkubiak, MarkVink)
 * https://github.com/svenkubiak/mangooio/issues/94[#95] Added new @memory administrative URL (svenkubiak)

mangooio-core/src/main/java/io/mangoo/crypto/Crypto.java

@@ -68,7 +68,7 @@ public String decrypt(String encrytedText, String key) {
 
         this.cipherParameters = new ParametersWithIV(new KeyParameter(getSizedKey(key).getBytes(Charsets.UTF_8)), new byte[KEYLENGTH_16]);
         this.cipher.init(false, this.cipherParameters);
-
+        
         return new String(cipherData(Base64.decode(encrytedText)), Charsets.UTF_8);
     }
 

mangooio-core/src/main/java/io/mangoo/routing/handlers/RequestHandler.java

@@ -82,6 +82,7 @@ public class RequestHandler implements HttpHandler {
     private Form form;
     private Request request;
     private Map<String, String> requestParameter;
+    private Crypto crypto = Application.getInstance(Crypto.class);
     private boolean hasRequestFilter;
     private boolean async;
 
@@ -328,8 +329,7 @@ private void getSessionCookie(HttpServerExchange exchange) {
             String cookieValue = cookie.getValue();
             if (StringUtils.isNotBlank(cookieValue) && !("null").equals(cookieValue)) {
                 if (this.config.isSessionCookieEncrypt()) {
-                    final Crypto crypto = Application.getInstance(Crypto.class);
-                    cookieValue = crypto.decrypt(cookieValue);
+                    cookieValue = this.crypto.decrypt(cookieValue);
                 }
 
                 String sign = null;
@@ -395,8 +395,8 @@ private void setSessionCookie(HttpServerExchange exchange) {
                     .append(data);
 
             String value = buffer.toString();
-            if (this.config.isAuthenticationCookieEncrypt()) {
-                value = Application.getInstance(Crypto.class).encrypt(value);
+            if (this.config.isSessionCookieEncrypt()) {
+                value = this.crypto.encrypt(value);
             }
 
             final Cookie cookie = CookieBuilder.create()
@@ -423,7 +423,7 @@ private void getAuthenticationCookie(HttpServerExchange exchange) {
             String cookieValue = cookie.getValue();
             if (StringUtils.isNotBlank(cookieValue) && !("null").equals(cookieValue)) {
                 if (this.config.isAuthenticationCookieEncrypt()) {
-                    cookieValue = Application.getInstance(Crypto.class).decrypt(cookieValue);
+                    cookieValue = this.crypto.decrypt(cookieValue);
                 }
 
                 String sign = null;
@@ -491,7 +491,7 @@ private void setAuthenticationCookie(HttpServerExchange exchange) {
 
                 String value = buffer.toString();
                 if (this.config.isAuthenticationCookieEncrypt()) {
-                    value = Application.getInstance(Crypto.class).encrypt(value);
+                    value = this.crypto.encrypt(value);
                 }
 
                 cookie = CookieBuilder.create()

mangooio-integration-test/src/main/resources/application.yaml

@@ -22,6 +22,8 @@ default:
             cssfolder : /stylesheets
             gzipjs    : false
             gzipcss   : false
+    cookie:
+       encrypt : true
     auth:
         redirect  : /login
         cookie: