commit 9cb42ade67a4a78d98f37f6af5a96a6737c79f87
author Michael Jumper <mjumper@apache.org> Tue Jul 20 22:31:12 2021 -0700
committer Michael Jumper <mjumper@apache.org> Tue Jul 20 22:31:12 2021 -0700
tree 5e011d7900bc869828d2d01acdb601c0b3768cde
parent e79b7b6e4e342170cb4e26c117a3b82a3e629f9e

GUACAMOLE-1383: Use URL-safe client identifiers by default, maintaining backwards compatibility with identifiers using standard base64.

guacamole/src/main/frontend/src/app/navigation/types/ClientIdentifier.js

diff --git a/guacamole/src/main/frontend/src/app/navigation/types/ClientIdentifier.js b/guacamole/src/main/frontend/src/app/navigation/types/ClientIdentifier.js
index bb16a82..47af7ad 100644
--- a/guacamole/src/main/frontend/src/app/navigation/types/ClientIdentifier.js
+++ b/guacamole/src/main/frontend/src/app/navigation/types/ClientIdentifier.js
@@ -101,6 +101,63 @@
     };
 
     /**
+     * Encodes the given value as base64url, a variant of base64 defined by
+     * RFC 4648: https://datatracker.ietf.org/doc/html/rfc4648#section-5.
+     *
+     * The "base64url" variant is identical to standard base64 except that it
+     * uses "-" instead of "+", "_" instead of "/", and padding with "=" is
+     * optional.
+     * 
+     * @param {string} value
+     *     The string value to encode.
+     *
+     * @returns {string}
+     *     The provided string value encoded as unpadded base64url.
+     */
+    var base64urlEncode = function base64urlEncode(value) {
+
+        // Translate padded standard base64 to unpadded base64url
+        return $window.btoa(value).replace(/[+/=]/g,
+            (str) => ({
+                '+' : '-',
+                '/' : '_',
+                '=' : ''
+            })[str]
+        );
+
+    };
+
+    /**
+     * Decodes the given base64url or base64 string. The input string may
+     * contain "=" padding characters, but this is not required.
+     *
+     * @param {string} value
+     *     The base64url or base64 value to decode.
+     *
+     * @returns {string}
+     *     The result of decoding the provided base64url or base64 string.
+     */
+    var base64urlDecode = function base64urlDecode(value) {
+
+        // Add any missing padding (standard base64 requires input strings to
+        // be multiples of 4 in length, padded using '=')
+        value += ([
+            '',
+            '===',
+            '==',
+            '='
+        ])[value.length % 4];
+
+        // Translate padded base64url to padded standard base64
+        return $window.atob(value.replace(/[-_]/g,
+            (str) => ({
+                '-' : '+',
+                '_' : '/'
+            })[str]
+        ));
+    };
+
+    /**
      * Converts the given ClientIdentifier or ClientIdentifier-like object to
      * a String representation. Any object having the same properties as
      * ClientIdentifier may be used, but only those properties will be taken
@@ -115,7 +172,7 @@
      *     or ClientIdentifier-like object.
      */
     ClientIdentifier.toString = function toString(id) {
-        return $window.btoa([
+        return base64urlEncode([
             id.id,
             id.type,
             id.dataSource
@@ -137,7 +194,7 @@
     ClientIdentifier.fromString = function fromString(str) {
 
         try {
-            var values = $window.atob(str).split('\0');
+            var values = base64urlDecode(str).split('\0');
             return new ClientIdentifier({
                 id         : values[0],
                 type       : values[1],