Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow custom strategy for handling invalid cookies #2

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Allow custom strategy for handling invalid cookies #2

wants to merge 2 commits into from

Conversation

mvitz
Copy link
Contributor

@mvitz mvitz commented Jul 11, 2018
edited

Adds CookieVerificationFailureHandler which can be used to customise the behaviour for handling invalid cookies.

Closes #1

@mvitz mvitz force-pushed the feature/issue-1_invalid-cookie-failure-handling-strategy branch from c5e8562 to 83913ee Compare July 11, 2018 10:21
@mvitz mvitz mentioned this pull request Jul 11, 2018
Open
cstettler
cstettler reviewed Jul 11, 2018
View reviewed changes
src/main/java/com/innoq/spring/cookie/flash/CookieFlashMapManager.java
@@ -87,16 +97,14 @@ protected Object getFlashMapsMutex(HttpServletRequest request) {
private List<FlashMap> decode(String value) {
final String[] signatureAndPayload = reverse(value).split("--", 2);
if (signatureAndPayload.length != 2) {
// TODO logging
return null;
return verificationFailureHandler.onInvalidValue(value);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the semantics of this failure, i.e. what went wrong? And is is worth distinguishing between onInvalidValue() and onInvalidSignature()? In both cases, the content of the cookie was not as expected.

cstettler
cstettler reviewed Jul 11, 2018
View reviewed changes
src/main/java/com/innoq/spring/cookie/flash/verification/CookieVerificationFailureHandler.java

List<FlashMap> onInvalidValue(String value);

List<FlashMap> onInvalidSignature(String payload, String signature);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be legal to throw e.g. an IllegalStateException in case the signature is invalid? I assume that would lead to a 500 in Spring MVC, which would be good.

@mvitz mvitz force-pushed the feature/issue-1_invalid-cookie-failure-handling-strategy branch from 83913ee to f4923fc Compare November 7, 2019 10:41
@mvitz
refactor!: Move codec abstraction into own package
20268ce
@mvitz
feature: Add failure handler for cookie verification
6d9bd90 
This feature allows to customise the behaviour of what should be done in
case the cookie can not be verified.

By default the cookie is silently ignored, as before.

Closes #1
@mvitz mvitz force-pushed the feature/issue-1_invalid-cookie-failure-handling-strategy branch from f4923fc to 6d9bd90 Compare April 11, 2020 11:18
@mvitz mvitz changed the base branch from master to main June 15, 2020 20:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cstettler cstettler cstettler left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mvitz @cstettler