1423f7d5003af35b06436d9c70130853ab9e7df8 angie Thu Jun 9 11:35:48 2016 -0700 Revert "In order to support userNames with leading/trailing spaces, CGI-encode the userName store in the cookie, and CGI-decode before comparing it to gbMembers.userName. refs #17396 note-15, note-17" This reverts commit 5c93dde5814fddc96330bbdea7aa3f9ff374aedf. diff --git src/hg/lib/wikiLink.c src/hg/lib/wikiLink.c index d22d2d4..c05e473 100644 --- src/hg/lib/wikiLink.c +++ src/hg/lib/wikiLink.c @@ -225,31 +225,31 @@ if (isNotEmpty(value)) // Set the cookie to value safef(cookieString, sizeof(cookieString), "%s=%s;%s path=/; expires="NO_EXPIRE_COOKIE_DATE, name, value, domain); else // Invalidate the cookie safef(cookieString, sizeof(cookieString), "%s=;%s path=/; expires="EXPIRED_COOKIE_DATE, name, domain); return slNameNew(cookieString); } static struct slName *loginUserNameCookieString(char *userName) /* Return a cookie string that sets userName cookie to userName if non-empty and * deletes/invalidates the cookie if empty/NULL. */ { -return newCookieString(loginUserNameCookie(), cgiEncodeFull(userName)); +return newCookieString(loginUserNameCookie(), userName); } static struct slName *loginIdKeyCookieString(uint idx, char *key) /* Return a cookie string that sets ID cookie to idKey if idKey is non-empty and * deletes/invalidates the cookie if empty/NULL. */ { char newVal[1024]; if (isNotEmpty(key)) safef(newVal, sizeof(newVal), "%u_%s", idx, key); else safef(newVal, sizeof(newVal), "%u", idx); return newCookieString(loginIdKeyCookie(), idx ? newVal : NULL); } static char *makeNewKey() @@ -336,71 +336,58 @@ static void remoteHostBypass() /* If a remote host was used for login, redirecting back to this server, then this server's * central database does not have the correct login token -- so we can't validate cookies. * Fall back on the old method of just accepting whatever cookies we get. Unfortunately * we'll have to take a guess at what those cookies are, although hg.conf can override. */ { char *wikiHost = cfgOption(CFG_WIKI_HOST); if (isEmpty(wikiHost) || sameString(wikiHost, "HTTPHOST") || sameString(wikiHost, hHttpHost())) return; alreadyAuthenticated = TRUE; cookieStrings = NULL; char *cookiePrefix = getRemoteCookiePrefix(wikiHost); char *userName = getRemoteCookieVal(CFG_LOGIN_USER_NAME_COOKIE, cookiePrefix, "hgLoginUserName"); char *idKey = getRemoteCookieVal(CFG_LOGIN_IDKEY_COOKIE, cookiePrefix, "hgLoginToken"); authenticated = (isNotEmpty(userName) && isNotEmpty(idKey)); -if (isNotEmpty(userName)) - { - remoteUserName = cloneString(userName); - cgiDecodeFull(remoteUserName, remoteUserName, strlen(remoteUserName)); - } +remoteUserName = userName; // BEGIN TODO: remove in July 2016 if (! authenticated && wikiLinkEnabled()) { // Accept old wiki cookies for now char *wikiUserName = findCookieData(wikiLinkUserNameCookie()); char *wikiLoggedIn = findCookieData(wikiLinkLoggedInCookie()); if (isNotEmpty(wikiLoggedIn) && isNotEmpty(wikiUserName)) { authenticated = TRUE; remoteUserName = wikiUserName; } } // END TODO: remove in July 2016 } -static char *getLoginUserName() -/* Get the (CGI-decoded) value of the login userName cookie. */ -{ -char *userName = cloneString(findCookieData(loginUserNameCookie())); -if (isNotEmpty(userName)) - cgiDecodeFull(userName, userName, strlen(userName)); -return userName; -} - struct slName *loginValidateCookies() /* Return possibly empty list of cookie strings for the caller to set. * If login cookies are obsolete but (formerly) valid, the results sets updated cookies. * If login cookies are present but invalid, the result deletes/expires the cookies. * Otherwise returns NULL (no change to cookies). */ { remoteHostBypass(); if (alreadyAuthenticated) return cookieStrings; alreadyAuthenticated = TRUE; authenticated = FALSE; -char *userName = getLoginUserName(); +char *userName = findCookieData(loginUserNameCookie()); // BEGIN TODO: remove in July 2016 // If we're using values from old wiki cookies, replace the cookies. boolean replaceOldCookies = FALSE; if (isEmpty(userName) && wikiLinkEnabled()) { userName = findCookieData(wikiLinkUserNameCookie()); if (isNotEmpty(userName)) replaceOldCookies = TRUE; } boolean deleteCookies = FALSE; // END TODO: remove in July 2016 char *cookieKey = NULL; uint cookieIdx = getCookieIdKey(&cookieKey, &replaceOldCookies); @@ -468,31 +455,31 @@ { char *wikiHost = cfgOption(CFG_WIKI_HOST); if (isEmpty(wikiHost) || sameString(wikiHost, "HTTPHOST")) wikiHost = hHttpHost(); return cloneString(wikiHost); } char *wikiLinkUserName() /* Return the user name specified in cookies from the browser, or NULL if * the user doesn't appear to be logged in. */ { if (loginSystemEnabled()) { if (! alreadyAuthenticated) errAbort("wikiLinkUserName: loginValidateCookies must be called first."); - char *userName = getLoginUserName(); + char *userName = findCookieData(loginUserNameCookie()); if (isEmpty(userName) && wikiLinkEnabled()) // TODO: remove in July 2016 userName = findCookieData(wikiLinkUserNameCookie()); // TODO: remove in July 2016 if (isEmpty(userName) && isNotEmpty(remoteUserName)) userName = remoteUserName; if (authenticated) return cloneString(userName); } else if (wikiLinkEnabled()) { char *wikiUserName = findCookieData(wikiLinkUserNameCookie()); char *wikiLoggedIn = findCookieData(wikiLinkLoggedInCookie()); if (isNotEmpty(wikiLoggedIn) && isNotEmpty(wikiUserName)) return cloneString(wikiUserName); } else