PUBLIC - Liferay Portal Community Edition
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-33309

Basic authentication from WebDav access failed when passwords (or even username) have specials characters like accentued ones, due to an incomplete Base64 decode algorythm.

    Details

    • Fix Priority:
      4
    • Similar Issues:
      Show 5 results 

      Description

      The class com.liferay.portal.kernel.util.Base64 seems to be used for encoding/decoding urls parts.

      But this class is also used to decode credentials in case of a basic authentification, especially for WebDav/sharepoint access.

      Unfortunely, this method doesn't decode extended characters like accentued ones (é,è,ï, ...) causing a mismatch when comparing crypted key between the one calculated from these (bad) decoded credentials and the one stored in Liferay (attached to the user account).

      And then the authentification from Webdav failed !

      It could be possible to make an improvement to the Base64 class, but I suggest to use instead a native java method :
      javax.xml.bind.DatatypeConverter.parseBase64Binary(..)

      This method method need to know the encoding of the parsed Bytes array, but this information is not avalable in the request, it will be necessary to implement a property (UTF-8 by default) allowing portal deployers to switch to a specific local encoding (like ISO-8859-1).

      For my needs, I plan to override this :

      portal-impl/src/com/liferay/portal/util/PortalImpl.java
      ligne 837, méthode getBasicAuthUserId(...)
      String credentials = new String(Base64.decode(authorizationArray[1]));

      by
      String credentials = new String(javax.xml.bind.DatatypeConverter.parseBase64Binary(authorizationArray[1]),"ISO-8859-1");

      I tagged this Jira as a bug, but it's probably more an improvment.

        Activity

        Hide
        Aniceto P Madrid added a comment - - edited

        have you checked if that solution works?

        Can you checkit against 6.2.0m4?

        Thanks

        Show
        Aniceto P Madrid added a comment - - edited have you checked if that solution works? Can you checkit against 6.2.0m4? Thanks
        Hide
        Christophe Cariou added a comment -

        I just made a quick unit test with the suggested method, on a string containing extended accentued characters, with success.

        As I need this on a 6.0.6 project, I will implement (and test) it, probably by an ext plugin. I'll feed back asap.

        Regarding 6.2, I've planned to make a look on it soon and I will test that method too, but with a direct source update an recompile. I'll feed back too.

        Anyway, if you do it before me, you're welcome.

        Show
        Christophe Cariou added a comment - I just made a quick unit test with the suggested method, on a string containing extended accentued characters, with success. As I need this on a 6.0.6 project, I will implement (and test) it, probably by an ext plugin. I'll feed back asap. Regarding 6.2, I've planned to make a look on it soon and I will test that method too, but with a direct source update an recompile. I'll feed back too. Anyway, if you do it before me, you're welcome.
        Hide
        Aniceto P Madrid added a comment -

        Confirmed

        Show
        Aniceto P Madrid added a comment - Confirmed

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              2 years, 25 weeks, 6 days ago

              Development

                Structure Helper Panel