Commit b09f2ac0 authored by Mickaël Turnel's avatar Mickaël Turnel

Fix username with spaces handling

parent 0688fbdb
......@@ -204,10 +204,9 @@ void FileAuthDb::sync() {
}
// if user with space, replace %20 by space
string user_ref;
user_ref.resize(user.size());
url_unescape(&user_ref[0], user.c_str());
user_ref.resize(strlen(&user_ref[0]));
char *user_ref = new char[user.size() + 1];
memset(user_ref, '\0', user.size() + 1);
url_unescape(user_ref, user.c_str());
if (!ss.eof()) {
// TODO read userid with space
getline(ss, userid, ' ');
......@@ -222,7 +221,9 @@ void FileAuthDb::sync() {
}
cacheUserWithPhone(phone, domain, user);
parsePasswd(pass, user_ref, domain, passwords);
parsePasswd(pass, string(user_ref), domain, passwords);
delete[] user_ref;
if (find(domains.begin(), domains.end(), domain) != domains.end()) {
string key(createPasswordKey(user, userid));
......
......@@ -177,9 +177,12 @@ void SociAuthDB::getPasswordWithPool(const std::string &id, const std::string &d
// WARNING: it is necessary to create a temporary string here because use() function creates
// and returns an object that stores a reference on it. So, it must absolutely be destroyed
// at the end of this function.
string unescapedIdStr;
unescapedIdStr.resize(id.size());
url_unescape(&unescapedIdStr[0], id.c_str());
char *unescapedId = new char[id.size() + 1];
memset(unescapedId, '\0', id.size() + 1);
url_unescape(unescapedId, id.c_str());
string unescapedIdStr(unescapedId);
delete[] unescapedId;
*sql << get_password_request, into(passwords), into(algos), use(unescapedIdStr, "id"), use(domain, "domain"), use(authid, "authid");
......@@ -193,7 +196,7 @@ void SociAuthDB::getPasswordWithPool(const std::string &id, const std::string &d
if (hashed_passwd) {
pass.pass = passwords[i];
} else {
string input = id + ":" + domain + ":" + passwords[i];
string input = unescapedIdStr + ":" + domain + ":" + passwords[i];
pass.pass = syncMd5(input.c_str(), 16);
}
} else if (algos[i] == "CLRTXT") {
......@@ -203,7 +206,7 @@ void SociAuthDB::getPasswordWithPool(const std::string &id, const std::string &d
passwd.push_back(pass);
string input;
input = id + ":" + domain + ":" + pass.pass;
input = unescapedIdStr + ":" + domain + ":" + passwords[i];
pass.pass = syncMd5(input.c_str(), 16);
pass.algo = "MD5";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment