[myq] Fixes a serious issue that could wipe out cookies across an entire OH instance...

author Dan Cunningham <dan@digitaldan.com>

Mon, 4 Oct 2021 05:41:41 +0000 (22:41 -0700)

committer GitHub <noreply@github.com>

Mon, 4 Oct 2021 05:41:41 +0000 (07:41 +0200)
author Dan Cunningham <dan@digitaldan.com>
Mon, 4 Oct 2021 05:41:41 +0000 (22:41 -0700)
committer GitHub <noreply@github.com>
Mon, 4 Oct 2021 05:41:41 +0000 (07:41 +0200)
diff --git a/bundles/org.openhab.binding.myq/src/main/java/org/openhab/binding/myq/internal/handler/MyQAccountHandler.java b/bundles/org.openhab.binding.myq/src/main/java/org/openhab/binding/myq/internal/handler/MyQAccountHandler.java

index 90dd033a90797f5728ea528d480841809defaa91..a26760a616e2b4d2fa146892763997fd8e29584d 100644 (file)
--- a/bundles/org.openhab.binding.myq/src/main/java/org/openhab/binding/myq/internal/handler/MyQAccountHandler.java
+++ b/bundles/org.openhab.binding.myq/src/main/java/org/openhab/binding/myq/internal/handler/MyQAccountHandler.java
@@ -16,6 +16,7 @@ import static org.openhab.binding.myq.internal.MyQBindingConstants.*;
  
  import java.io.IOException;
  import java.io.UnsupportedEncodingException;
+import java.net.CookieStore;
  import java.net.HttpCookie;
  import java.net.URI;
  import java.net.URISyntaxException;
@@ -291,10 +292,14 @@ public class MyQAccountHandler extends BaseBridgeHandler implements AccessTokenR
       */
      private AccessTokenResponse login()
              throws InterruptedException, MyQCommunicationException, MyQAuthenticationException {
-        // make sure we have a fresh session
-        httpClient.getCookieStore().removeAll();
-
          try {
+            // make sure we have a fresh session
+            URI authUri = new URI(LOGIN_BASE_URL);
+            CookieStore store = httpClient.getCookieStore();
+            store.get(authUri).forEach(cookie -> {
+                store.remove(authUri, cookie);
+            });
+
              String codeVerifier = generateCodeVerifier();
  
              ContentResponse loginPageResponse = getLoginPage(codeVerifier);
@@ -328,7 +333,7 @@ public class MyQAccountHandler extends BaseBridgeHandler implements AccessTokenR
              }
              getOAuthService().importAccessTokenResponse(accessTokenResponse);
              return accessTokenResponse;
-        } catch (IOException | ExecutionException | TimeoutException | OAuthException e) {
+        } catch (IOException | ExecutionException | TimeoutException | OAuthException | URISyntaxException e) {
              throw new MyQCommunicationException(e.getMessage());
          }
      }
author	Dan Cunningham <dan@digitaldan.com>
	Mon, 4 Oct 2021 05:41:41 +0000 (22:41 -0700)
committer	GitHub <noreply@github.com>
	Mon, 4 Oct 2021 05:41:41 +0000 (07:41 +0200)