fix: escape properly double quote for password on HTTP Provider

fixes AM-4687
gravitee-io · Jan 21, 2025 · 4a1fdc6 · 4a1fdc6
1 parent 99687d5
commit 4a1fdc6
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/...provider-http/src/main/java/io/gravitee/am/identityprovider/http/utils/SanitizeUtils.java b/...provider-http/src/main/java/io/gravitee/am/identityprovider/http/utils/SanitizeUtils.java
@@ -49,12 +49,12 @@ public static String sanitize(String credentials, String requestBody, List<HttpH
         // if HTTP headers contains Content-Type == application/json
         // it means we except a json body content
         if (contentTypeHeaders.contains(MediaType.APPLICATION_JSON)) {
-            return credentials.replace("\"", "\\\\\"");
+            return credentials.replace("\"", "\\\"");
         }
 
         // if we can't rely on http headers, look into the body
         if (contentTypeHeaders.isEmpty() && requestBody != null && (requestBody.startsWith("{") || requestBody.startsWith("["))) {
-            return credentials.replace("\"", "\\\\\"");
+            return credentials.replace("\"", "\\\"");
         }
         return credentials;
     }

diff --git a/...a/io/gravitee/am/identityprovider/http/authentication/HttpAuthenticationProviderTest.java b/...a/io/gravitee/am/identityprovider/http/authentication/HttpAuthenticationProviderTest.java
@@ -82,12 +82,12 @@ public void shouldLoadUserByUsername_authentication() {
         TestObserver<User> testObserver = authenticationProvider.loadUserByUsername(new Authentication() {
             @Override
             public Object getCredentials() {
-                return "johndoe";
+                return "johndoepassword\"";
             }
 
             @Override
             public Object getPrincipal() {
-                return "johndoepassword";
+                return "johndoe";
             }
 
             @Override
@@ -113,12 +113,12 @@ public void shouldLoadUserByUsername_authentication_badCredentials() {
         TestObserver<User> testObserver = authenticationProvider.loadUserByUsername(new Authentication() {
             @Override
             public Object getCredentials() {
-                return "johndoe";
+                return "johndoepassword";
             }
 
             @Override
             public Object getPrincipal() {
-                return "johndoepassword";
+                return "johndoe";
             }
 
             @Override