-
guqing pushed to chore/content-service in guqing/halo
-
guqing created branch chore/post-service in guqing/halo
guqing/halo
✍ 一款优秀的开源博客发布应用。
-
guqing opened pull request #5977 in halo-dev/halo
-
guqing created branch chore/content-service in guqing/halo
guqing/halo
✍ 一款优秀的开源博客发布应用。
-
guqing created branch chore/post-service in guqing/halo
guqing/halo
✍ 一款优秀的开源博客发布应用。
-
guqing commented on issue #5929 in halo-dev/halo
-
guqing pushed to feature/remember-me in guqing/halo
-
guqing commented on pull request #5929 in halo-dev/halo
-
guqing commented on issue #15127 in spring-projects/spring-security
-
guqing closed issue #15127 in spring-projects/spring-security
Describe the bug
ThedecodeCookie
method in AbstractRememberMeServices attempts to pad the cookie value for Base64 decoding. However, the current implementation may not correctly calculate the padding needed to ensure the string length is a multiple of 4, which is a requirement for Base64 decoding.Current Implementation
for (int j = 0; j < cookieValue.length() % 4; j++) { cookieValue = cookieValue + "="; }
To Reproduce
Steps to reproduce the behavior.- Pass a cookie value whose length modulo 4 is not 0 to the
decodeCookie
method without the correct padding. - Observe the IllegalArgumentException due to invalid Base64 string format.
Expected behavior
The method should add padding characters so that the length ofcookieValue
becomes a multiple of 4 to adhere to Base64 decoding requirements. The padding should be calculated as4 - (cookieValue.length() % 4)
and should only add padding if the result is less than 4.Impact
Without this fix, the decodeCookie method may throw IllegalArgumentException when attempting to decode improperly padded Base64 strings, leading to unhandled exceptions and potential disruptions in the remember-me authentication flow.Sample
The 123 bit base64 encoding hereYWRtaW46MTcxODk2NDE3NDgwODpTSEEtMjU2OmNkOTM0ZTAyZWQ4NGJmMzc1ZTA4MmE1OWU4YTA3NTNiMzA3ODg1MjZmYzA3YjgyYzVmY2Y3YmJiYzdjYzRkNWU
will become the following code after passing through that section of code:
YWRtaW46MTcxODk2NDE3NDgwODpTSEEtMjU2OmNkOTM0ZTAyZWQ4NGJmMzc1ZTA4MmE1OWU4YTA3NTNiMzA3ODg1MjZmYzA3YjgyYzVmY2Y3YmJiYzdjYzRkNWU===
but the expected result should be
YWRtaW46MTcxODk2NDE3NDgwODpTSEEtMjU2OmNkOTM0ZTAyZWQ4NGJmMzc1ZTA4MmE1OWU4YTA3NTNiMzA3ODg1MjZmYzA3YjgyYzVmY2Y3YmJiYzdjYzRkNWU=
If it is confirmed that this is a problem, I am willing to try to solve it
- Pass a cookie value whose length modulo 4 is not 0 to the