From d15d351b702f902a279c968410e0824a50e7faab Mon Sep 17 00:00:00 2001
From: Robert von Burg <eitch@eitchnet.ch>
Date: Wed, 13 Mar 2019 20:20:34 +0100
Subject: [PATCH] [Major] Remove password encoding, escape properly on client

---
 .../li/strolch/rest/endpoint/AuthenticationService.java   | 8 +-------
 .../li/strolch/rest/endpoint/PrivilegeUsersService.java   | 7 +------
 2 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
index ece69828e..27c9753bc 100644
--- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
@@ -80,13 +80,7 @@ public class AuthenticationService {
 			String passwordEncoded = login.get("password").getAsString();
 
 			byte[] decode = Base64.getDecoder().decode(passwordEncoded);
-			String passwordString;
-			if (login.has("encoding") && !login.get("encoding").getAsString().isEmpty()) {
-				passwordString = new String(decode, login.get("encoding").getAsString());
-			} else {
-				passwordString = new String(decode);
-			}
-
+			String passwordString = new String(decode);
 			char[] password = passwordString.toCharArray();
 			if (password.length < 3) {
 				logger.error("Authentication failed: Password was not given or is too short!");
diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java
index dfa10fc5d..3d518a772 100644
--- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java
@@ -280,12 +280,7 @@ public class PrivilegeUsersService {
 
 			String passwordEncoded = jsonObject.get("password").getAsString();
 			byte[] decode = Base64.getDecoder().decode(passwordEncoded);
-			String passwordString;
-			if (jsonObject.has("encoding") && !jsonObject.get("encoding").getAsString().isEmpty()) {
-				passwordString = new String(decode, jsonObject.get("encoding").getAsString());
-			} else {
-				passwordString = new String(decode);
-			}
+			String passwordString = new String(decode);
 
 			ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
 			PrivilegeSetUserPasswordService svc = new PrivilegeSetUserPasswordService();