Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-33309

Basic authentication from WebDav access failed when passwords (or even username) have specials characters like accentued ones, due to an incomplete Base64 decode algorythm.

    Details

    • Fix Priority:
      4

      Description

      The class com.liferay.portal.kernel.util.Base64 seems to be used for encoding/decoding urls parts.

      But this class is also used to decode credentials in case of a basic authentification, especially for WebDav/sharepoint access.

      Unfortunely, this method doesn't decode extended characters like accentued ones (é,è,ï, ...) causing a mismatch when comparing crypted key between the one calculated from these (bad) decoded credentials and the one stored in Liferay (attached to the user account).

      And then the authentification from Webdav failed !

      It could be possible to make an improvement to the Base64 class, but I suggest to use instead a native java method :
      javax.xml.bind.DatatypeConverter.parseBase64Binary(..)

      This method method need to know the encoding of the parsed Bytes array, but this information is not avalable in the request, it will be necessary to implement a property (UTF-8 by default) allowing portal deployers to switch to a specific local encoding (like ISO-8859-1).

      For my needs, I plan to override this :

      portal-impl/src/com/liferay/portal/util/PortalImpl.java
      ligne 837, méthode getBasicAuthUserId(...)
      String credentials = new String(Base64.decode(authorizationArray[1]));

      by
      String credentials = new String(javax.xml.bind.DatatypeConverter.parseBase64Binary(authorizationArray[1]),"ISO-8859-1");

      I tagged this Jira as a bug, but it's probably more an improvment.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                4 years, 34 weeks ago