Bugfix: missing contextPath (#1434)

src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationSuccessHandler.java

@@ -37,7 +37,8 @@ public class CustomAuthenticationSuccessHandler
                         : null;
 
         if (savedRequest != null
-                && !RequestUriUtils.isStaticResource(savedRequest.getRedirectUrl())) {
+                && !RequestUriUtils.isStaticResource(
+                        request.getContextPath(), savedRequest.getRedirectUrl())) {
             // Redirect to the original destination
             super.onAuthenticationSuccess(request, response, authentication);
         } else {

src/main/java/stirling/software/SPDF/config/security/FirstLoginFilter.java

@@ -28,8 +28,10 @@ public class FirstLoginFilter extends OncePerRequestFilter {
             throws ServletException, IOException {
         String method = request.getMethod();
         String requestURI = request.getRequestURI();
+        String contextPath = request.getContextPath();
+
         // Check if the request is for static resources
-        boolean isStaticResource = RequestUriUtils.isStaticResource(requestURI);
+        boolean isStaticResource = RequestUriUtils.isStaticResource(contextPath, requestURI);
 
         // If it's a static resource, just continue the filter chain and skip the logic below
         if (isStaticResource) {
@@ -43,8 +45,8 @@ public class FirstLoginFilter extends OncePerRequestFilter {
             if ("GET".equalsIgnoreCase(method)
                     && user.isPresent()
                     && user.get().isFirstLogin()
-                    && !"/change-creds".equals(requestURI)) {
+                    && !(contextPath + "/change-creds").equals(requestURI)) {
-                response.sendRedirect(request.getContextPath() + "/change-creds");
+                response.sendRedirect(contextPath + "/change-creds");
                 return;
             }
         }

src/main/java/stirling/software/SPDF/config/security/IPRateLimitingFilter.java

@@ -33,7 +33,8 @@ public class IPRateLimitingFilter implements Filter {
             String method = httpRequest.getMethod();
             String requestURI = httpRequest.getRequestURI();
             // Check if the request is for static resources
-            boolean isStaticResource = RequestUriUtils.isStaticResource(requestURI);
+            boolean isStaticResource =
+                    RequestUriUtils.isStaticResource(httpRequest.getContextPath(), requestURI);
 
             // If it's a static resource, just continue the filter chain and skip the logic below
             if (isStaticResource) {

src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationSuccessHandler.java

@@ -48,13 +48,14 @@ public class CustomOAuth2AuthenticationSuccessHandler
 
         // Get the saved request
         HttpSession session = request.getSession(false);
+        String contextPath = request.getContextPath();
         SavedRequest savedRequest =
                 (session != null)
                         ? (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST")
                         : null;
 
         if (savedRequest != null
-                && !RequestUriUtils.isStaticResource(savedRequest.getRedirectUrl())) {
+                && !RequestUriUtils.isStaticResource(contextPath, savedRequest.getRedirectUrl())) {
             // Redirect to the original destination
             super.onAuthenticationSuccess(request, response, authentication);
         } else {
@@ -75,16 +76,15 @@ public class CustomOAuth2AuthenticationSuccessHandler
                     && !userService.isAuthenticationTypeByUsername(
                             username, AuthenticationType.OAUTH2)
                     && oAuth.getAutoCreateUser()) {
-                response.sendRedirect(
+                response.sendRedirect(contextPath + "/logout?oauth2AuthenticationErrorWeb=true");
-                        request.getContextPath() + "/logout?oauth2AuthenticationErrorWeb=true");
                 return;
             } else {
                 try {
                     userService.processOAuth2PostLogin(username, oAuth.getAutoCreateUser());
-                    response.sendRedirect("/");
+                    response.sendRedirect(contextPath + "/");
                     return;
                 } catch (IllegalArgumentException e) {
-                    response.sendRedirect("/logout?invalidUsername=true");
+                    response.sendRedirect(contextPath + "/logout?invalidUsername=true");
                     return;
                 }
             }

src/main/java/stirling/software/SPDF/controller/api/UserController.java

@@ -59,7 +59,7 @@ public class UserController {
     @PostMapping("/change-username")
     public RedirectView changeUsername(
             Principal principal,
-            @RequestParam(name = "currentPassword") String currentPassword,
+            @RequestParam(name = "currentPasswordChangeUsername") String currentPassword,
             @RequestParam(name = "newUsername") String newUsername,
             HttpServletRequest request,
             HttpServletResponse response,

src/main/java/stirling/software/SPDF/utils/RequestUriUtils.java

@@ -12,6 +12,20 @@ public class RequestUriUtils {
                 || requestURI.startsWith("/pdfjs/")
                 || requestURI.startsWith("/pdfjs-legacy/")
                 || requestURI.endsWith(".svg")
+                || requestURI.endsWith(".webmanifest")
                 || requestURI.startsWith("/api/v1/info/status");
     }
+
+    public static boolean isStaticResource(String contextPath, String requestURI) {
+
+        return requestURI.startsWith(contextPath + "/css/")
+                || requestURI.startsWith(contextPath + "/fonts/")
+                || requestURI.startsWith(contextPath + "/js/")
+                || requestURI.startsWith(contextPath + "/images/")
+                || requestURI.startsWith(contextPath + "/public/")
+                || requestURI.startsWith(contextPath + "/pdfjs/")
+                || requestURI.endsWith(".svg")
+                || requestURI.endsWith(".webmanifest")
+                || requestURI.startsWith(contextPath + "/api/v1/info/status");
+    }
 }