Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correcting Base64 String for random state #31

Merged
merged 1 commit into from
Mar 18, 2024
Merged

Correcting Base64 String for random state #31

merged 1 commit into from
Mar 18, 2024

Conversation

driverjb
Copy link
Contributor

@driverjb driverjb commented Mar 8, 2024
edited
Loading

Description

The replace function requires a regular expression if you want it to replace more than one instance of the sanitized characters. My change switches the string format from base64 to base64url which renders the entire string url safe and eliminates the need for string replacement.

Motivation and Context

This fix is required because the current version causes some users to fail logins because the state does not match the original state when it is returned.

This fix is in reference to this issue: #28

How Has This Been Tested?

I ran your unit tests and also created my own test where I submitted the state an compared it 100000 times to make sure it was always equal to the original state after coming in through the HTTP engine of NodeJS.

Types of Changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

@driverjb
the replace function will only replace the first instance of the + an…
ea080e8 
…d / characters resulting in some strings that still contain those characters. Altering the string format to base64url will handle everything for url safety automatically.

duosecurity#28
@driverjb driverjb changed the title the replace function will only replace the first instance of the + an… Correcting Base64 String for random state Mar 8, 2024
@AaronAtDuo AaronAtDuo merged commit 40c2b9f into duosecurity:main Mar 18, 2024
2 checks passed
@AaronAtDuo
Copy link
Contributor

@driverjb Thanks for the PR! I'll work on getting this released within a day or two.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AaronAtDuo AaronAtDuo AaronAtDuo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@driverjb @AaronAtDuo