Add support for passwords with special characters to OAUTH2 login. (#345)

gmessner · web-flow · commit a0e5971974e2 · 2019-05-09T10:51:06.000-07:00
diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@ To utilize GitLab4J&trade; API in your Java project, simply add the following de
 ```java
 dependencies {
     ...
-    compile group: 'org.gitlab4j', name: 'gitlab4j-api', version: '4.10.11'
+    compile group: 'org.gitlab4j', name: 'gitlab4j-api', version: '4.10.12'
 }
 ```
 
@@ -23,7 +23,7 @@ dependencies {
 <dependency>
     <groupId>org.gitlab4j</groupId>
     <artifactId>gitlab4j-api</artifactId>
-    <version>4.10.11</version>
+    <version>4.10.12</version>
 </dependency>
 ```
 
diff --git a/src/main/java/org/gitlab4j/api/utils/Oauth2LoginStreamingOutput.java b/src/main/java/org/gitlab4j/api/utils/Oauth2LoginStreamingOutput.java
@@ -1,8 +1,11 @@
 package org.gitlab4j.api.utils;
 
+import java.io.BufferedWriter;
 import java.io.IOException;
 import java.io.OutputStream;
-import java.io.PrintWriter;
+import java.io.OutputStreamWriter;
+import java.io.Writer;
+import java.nio.charset.StandardCharsets;
 
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.StreamingOutput;
@@ -30,7 +33,7 @@ public Oauth2LoginStreamingOutput(String username, char[] password) {
     @Override
     public void write(OutputStream output) throws IOException, WebApplicationException {
 
-        PrintWriter writer = new PrintWriter(output);
+        Writer writer = new BufferedWriter(new OutputStreamWriter(output, StandardCharsets.UTF_8));
         writer.write("{ ");
         writer.write("\"grant_type\": \"password\", ");
         writer.write("\"username\": \"" + username + "\", ");
@@ -39,8 +42,15 @@ public void write(OutputStream output) throws IOException, WebApplicationExcepti
         // Output the quoted password
         writer.write('"');
         for (int i = 0, length = password.length(); i < length; i++) {
-            writer.write(password.charAt(i));
-        }     
+
+            char c = password.charAt(i);
+            if (c == '"' || c == '\\') {
+                writer.write('\\');
+            }
+
+            writer.write(c);
+        }
+
         writer.write('"');
 
         writer.write(" }");
diff --git a/src/test/java/org/gitlab4j/api/JsonUtils.java b/src/test/java/org/gitlab4j/api/JsonUtils.java
@@ -25,6 +25,10 @@ public class JsonUtils {
         jacksonJson.getObjectMapper().configure(MapperFeature.SORT_PROPERTIES_ALPHABETICALLY, true);
     }
 
+    static JsonNode readTreeFromString(String jsonString) throws JsonParseException, JsonMappingException, IOException {
+        return (jacksonJson.readTree(jsonString));
+    }
+
     static JsonNode readTreeFromResource(String filename) throws JsonParseException, JsonMappingException, IOException {
         InputStreamReader reader = new InputStreamReader(TestGitLabApiBeans.class.getResourceAsStream(filename));
         return (jacksonJson.readTree(reader));
@@ -73,7 +77,6 @@ static <T> Map<String, T> unmarshalMap(Class<T> returnType, String json) throws
         return (jacksonJson.unmarshalMap(returnType, json));
     }
 
-
     static <T> boolean compareJson(T apiObject, String filename) throws IOException {
         InputStreamReader reader = new InputStreamReader(TestGitLabApiBeans.class.getResourceAsStream(filename));
         return (compareJson(apiObject, reader));
diff --git a/src/test/java/org/gitlab4j/api/TestOauth2LoginStreamingOutput.java b/src/test/java/org/gitlab4j/api/TestOauth2LoginStreamingOutput.java
@@ -0,0 +1,76 @@
+package org.gitlab4j.api;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.ByteArrayOutputStream;
+import java.nio.charset.StandardCharsets;
+
+import org.gitlab4j.api.utils.Oauth2LoginStreamingOutput;
+import org.junit.Test;
+
+import com.fasterxml.jackson.databind.JsonNode;
+
+public class TestOauth2LoginStreamingOutput {
+
+    private static final String USERNAME = "test-user";
+
+    @Test
+    public void testPasswordsWithBackslashes() throws Exception {
+
+        final String password = "Password with \\backslashes\\";
+        try (Oauth2LoginStreamingOutput oauth2Stream = new Oauth2LoginStreamingOutput(USERNAME, password)) {
+            ByteArrayOutputStream stream = new ByteArrayOutputStream();
+            oauth2Stream.write(stream);
+
+            String json = stream.toString(StandardCharsets.UTF_8.name());
+            System.out.println(json);
+            JsonNode tree = JsonUtils.readTreeFromString(json);
+            assertEquals(password, tree.path("password").asText());
+        }
+    }
+
+    @Test
+    public void testPasswordsWithDoubleQuotes() throws Exception {
+
+        final String password = "Password with \"double quotes\"";
+        try (Oauth2LoginStreamingOutput oauth2Stream = new Oauth2LoginStreamingOutput(USERNAME, password)) {
+            ByteArrayOutputStream stream = new ByteArrayOutputStream();
+            oauth2Stream.write(stream);
+
+            String json = stream.toString(StandardCharsets.UTF_8.name());
+            System.out.println(json);
+            JsonNode tree = JsonUtils.readTreeFromString(json);
+            assertEquals(password, tree.path("password").asText());
+        }
+    }
+
+    @Test
+    public void testPasswordsWithSpecialLetters() throws Exception {
+
+        final String password = "Password with special letters 'Ää - Öö - Üü - ẞ'";
+        try (Oauth2LoginStreamingOutput oauth2Stream = new Oauth2LoginStreamingOutput(USERNAME, password)) {
+            ByteArrayOutputStream stream = new ByteArrayOutputStream();
+            oauth2Stream.write(stream);
+
+            String json = stream.toString(StandardCharsets.UTF_8.name());
+            System.out.println(json);
+            JsonNode tree = JsonUtils.readTreeFromString(json);
+            assertEquals(password, tree.path("password").asText());
+        }
+    }
+
+    @Test
+    public void testPasswordsWithManySpecialChars() throws Exception {
+
+        final String password = "Password with many special chars '\\ - \" - [] - () - ~ - ! - ^ - ` - Ää - Öö - Üü - ẞ'";
+        try (Oauth2LoginStreamingOutput oauth2Stream = new Oauth2LoginStreamingOutput(USERNAME, password)) {
+            ByteArrayOutputStream stream = new ByteArrayOutputStream();
+            oauth2Stream.write(stream);
+
+            String json = stream.toString(StandardCharsets.UTF_8.name());
+            System.out.println(json);
+            JsonNode tree = JsonUtils.readTreeFromString(json);
+            assertEquals(password, tree.path("password").asText());
+        }
+    }
+}
