From 1e72960c5f5af718f40576ca1b0b9aa01aca97c1 Mon Sep 17 00:00:00 2001 From: Ludy Date: Wed, 12 Jun 2024 21:36:18 +0200 Subject: [PATCH] Bugfix: missing contextPath (#1434) --- .../CustomAuthenticationSuccessHandler.java | 3 ++- .../SPDF/config/security/FirstLoginFilter.java | 8 +++++--- .../SPDF/config/security/IPRateLimitingFilter.java | 3 ++- .../CustomOAuth2AuthenticationSuccessHandler.java | 10 +++++----- .../SPDF/controller/api/UserController.java | 2 +- .../software/SPDF/utils/RequestUriUtils.java | 14 ++++++++++++++ 6 files changed, 29 insertions(+), 11 deletions(-) diff --git a/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationSuccessHandler.java b/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationSuccessHandler.java index f10db07c..73280d89 100644 --- a/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationSuccessHandler.java +++ b/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationSuccessHandler.java @@ -37,7 +37,8 @@ public class CustomAuthenticationSuccessHandler : null; if (savedRequest != null - && !RequestUriUtils.isStaticResource(savedRequest.getRedirectUrl())) { + && !RequestUriUtils.isStaticResource( + request.getContextPath(), savedRequest.getRedirectUrl())) { // Redirect to the original destination super.onAuthenticationSuccess(request, response, authentication); } else { diff --git a/src/main/java/stirling/software/SPDF/config/security/FirstLoginFilter.java b/src/main/java/stirling/software/SPDF/config/security/FirstLoginFilter.java index 213fd2f8..86afa028 100644 --- a/src/main/java/stirling/software/SPDF/config/security/FirstLoginFilter.java +++ b/src/main/java/stirling/software/SPDF/config/security/FirstLoginFilter.java @@ -28,8 +28,10 @@ public class FirstLoginFilter extends OncePerRequestFilter { throws ServletException, IOException { String method = request.getMethod(); String requestURI = request.getRequestURI(); + String contextPath = request.getContextPath(); + // Check if the request is for static resources - boolean isStaticResource = RequestUriUtils.isStaticResource(requestURI); + boolean isStaticResource = RequestUriUtils.isStaticResource(contextPath, requestURI); // If it's a static resource, just continue the filter chain and skip the logic below if (isStaticResource) { @@ -43,8 +45,8 @@ public class FirstLoginFilter extends OncePerRequestFilter { if ("GET".equalsIgnoreCase(method) && user.isPresent() && user.get().isFirstLogin() - && !"/change-creds".equals(requestURI)) { - response.sendRedirect(request.getContextPath() + "/change-creds"); + && !(contextPath + "/change-creds").equals(requestURI)) { + response.sendRedirect(contextPath + "/change-creds"); return; } } diff --git a/src/main/java/stirling/software/SPDF/config/security/IPRateLimitingFilter.java b/src/main/java/stirling/software/SPDF/config/security/IPRateLimitingFilter.java index b79cd586..b47ba534 100644 --- a/src/main/java/stirling/software/SPDF/config/security/IPRateLimitingFilter.java +++ b/src/main/java/stirling/software/SPDF/config/security/IPRateLimitingFilter.java @@ -33,7 +33,8 @@ public class IPRateLimitingFilter implements Filter { String method = httpRequest.getMethod(); String requestURI = httpRequest.getRequestURI(); // Check if the request is for static resources - boolean isStaticResource = RequestUriUtils.isStaticResource(requestURI); + boolean isStaticResource = + RequestUriUtils.isStaticResource(httpRequest.getContextPath(), requestURI); // If it's a static resource, just continue the filter chain and skip the logic below if (isStaticResource) { diff --git a/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationSuccessHandler.java b/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationSuccessHandler.java index 8468de5d..6d68d95b 100644 --- a/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationSuccessHandler.java +++ b/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationSuccessHandler.java @@ -48,13 +48,14 @@ public class CustomOAuth2AuthenticationSuccessHandler // Get the saved request HttpSession session = request.getSession(false); + String contextPath = request.getContextPath(); SavedRequest savedRequest = (session != null) ? (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST") : null; if (savedRequest != null - && !RequestUriUtils.isStaticResource(savedRequest.getRedirectUrl())) { + && !RequestUriUtils.isStaticResource(contextPath, savedRequest.getRedirectUrl())) { // Redirect to the original destination super.onAuthenticationSuccess(request, response, authentication); } else { @@ -75,16 +76,15 @@ public class CustomOAuth2AuthenticationSuccessHandler && !userService.isAuthenticationTypeByUsername( username, AuthenticationType.OAUTH2) && oAuth.getAutoCreateUser()) { - response.sendRedirect( - request.getContextPath() + "/logout?oauth2AuthenticationErrorWeb=true"); + response.sendRedirect(contextPath + "/logout?oauth2AuthenticationErrorWeb=true"); return; } else { try { userService.processOAuth2PostLogin(username, oAuth.getAutoCreateUser()); - response.sendRedirect("/"); + response.sendRedirect(contextPath + "/"); return; } catch (IllegalArgumentException e) { - response.sendRedirect("/logout?invalidUsername=true"); + response.sendRedirect(contextPath + "/logout?invalidUsername=true"); return; } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/UserController.java b/src/main/java/stirling/software/SPDF/controller/api/UserController.java index 6415167c..ec316fbc 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/UserController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/UserController.java @@ -59,7 +59,7 @@ public class UserController { @PostMapping("/change-username") public RedirectView changeUsername( Principal principal, - @RequestParam(name = "currentPassword") String currentPassword, + @RequestParam(name = "currentPasswordChangeUsername") String currentPassword, @RequestParam(name = "newUsername") String newUsername, HttpServletRequest request, HttpServletResponse response, diff --git a/src/main/java/stirling/software/SPDF/utils/RequestUriUtils.java b/src/main/java/stirling/software/SPDF/utils/RequestUriUtils.java index 54044970..865f72a1 100644 --- a/src/main/java/stirling/software/SPDF/utils/RequestUriUtils.java +++ b/src/main/java/stirling/software/SPDF/utils/RequestUriUtils.java @@ -12,6 +12,20 @@ public class RequestUriUtils { || requestURI.startsWith("/pdfjs/") || requestURI.startsWith("/pdfjs-legacy/") || requestURI.endsWith(".svg") + || requestURI.endsWith(".webmanifest") || requestURI.startsWith("/api/v1/info/status"); } + + public static boolean isStaticResource(String contextPath, String requestURI) { + + return requestURI.startsWith(contextPath + "/css/") + || requestURI.startsWith(contextPath + "/fonts/") + || requestURI.startsWith(contextPath + "/js/") + || requestURI.startsWith(contextPath + "/images/") + || requestURI.startsWith(contextPath + "/public/") + || requestURI.startsWith(contextPath + "/pdfjs/") + || requestURI.endsWith(".svg") + || requestURI.endsWith(".webmanifest") + || requestURI.startsWith(contextPath + "/api/v1/info/status"); + } }