Describe the bug
The decodeCookie method in AbstractRememberMeServices attempts to pad the cookie value for Base64 decoding. However, the current implementation may not correctly calculate the padding needed to ensure the string length is a multiple of 4, which is a requirement for Base64 decoding.
Expected behavior
The method should add padding characters so that the length of cookieValue becomes a multiple of 4 to adhere to Base64 decoding requirements. The padding should be calculated as 4 - (cookieValue.length() % 4) and should only add padding if the result is less than 4.
Impact
Without this fix, the decodeCookie method may throw IllegalArgumentException when attempting to decode improperly padded Base64 strings, leading to unhandled exceptions and potential disruptions in the remember-me authentication flow.
Describe the bug The
decodeCookie
method in AbstractRememberMeServices attempts to pad the cookie value for Base64 decoding. However, the current implementation may not correctly calculate the padding needed to ensure the string length is a multiple of 4, which is a requirement for Base64 decoding.Current Implementation
To Reproduce Steps to reproduce the behavior.
decodeCookie
method without the correct padding.Expected behavior The method should add padding characters so that the length of
cookieValue
becomes a multiple of 4 to adhere to Base64 decoding requirements. The padding should be calculated as4 - (cookieValue.length() % 4)
and should only add padding if the result is less than 4.Impact Without this fix, the decodeCookie method may throw IllegalArgumentException when attempting to decode improperly padded Base64 strings, leading to unhandled exceptions and potential disruptions in the remember-me authentication flow.
Sample The 123 bit base64 encoding here
will become the following code after passing through that section of code:
but the expected result should be
If it is confirmed that this is a problem, I am willing to try to solve it