Skip to content

Commit

Permalink
CASC-228 URL Encode Paramaters Passed to Server via Validate
Browse files Browse the repository at this point in the history 
Problem: We currently don't pass encoded values to the server, possibly resolving in parsing/extraction errors.
Solution: URL Encode all values instead of just the service url.

QA Notes: Added unit test.
  • Loading branch information
@battags
battags committed Jun 24, 2014
1 parent fd962da commit ae37092
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 5 deletions.
5 changes: 3 additions & 2 deletions ...t-core/src/main/java/org/jasig/cas/client/validation/AbstractUrlBasedTicketValidator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ protected final String constructValidationUrl(final String ticket, final String

logger.debug("Placing URL parameters in map.");
urlParameters.put("ticket", ticket);
urlParameters.put("service", encodeUrl(serviceUrl));
urlParameters.put("service", serviceUrl);

if (this.renew) {
urlParameters.put("renew", "true");
Expand Down Expand Up @@ -144,7 +144,8 @@ protected final String constructValidationUrl(final String ticket, final String
buffer.append(i++ == 0 ? "?" : "&");
buffer.append(key);
buffer.append("=");
buffer.append(value);
final String encodedValue = encodeUrl(value);
buffer.append(encodedValue);
}
}

Expand Down
2 changes: 1 addition & 1 deletion ...lient-core/src/main/java/org/jasig/cas/client/validation/Cas20ServiceTicketValidator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ public Cas20ServiceTicketValidator(final String casServerUrlPrefix) {
* @param urlParameters the Map containing the existing parameters to send to the server.
*/
protected final void populateUrlAttributeMap(final Map<String, String> urlParameters) {
urlParameters.put("pgtUrl", encodeUrl(this.proxyCallbackUrl));
urlParameters.put("pgtUrl", this.proxyCallbackUrl);
}

protected String getUrlSuffix() {
Expand Down
14 changes: 12 additions & 2 deletions cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidatorTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,7 @@
*/
package org.jasig.cas.client.validation;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
import static org.junit.Assert.*;
import java.io.UnsupportedEncodingException;
import org.jasig.cas.client.PublicTestHttpServer;
import org.junit.Before;
Expand Down Expand Up @@ -80,4 +79,15 @@ public void testBadResponse() throws UnsupportedEncodingException {
// expected
}
}

@Test
public void urlEncodedValues() {
final String ticket = "ST-1-owKEOtYJjg77iHcCQpkl-cas01.example.org%26%73%65%72%76%69%63%65%3d%68%74%74%70%25%33%41%25%32%46%25%32%46%31%32%37%2e%30%2e%30%2e%31%25%32%46%62%6f%72%69%6e%67%25%32%46%23";
final String service = "foobar";
final String url = this.ticketValidator.constructValidationUrl(ticket, service);

final String encodedValue = this.ticketValidator.encodeUrl(ticket);
assertTrue(url.contains(encodedValue));
assertFalse(url.contains(ticket));
}
}

0 comments on commit ae37092

Please sign in to comment.