From a249c6eb39427044fdefb1651a30b29f3ed395e9 Mon Sep 17 00:00:00 2001 From: Dan Cunningham Date: Sun, 3 Oct 2021 22:41:41 -0700 Subject: [PATCH] [myq] Fixes a serious issue that could wipe out cookies across an entire OH instance for bindings using the shared Jetty client (#11343) Signed-off-by: Dan Cunningham --- .../myq/internal/handler/MyQAccountHandler.java | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/bundles/org.openhab.binding.myq/src/main/java/org/openhab/binding/myq/internal/handler/MyQAccountHandler.java b/bundles/org.openhab.binding.myq/src/main/java/org/openhab/binding/myq/internal/handler/MyQAccountHandler.java index 90dd033a90797..a26760a616e2b 100644 --- a/bundles/org.openhab.binding.myq/src/main/java/org/openhab/binding/myq/internal/handler/MyQAccountHandler.java +++ b/bundles/org.openhab.binding.myq/src/main/java/org/openhab/binding/myq/internal/handler/MyQAccountHandler.java @@ -16,6 +16,7 @@ import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.net.CookieStore; import java.net.HttpCookie; import java.net.URI; import java.net.URISyntaxException; @@ -291,10 +292,14 @@ private synchronized void fetchData() { */ private AccessTokenResponse login() throws InterruptedException, MyQCommunicationException, MyQAuthenticationException { - // make sure we have a fresh session - httpClient.getCookieStore().removeAll(); - try { + // make sure we have a fresh session + URI authUri = new URI(LOGIN_BASE_URL); + CookieStore store = httpClient.getCookieStore(); + store.get(authUri).forEach(cookie -> { + store.remove(authUri, cookie); + }); + String codeVerifier = generateCodeVerifier(); ContentResponse loginPageResponse = getLoginPage(codeVerifier); @@ -328,7 +333,7 @@ private AccessTokenResponse login() } getOAuthService().importAccessTokenResponse(accessTokenResponse); return accessTokenResponse; - } catch (IOException | ExecutionException | TimeoutException | OAuthException e) { + } catch (IOException | ExecutionException | TimeoutException | OAuthException | URISyntaxException e) { throw new MyQCommunicationException(e.getMessage()); } }