Potential bug in access_token retrieval method

Wadeck · Wadeck · commit ac2766300eb1 · 2017-11-17T12:25:28.000+01:00
- currently it's working due to 2 facts
  - the keys are alphabetically ordered and for the moment `access_token` is the first one
  - there is no key containing access_token like `optional_access_token` or `access_token_primary`
- this modification will prevent change in the key set to affect our retrieval technique
diff --git a/src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java
@@ -426,7 +426,7 @@ private String getAccessToken(@Nonnull String code) throws IOException {
         }
         String parts[] = content.split("&");
         for (String part : parts) {
-            if (content.contains("access_token")) {
+            if (part.startsWith("access_token=")) {
                 String tokenParts[] = part.split("=");
                 return tokenParts[1];
             }

Original file line number	Diff line number	Diff line change
`@@ -426,7 +426,7 @@ private String getAccessToken(@Nonnull String code) throws IOException {`
`426`	`426`	`}`
`427`	`427`	`String parts[] = content.split("&");`
`428`	`428`	`for (String part : parts) {`
`429`		`- if (content.contains("access_token")) {`
	`429`	`+ if (part.startsWith("access_token=")) {`
`430`	`430`	`String tokenParts[] = part.split("=");`
`431`	`431`	`return tokenParts[1];`
`432`	`432`	`}`