From 4a1fdc601d5e455d7cb7a955f0822a5766da6467 Mon Sep 17 00:00:00 2001
From: eric <eric.leleu@graviteesource.com>
Date: Mon, 20 Jan 2025 14:41:42 +0100
Subject: [PATCH] fix: escape properly double quote for password on HTTP
 Provider

fixes AM-4687
---
 .../am/identityprovider/http/utils/SanitizeUtils.java     | 4 ++--
 .../authentication/HttpAuthenticationProviderTest.java    | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/gravitee-am-identityprovider/gravitee-am-identityprovider-http/src/main/java/io/gravitee/am/identityprovider/http/utils/SanitizeUtils.java b/gravitee-am-identityprovider/gravitee-am-identityprovider-http/src/main/java/io/gravitee/am/identityprovider/http/utils/SanitizeUtils.java
index 4e1b8b293c1..4a0d14193a8 100644
--- a/gravitee-am-identityprovider/gravitee-am-identityprovider-http/src/main/java/io/gravitee/am/identityprovider/http/utils/SanitizeUtils.java
+++ b/gravitee-am-identityprovider/gravitee-am-identityprovider-http/src/main/java/io/gravitee/am/identityprovider/http/utils/SanitizeUtils.java
@@ -49,12 +49,12 @@ public static String sanitize(String credentials, String requestBody, List<HttpH
         // if HTTP headers contains Content-Type == application/json
         // it means we except a json body content
         if (contentTypeHeaders.contains(MediaType.APPLICATION_JSON)) {
-            return credentials.replace("\"", "\\\\\"");
+            return credentials.replace("\"", "\\\"");
         }
 
         // if we can't rely on http headers, look into the body
         if (contentTypeHeaders.isEmpty() && requestBody != null && (requestBody.startsWith("{") || requestBody.startsWith("["))) {
-            return credentials.replace("\"", "\\\\\"");
+            return credentials.replace("\"", "\\\"");
         }
         return credentials;
     }
diff --git a/gravitee-am-identityprovider/gravitee-am-identityprovider-http/src/test/java/io/gravitee/am/identityprovider/http/authentication/HttpAuthenticationProviderTest.java b/gravitee-am-identityprovider/gravitee-am-identityprovider-http/src/test/java/io/gravitee/am/identityprovider/http/authentication/HttpAuthenticationProviderTest.java
index fe1ce949265..b3aa3b4b3c8 100644
--- a/gravitee-am-identityprovider/gravitee-am-identityprovider-http/src/test/java/io/gravitee/am/identityprovider/http/authentication/HttpAuthenticationProviderTest.java
+++ b/gravitee-am-identityprovider/gravitee-am-identityprovider-http/src/test/java/io/gravitee/am/identityprovider/http/authentication/HttpAuthenticationProviderTest.java
@@ -82,12 +82,12 @@ public void shouldLoadUserByUsername_authentication() {
         TestObserver<User> testObserver = authenticationProvider.loadUserByUsername(new Authentication() {
             @Override
             public Object getCredentials() {
-                return "johndoe";
+                return "johndoepassword\"";
             }
 
             @Override
             public Object getPrincipal() {
-                return "johndoepassword";
+                return "johndoe";
             }
 
             @Override
@@ -113,12 +113,12 @@ public void shouldLoadUserByUsername_authentication_badCredentials() {
         TestObserver<User> testObserver = authenticationProvider.loadUserByUsername(new Authentication() {
             @Override
             public Object getCredentials() {
-                return "johndoe";
+                return "johndoepassword";
             }
 
             @Override
             public Object getPrincipal() {
-                return "johndoepassword";
+                return "johndoe";
             }
 
             @Override