From 7ae323aedcd8b80f112fa4a75d72230f74b4405d Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Tue, 8 Jun 2021 09:04:21 +0300
Subject: [PATCH] lib-oauth2: Do not escape '.'

This is not really needed and just makes things difficult.
---
 src/lib-oauth2/oauth2-jwt.c      | 7 ++-----
 src/lib-oauth2/test-oauth2-jwt.c | 8 ++++----
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c
index 0d853a5d33..6dd09be4d3 100644
--- a/src/lib-oauth2/oauth2-jwt.c
+++ b/src/lib-oauth2/oauth2-jwt.c
@@ -52,10 +52,10 @@ static int get_time_field(const struct json_tree *tree, const char *key,
 	return -1;
 }
 
-/* Escapes '.', '/' and '%' in identifier to %hex */
+/* Escapes '/' and '%' in identifier to %hex */
 static const char *escape_identifier(const char *identifier)
 {
-	size_t pos = strcspn(identifier, "./%");
+	size_t pos = strcspn(identifier, "/%");
 	/* nothing to escape */
 	if (identifier[pos] == '\0')
 		return identifier;
@@ -66,9 +66,6 @@ static const char *escape_identifier(const char *identifier)
 
 	for (size_t i = pos; i < len; i++) {
 	        switch (identifier[i]) {
-	        case '.':
-	                str_append(new_id, "%2e");
-	                break;
 	        case '/':
 	                str_append(new_id, "%2f");
 	                break;
diff --git a/src/lib-oauth2/test-oauth2-jwt.c b/src/lib-oauth2/test-oauth2-jwt.c
index ba6c320fd1..fa06d003f6 100644
--- a/src/lib-oauth2/test-oauth2-jwt.c
+++ b/src/lib-oauth2/test-oauth2-jwt.c
@@ -323,10 +323,10 @@ static void test_jwt_token_escape(void)
 			"http://test.unit/local%key",
 			"hs256",
 			"http://test.unit/local%key",
-			"http:%2f%2ftest%2eunit%2flocal%25key",
-			"http:%2f%2ftest%2eunit%2flocal%25key"
+			"http:%2f%2ftest.unit%2flocal%25key",
+			"http:%2f%2ftest.unit%2flocal%25key"
 		},
-		{ "../", "hs256", "../", "%2e%2e%2f", "%2e%2e%2f" },
+		{ "../", "hs256", "../", "..%2f", "..%2f" },
 	};
 
 	test_begin("JWT token escaping");
@@ -645,7 +645,7 @@ static void test_jwt_kid_escape(void)
 	 random_fill(ptr, 32);
 	 buffer_t *b64_key = t_base64_encode(0, SIZE_MAX,
 					     secret->data, secret->used);
-	 save_key_to("HS256", "hello%2eworld%2f%25", str_c(b64_key));
+	 save_key_to("HS256", "hello.world%2f%25", str_c(b64_key));
 	/* make a token */
 	buffer_t *tokenbuf = create_jwt_token_kid("HS256", "hello.world/%");
 	/* sign it */
-- 
2.47.3