From 6ff065cd277406e9cd5b25cd2d37dfd9cbf7c5b7 Mon Sep 17 00:00:00 2001 From: Davide Negretti Date: Mon, 25 Oct 2021 18:34:28 +0200 Subject: [PATCH 1/2] [CST-4767] Password are not properly url encoded at login --- src/app/core/auth/auth.service.ts | 4 ++-- src/app/shared/utils/encode-decode.util.spec.ts | 8 ++++---- src/app/shared/utils/encode-decode.util.ts | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/app/core/auth/auth.service.ts b/src/app/core/auth/auth.service.ts index 09848d90449..8d58ae10db5 100644 --- a/src/app/core/auth/auth.service.ts +++ b/src/app/core/auth/auth.service.ts @@ -42,7 +42,7 @@ import { UnsetUserAsIdleAction } from './auth.actions'; import { NativeWindowRef, NativeWindowService } from '../services/window.service'; -import { Base64EncodeUrl } from '../../shared/utils/encode-decode.util'; +import { loginEncodeUrl } from '../../shared/utils/encode-decode.util'; import { RouteService } from '../services/route.service'; import { EPersonDataService } from '../eperson/eperson-data.service'; import { getAllSucceededRemoteDataPayload } from '../shared/operators'; @@ -103,7 +103,7 @@ export class AuthService { */ public authenticate(user: string, password: string): Observable { // Attempt authenticating the user using the supplied credentials. - const body = (`password=${Base64EncodeUrl(password)}&user=${Base64EncodeUrl(user)}`); + const body = (`password=${loginEncodeUrl(password)}&user=${loginEncodeUrl(user)}`); const options: HttpOptions = Object.create({}); let headers = new HttpHeaders(); headers = headers.append('Content-Type', 'application/x-www-form-urlencoded'); diff --git a/src/app/shared/utils/encode-decode.util.spec.ts b/src/app/shared/utils/encode-decode.util.spec.ts index c3039c482e2..ad0d379754e 100644 --- a/src/app/shared/utils/encode-decode.util.spec.ts +++ b/src/app/shared/utils/encode-decode.util.spec.ts @@ -1,10 +1,10 @@ -import { Base64EncodeUrl } from './encode-decode.util'; +import { loginEncodeUrl } from './encode-decode.util'; describe('Encode/Decode Utils', () => { - const strng = '+string+/=t-'; - const encodedStrng = '%2Bstring%2B%2F%3Dt-'; + const strng = '+string+/=t-%'; + const encodedStrng = '%2Bstring%2B%2F%3Dt-%25'; it('should return encoded string', () => { - expect(Base64EncodeUrl(strng)).toBe(encodedStrng); + expect(loginEncodeUrl(strng)).toBe(encodedStrng); }); }); diff --git a/src/app/shared/utils/encode-decode.util.ts b/src/app/shared/utils/encode-decode.util.ts index e21034b7bde..b6802aaf7e2 100644 --- a/src/app/shared/utils/encode-decode.util.ts +++ b/src/app/shared/utils/encode-decode.util.ts @@ -5,6 +5,6 @@ * @param {String} str the encoded string * @returns {String} the URL friendly encoded String */ -export function Base64EncodeUrl(str): string { - return str.replace(/\+/g, '%2B').replace(/\//g, '%2F').replace(/\=/g, '%3D'); +export function loginEncodeUrl(str): string { + return encodeURIComponent(str); } From 035a7826badc30a5194af16a7d8eea2c81fb59d4 Mon Sep 17 00:00:00 2001 From: Davide Negretti Date: Tue, 26 Oct 2021 11:11:21 +0200 Subject: [PATCH 2/2] [CST-4767] encode-decode.util.ts removed --- src/app/core/auth/auth.service.ts | 3 +-- src/app/shared/utils/encode-decode.util.spec.ts | 10 ---------- src/app/shared/utils/encode-decode.util.ts | 10 ---------- 3 files changed, 1 insertion(+), 22 deletions(-) delete mode 100644 src/app/shared/utils/encode-decode.util.spec.ts delete mode 100644 src/app/shared/utils/encode-decode.util.ts diff --git a/src/app/core/auth/auth.service.ts b/src/app/core/auth/auth.service.ts index 8d58ae10db5..5738948ebd3 100644 --- a/src/app/core/auth/auth.service.ts +++ b/src/app/core/auth/auth.service.ts @@ -42,7 +42,6 @@ import { UnsetUserAsIdleAction } from './auth.actions'; import { NativeWindowRef, NativeWindowService } from '../services/window.service'; -import { loginEncodeUrl } from '../../shared/utils/encode-decode.util'; import { RouteService } from '../services/route.service'; import { EPersonDataService } from '../eperson/eperson-data.service'; import { getAllSucceededRemoteDataPayload } from '../shared/operators'; @@ -103,7 +102,7 @@ export class AuthService { */ public authenticate(user: string, password: string): Observable { // Attempt authenticating the user using the supplied credentials. - const body = (`password=${loginEncodeUrl(password)}&user=${loginEncodeUrl(user)}`); + const body = (`password=${encodeURIComponent(password)}&user=${encodeURIComponent(user)}`); const options: HttpOptions = Object.create({}); let headers = new HttpHeaders(); headers = headers.append('Content-Type', 'application/x-www-form-urlencoded'); diff --git a/src/app/shared/utils/encode-decode.util.spec.ts b/src/app/shared/utils/encode-decode.util.spec.ts deleted file mode 100644 index ad0d379754e..00000000000 --- a/src/app/shared/utils/encode-decode.util.spec.ts +++ /dev/null @@ -1,10 +0,0 @@ -import { loginEncodeUrl } from './encode-decode.util'; - -describe('Encode/Decode Utils', () => { - const strng = '+string+/=t-%'; - const encodedStrng = '%2Bstring%2B%2F%3Dt-%25'; - - it('should return encoded string', () => { - expect(loginEncodeUrl(strng)).toBe(encodedStrng); - }); -}); diff --git a/src/app/shared/utils/encode-decode.util.ts b/src/app/shared/utils/encode-decode.util.ts deleted file mode 100644 index b6802aaf7e2..00000000000 --- a/src/app/shared/utils/encode-decode.util.ts +++ /dev/null @@ -1,10 +0,0 @@ -/** - * use this to make a Base64 encoded string URL friendly, - * i.e. '+' and '/' are replaced with special percent-encoded hexadecimal sequences - * - * @param {String} str the encoded string - * @returns {String} the URL friendly encoded String - */ -export function loginEncodeUrl(str): string { - return encodeURIComponent(str); -}