Can't log in if user name contains a white space (play 2.4, play2-auth 0.14.2)

Question

Can't log in if user name contains a white space (play 2.4, play2-auth 0.14.2)

takiri opened this issue 8 years ago · 0 comments

Hi,

I recently upgraded my Scala/Play project from Play! 2.3 to 2.4; and upgraded the play2-auth dependency from 0.14.1 to 0.14.2 at the same time.
Since then I've had troubles with user log in: if the login contains a white space, then it won't be possible.
The error trace was the following:

21 Jun 2016 11:40:02.166 [error] p.c.s.n.PlayDefaultUpstreamHandler - Cannot invoke the action
java.lang.IllegalArgumentException: Cookie value contains an invalid char:
        at play.core.netty.utils.CookieEncoder.validateCookie(CookieEncoder.java:47) ~[play-netty-utils-2.4.6.jar:2.4.6]
        [...]

As written in https://curl.haxx.se/rfc/cookie_spec.html, space must be encoded to be accepted in cookies.
Therefore, as a workaround, I updated the code of my trait extending AuthConfig:

  override lazy val idContainer: AsyncIdContainer[Id] = AsyncIdContainer(new TransparentIdContainer[Id])

becomes

override lazy val idContainer: AsyncIdContainer[Id] = AsyncIdContainer(new EncodedIdContainer[Id])

class EncodedIdContainer[Id: ToString: FromString] extends TransparentIdContainer[Id] {

  override def startNewSession(userId: Id, timeoutInSeconds: Int) = {
    encodeTokenString( implicitly[ToString[Id]].apply(userId) )
  }

  override def get(token: AuthenticityToken) = {
    implicitly[FromString[Id]].apply(decodeTokenString(token))
  }

  private def encodeTokenString(tokenStr: String): String = {
    java.net.URLEncoder.encode(tokenStr, "UTF-8")
  }

  private def decodeTokenString(tokenStr: String): String = {
    java.net.URLDecoder.decode(tokenStr, "UTF-8")
  }

Am I missing something or is that a limitation of the module?
Thanks in advance!

PS: note that I am using a particular implementation mixing AuthElement and OptionalAuthElement (see #148).