From 319fb64c9a4f76d249483207947b0881962340e7 Mon Sep 17 00:00:00 2001 From: Misaka 0x4e21 Date: Sun, 31 Mar 2024 10:48:12 +0800 Subject: [PATCH] FIX: Allow unicode in username and groups. --- main.go | 5 +++++ main_test.go | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/main.go b/main.go index 0680027..d53c84e 100644 --- a/main.go +++ b/main.go @@ -238,6 +238,7 @@ func redirectIfNoCookie(handler http.Handler, r *http.Request, w http.ResponseWr expiration := time.Now().Add(reauthorizeInterval) cookieData := strings.Join([]string{username, strings.Join(groups, "|"), user_id}, ",") + cookieData = url.QueryEscape(cookieData) http.SetCookie(w, &http.Cookie{ Name: cookieName, Value: signCookie(cookieData, config.CookieSecret), @@ -298,6 +299,10 @@ func parseCookie(data, secret string) (username string, groups string, user_id s err = fmt.Errorf("Expecting signature to match") return } else { + parsed, err = url.QueryUnescape(parsed) + if err != nil { + return + } splitted := strings.Split(parsed, ",") username = splitted[0] groups = splitted[1] diff --git a/main_test.go b/main_test.go index 4e90122..31a01c5 100644 --- a/main_test.go +++ b/main_test.go @@ -214,6 +214,16 @@ func TestValidPayloadWithoutUserID(t *testing.T) { assert.Equal(t, user_id, "") } +func TestValidPayloadWithUnicode(t *testing.T) { + signed := signCookie("用户名,群组,2", "secretfoo") + username, group, user_id, parseError := parseCookie(signed, "secretfoo") + + assert.NoError(t, parseError) + assert.Equal(t, username, "用户名") + assert.Equal(t, group, "群组") + assert.Equal(t, user_id, "2") +} + func TestNotWhitelistedPath(t *testing.T) { c := NewTestConfig() c.Whitelist = ""