fix(SessionIdManager): take a correct algorithm when decoding a token

winixd/Makefile.dep

@@ -1749,6 +1749,7 @@
 ./core/sessionidmanager.o: ../../pikotools/src/utf8/utf8_stream.h
 ./core/sessionidmanager.o: ../../pikotools/src/convert/misc.h
 ./core/sessionidmanager.o: ../../pikotools/src/convert/text.h
+./core/sessionidmanager.o: ../../pikotools/src/convert/text.h
 ./core/sessionmanager.o: ./core/sessionmanager.h ./core/sessioncontainer.h
 ./core/sessionmanager.o: ./core/session.h ./core/error.h models/user.h
 ./core/sessionmanager.o: ../../morm/src/model.h

winixd/core/sessionidmanager.cpp

@@ -548,17 +548,14 @@ return true;
 }
 
 
-bool SessionIdManager::DecodeTokenA(size_t & id, unsigned int & index)
+bool SessionIdManager::DecodeToken(size_t key, size_t & id, unsigned int & index)
 {
 size_t pad_top_size;
 size_t pad_bottom_size;
 char pad_top_value;
 char pad_bottom_value;
 
-	const char * str = string_token.c_str() + 1;
-	size_t key = (unsigned char)(*str);
-
-	str += 1;
+	const char * str = string_token.c_str() + 2;
 
 	if( !DecodeAES(str, key) )
 		return false;
@@ -592,6 +589,29 @@ return CheckControlSums(str);
 }
 
 
+bool SessionIdManager::DecodeToken(size_t & id, unsigned int & index)
+{
+	size_t key = 0;
+
+	if( string_token[0] == 'a' )
+	{
+		// it is ALGORITHM_MULTIPLE_KEYS
+		key = (unsigned char)string_token[1];
+	}
+	else
+	if( string_token[0] == 'b' )
+	{
+		// it is ALGORITHM_SINGLE_KEYS
+		key = 0;
+	}
+	else
+	{
+		return false;
+	}
+
+	return DecodeToken(key, id, index);
+}
+
 
 bool SessionIdManager::DecodeToken(const std::wstring & token, size_t & id, unsigned int & index)
 {
@@ -606,10 +626,7 @@ bool SessionIdManager::DecodeToken(const std::wstring & token, size_t & id, unsi
 	if( string_token.size() != 34 )
 		return false;
 
-	if( string_token[0] == 'a' )
-		return DecodeTokenA(id, index);
-
-return false;
+	return DecodeToken(id, index);
 }
 
 

winixd/core/sessionidmanager.h

@@ -171,7 +171,8 @@ private:
 	void CopyString(const std::string & in, std::wstring & out);
 	void CopyString(const std::wstring & in, std::string & out);
 	bool Encode(std::string & str);
-	bool DecodeTokenA(size_t & id, unsigned int & index);
+	bool DecodeToken(size_t key, size_t & id, unsigned int & index);
+	bool DecodeToken(size_t & id, unsigned int & index);
 	bool IsPaddingCorrect(const char * str, size_t len, char val);
 	bool CheckControlSums(const char * str);
 	void InitializeAesKeys(size_t index);