From db563c765d2286c0fa886099aea90cdc8a9b1a1a Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sun, 8 Sep 2024 23:06:46 +0200 Subject: [PATCH] Minor fixes stopping invalid sessions (#1850) * Update UserAuthenticationFilter.java * Update RequestUriUtils.java * Update RequestUriUtils.java * Update RequestUriUtilsTest.java --- .../config/security/UserAuthenticationFilter.java | 2 +- .../software/SPDF/utils/RequestUriUtils.java | 14 ++++---------- .../software/SPDF/utils/RequestUriUtilsTest.java | 2 +- 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java b/src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java index c3fe63b4..b71fab77 100644 --- a/src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java +++ b/src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java @@ -159,7 +159,7 @@ public class UserAuthenticationFilter extends OncePerRequestFilter { }; for (String pattern : permitAllPatterns) { - if (uri.startsWith(pattern) || uri.endsWith(".svg")) { + if (uri.startsWith(pattern) || uri.endsWith(".svg") || uri.endsWith(".png") || uri.endsWith(".ico")) { return true; } } diff --git a/src/main/java/stirling/software/SPDF/utils/RequestUriUtils.java b/src/main/java/stirling/software/SPDF/utils/RequestUriUtils.java index 865f72a1..a9c404e1 100644 --- a/src/main/java/stirling/software/SPDF/utils/RequestUriUtils.java +++ b/src/main/java/stirling/software/SPDF/utils/RequestUriUtils.java @@ -4,16 +4,7 @@ public class RequestUriUtils { public static boolean isStaticResource(String requestURI) { - return requestURI.startsWith("/css/") - || requestURI.startsWith("/fonts/") - || requestURI.startsWith("/js/") - || requestURI.startsWith("/images/") - || requestURI.startsWith("/public/") - || requestURI.startsWith("/pdfjs/") - || requestURI.startsWith("/pdfjs-legacy/") - || requestURI.endsWith(".svg") - || requestURI.endsWith(".webmanifest") - || requestURI.startsWith("/api/v1/info/status"); + return isStaticResource("", requestURI); } public static boolean isStaticResource(String contextPath, String requestURI) { @@ -24,7 +15,10 @@ public class RequestUriUtils { || requestURI.startsWith(contextPath + "/images/") || requestURI.startsWith(contextPath + "/public/") || requestURI.startsWith(contextPath + "/pdfjs/") + || requestURI.startsWith(contextPath + "/login") || requestURI.endsWith(".svg") + || requestURI.endsWith(".png") + || requestURI.endsWith(".ico") || requestURI.endsWith(".webmanifest") || requestURI.startsWith(contextPath + "/api/v1/info/status"); } diff --git a/src/test/java/stirling/software/SPDF/utils/RequestUriUtilsTest.java b/src/test/java/stirling/software/SPDF/utils/RequestUriUtilsTest.java index 5fdf5856..f1819603 100644 --- a/src/test/java/stirling/software/SPDF/utils/RequestUriUtilsTest.java +++ b/src/test/java/stirling/software/SPDF/utils/RequestUriUtilsTest.java @@ -19,7 +19,7 @@ public class RequestUriUtilsTest { assertFalse(RequestUriUtils.isStaticResource("/api/v1/users")); assertFalse(RequestUriUtils.isStaticResource("/api/v1/orders")); assertFalse(RequestUriUtils.isStaticResource("/")); - assertFalse(RequestUriUtils.isStaticResource("/login")); + assertTrue(RequestUriUtils.isStaticResource("/login")); assertFalse(RequestUriUtils.isStaticResource("/register")); assertFalse(RequestUriUtils.isStaticResource("/api/v1/products")); }