fix(SessionIdManager): take a correct algorithm when decoding a token
This commit is contained in:
parent
2e8f4d1a26
commit
c85a724fec
|
@ -1749,6 +1749,7 @@
|
||||||
./core/sessionidmanager.o: ../../pikotools/src/utf8/utf8_stream.h
|
./core/sessionidmanager.o: ../../pikotools/src/utf8/utf8_stream.h
|
||||||
./core/sessionidmanager.o: ../../pikotools/src/convert/misc.h
|
./core/sessionidmanager.o: ../../pikotools/src/convert/misc.h
|
||||||
./core/sessionidmanager.o: ../../pikotools/src/convert/text.h
|
./core/sessionidmanager.o: ../../pikotools/src/convert/text.h
|
||||||
|
./core/sessionidmanager.o: ../../pikotools/src/convert/text.h
|
||||||
./core/sessionmanager.o: ./core/sessionmanager.h ./core/sessioncontainer.h
|
./core/sessionmanager.o: ./core/sessionmanager.h ./core/sessioncontainer.h
|
||||||
./core/sessionmanager.o: ./core/session.h ./core/error.h models/user.h
|
./core/sessionmanager.o: ./core/session.h ./core/error.h models/user.h
|
||||||
./core/sessionmanager.o: ../../morm/src/model.h
|
./core/sessionmanager.o: ../../morm/src/model.h
|
||||||
|
|
|
@ -548,17 +548,14 @@ return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
bool SessionIdManager::DecodeTokenA(size_t & id, unsigned int & index)
|
bool SessionIdManager::DecodeToken(size_t key, size_t & id, unsigned int & index)
|
||||||
{
|
{
|
||||||
size_t pad_top_size;
|
size_t pad_top_size;
|
||||||
size_t pad_bottom_size;
|
size_t pad_bottom_size;
|
||||||
char pad_top_value;
|
char pad_top_value;
|
||||||
char pad_bottom_value;
|
char pad_bottom_value;
|
||||||
|
|
||||||
const char * str = string_token.c_str() + 1;
|
const char * str = string_token.c_str() + 2;
|
||||||
size_t key = (unsigned char)(*str);
|
|
||||||
|
|
||||||
str += 1;
|
|
||||||
|
|
||||||
if( !DecodeAES(str, key) )
|
if( !DecodeAES(str, key) )
|
||||||
return false;
|
return false;
|
||||||
|
@ -592,6 +589,29 @@ return CheckControlSums(str);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool SessionIdManager::DecodeToken(size_t & id, unsigned int & index)
|
||||||
|
{
|
||||||
|
size_t key = 0;
|
||||||
|
|
||||||
|
if( string_token[0] == 'a' )
|
||||||
|
{
|
||||||
|
// it is ALGORITHM_MULTIPLE_KEYS
|
||||||
|
key = (unsigned char)string_token[1];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
if( string_token[0] == 'b' )
|
||||||
|
{
|
||||||
|
// it is ALGORITHM_SINGLE_KEYS
|
||||||
|
key = 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return DecodeToken(key, id, index);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
bool SessionIdManager::DecodeToken(const std::wstring & token, size_t & id, unsigned int & index)
|
bool SessionIdManager::DecodeToken(const std::wstring & token, size_t & id, unsigned int & index)
|
||||||
{
|
{
|
||||||
|
@ -606,10 +626,7 @@ bool SessionIdManager::DecodeToken(const std::wstring & token, size_t & id, unsi
|
||||||
if( string_token.size() != 34 )
|
if( string_token.size() != 34 )
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if( string_token[0] == 'a' )
|
return DecodeToken(id, index);
|
||||||
return DecodeTokenA(id, index);
|
|
||||||
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -171,7 +171,8 @@ private:
|
||||||
void CopyString(const std::string & in, std::wstring & out);
|
void CopyString(const std::string & in, std::wstring & out);
|
||||||
void CopyString(const std::wstring & in, std::string & out);
|
void CopyString(const std::wstring & in, std::string & out);
|
||||||
bool Encode(std::string & str);
|
bool Encode(std::string & str);
|
||||||
bool DecodeTokenA(size_t & id, unsigned int & index);
|
bool DecodeToken(size_t key, size_t & id, unsigned int & index);
|
||||||
|
bool DecodeToken(size_t & id, unsigned int & index);
|
||||||
bool IsPaddingCorrect(const char * str, size_t len, char val);
|
bool IsPaddingCorrect(const char * str, size_t len, char val);
|
||||||
bool CheckControlSums(const char * str);
|
bool CheckControlSums(const char * str);
|
||||||
void InitializeAesKeys(size_t index);
|
void InitializeAesKeys(size_t index);
|
||||||
|
|
Loading…
Reference in New Issue