diff --git a/src/main/java/stirling/software/SPDF/LibreOfficeListener.java b/src/main/java/stirling/software/SPDF/LibreOfficeListener.java index 96c4d270..4a9c184d 100644 --- a/src/main/java/stirling/software/SPDF/LibreOfficeListener.java +++ b/src/main/java/stirling/software/SPDF/LibreOfficeListener.java @@ -10,7 +10,7 @@ import io.github.pixee.security.SystemCommand; public class LibreOfficeListener { - private static final long ACTIVITY_TIMEOUT = 20 * 60 * 1000; // 20 minutes + private static final long ACTIVITY_TIMEOUT = 20L * 60 * 1000; // 20 minutes private static final LibreOfficeListener INSTANCE = new LibreOfficeListener(); private static final int LISTENER_PORT = 2002; @@ -29,11 +29,11 @@ public class LibreOfficeListener { private boolean isListenerRunning() { try { System.out.println("waiting for listener to start"); - Socket socket = new Socket(); - socket.connect( + try (Socket socket = new Socket()) { + socket.connect( new InetSocketAddress("localhost", 2002), 1000); // Timeout after 1 second - socket.close(); - return true; + return true; + } } catch (IOException e) { return false; } @@ -63,6 +63,7 @@ public class LibreOfficeListener { try { Thread.sleep(5000); // Check for inactivity every 5 seconds } catch (InterruptedException e) { + Thread.currentThread().interrupt(); break; } } @@ -80,7 +81,7 @@ public class LibreOfficeListener { try { Thread.sleep(1000); } catch (InterruptedException e) { - // TODO Auto-generated catch block + Thread.currentThread().interrupt(); e.printStackTrace(); } // Check every 1 second } diff --git a/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java b/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java index 85447376..eb1a9c2f 100644 --- a/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java +++ b/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java @@ -47,12 +47,14 @@ public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationF response.sendRedirect("/login?error=oauth2AuthenticationError"); return; } - + String username = request.getParameter("username"); - if (username != null && !isDemoUser(username)) { + Optional optUser = userService.findByUsernameIgnoreCase(username); + + if (username != null && optUser.isPresent() && !isDemoUser(optUser) ) { logger.info( "Remaining attempts for user {}: {}", - username, + optUser.get().getUsername(), loginAttemptService.getRemainingAttempts(username)); loginAttemptService.loginFailed(username); if (loginAttemptService.isBlocked(username) @@ -70,8 +72,7 @@ public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationF super.onAuthenticationFailure(request, response, exception); } - private boolean isDemoUser(String username) { - Optional user = userService.findByUsernameIgnoreCase(username); + private boolean isDemoUser(Optional user) { return user.isPresent() && user.get().getAuthorities().stream() .anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority())); diff --git a/src/main/java/stirling/software/SPDF/config/security/LoginAttemptService.java b/src/main/java/stirling/software/SPDF/config/security/LoginAttemptService.java index f398f13c..da3e216e 100644 --- a/src/main/java/stirling/software/SPDF/config/security/LoginAttemptService.java +++ b/src/main/java/stirling/software/SPDF/config/security/LoginAttemptService.java @@ -33,7 +33,6 @@ public class LoginAttemptService { } public void loginSucceeded(String key) { - logger.info(key + " " + attemptsCache.mappingCount()); if (key == null || key.trim().isEmpty()) { return; } diff --git a/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2LogoutSuccessHandler.java b/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2LogoutSuccessHandler.java index f8b76ab9..05f3b848 100644 --- a/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2LogoutSuccessHandler.java +++ b/src/main/java/stirling/software/SPDF/config/security/oauth2/CustomOAuth2LogoutSuccessHandler.java @@ -60,13 +60,13 @@ public class CustomOAuth2LogoutSuccessHandler extends SimpleUrlLogoutSuccessHand issuer = oauth.getIssuer(); clientId = oauth.getClientId(); } - + String errorMessage = ""; if (request.getParameter("oauth2AuthenticationErrorWeb") != null) { param = "erroroauth=oauth2AuthenticationErrorWeb"; - } else if (request.getParameter("error") != null) { - param = "error=" + request.getParameter("error"); - } else if (request.getParameter("erroroauth") != null) { - param = "erroroauth=" + request.getParameter("erroroauth"); + } else if ((errorMessage = request.getParameter("error")) != null) { + param = "error=" + sanitizeInput(errorMessage); + } else if ((errorMessage = request.getParameter("erroroauth")) != null) { + param = "erroroauth=" + sanitizeInput(errorMessage); } else if (request.getParameter("oauth2AutoCreateDisabled") != null) { param = "error=oauth2AutoCreateDisabled"; } @@ -115,4 +115,10 @@ public class CustomOAuth2LogoutSuccessHandler extends SimpleUrlLogoutSuccessHand break; } } + + + private String sanitizeInput(String input) { + return input.replaceAll("[^a-zA-Z0-9 ]", ""); + } + }