Skip to content

Commit

Permalink
Bugfix: missing contextPath (#1434)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Ludy87
Ludy87 authored Jun 12, 2024
1 parent 5a50c54 commit 1e72960
Show file tree
Hide file tree
Showing 6 changed files with 29 additions and 11 deletions.
3 changes: 2 additions & 1 deletion src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationSuccessHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,8 @@ public void onAuthenticationSuccess(
: null;

if (savedRequest != null
&& !RequestUriUtils.isStaticResource(savedRequest.getRedirectUrl())) {
&& !RequestUriUtils.isStaticResource(
request.getContextPath(), savedRequest.getRedirectUrl())) {
// Redirect to the original destination
super.onAuthenticationSuccess(request, response, authentication);
} else {
Expand Down
8 changes: 5 additions & 3 deletions src/main/java/stirling/software/SPDF/config/security/FirstLoginFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,10 @@ protected void doFilterInternal(
throws ServletException, IOException {
String method = request.getMethod();
String requestURI = request.getRequestURI();
String contextPath = request.getContextPath();

// Check if the request is for static resources
boolean isStaticResource = RequestUriUtils.isStaticResource(requestURI);
boolean isStaticResource = RequestUriUtils.isStaticResource(contextPath, requestURI);

// If it's a static resource, just continue the filter chain and skip the logic below
if (isStaticResource) {
Expand All @@ -43,8 +45,8 @@ protected void doFilterInternal(
if ("GET".equalsIgnoreCase(method)
&& user.isPresent()
&& user.get().isFirstLogin()
&& !"/change-creds".equals(requestURI)) {
response.sendRedirect(request.getContextPath() + "/change-creds");
&& !(contextPath + "/change-creds").equals(requestURI)) {
response.sendRedirect(contextPath + "/change-creds");
return;
}
}
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/stirling/software/SPDF/config/security/IPRateLimitingFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
String method = httpRequest.getMethod();
String requestURI = httpRequest.getRequestURI();
// Check if the request is for static resources
boolean isStaticResource = RequestUriUtils.isStaticResource(requestURI);
boolean isStaticResource =
RequestUriUtils.isStaticResource(httpRequest.getContextPath(), requestURI);

// If it's a static resource, just continue the filter chain and skip the logic below
if (isStaticResource) {
Expand Down
10 changes: 5 additions & 5 deletions ...irling/software/SPDF/config/security/oauth2/CustomOAuth2AuthenticationSuccessHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,13 +48,14 @@ public void onAuthenticationSuccess(

// Get the saved request
HttpSession session = request.getSession(false);
String contextPath = request.getContextPath();
SavedRequest savedRequest =
(session != null)
? (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST")
: null;

if (savedRequest != null
&& !RequestUriUtils.isStaticResource(savedRequest.getRedirectUrl())) {
&& !RequestUriUtils.isStaticResource(contextPath, savedRequest.getRedirectUrl())) {
// Redirect to the original destination
super.onAuthenticationSuccess(request, response, authentication);
} else {
Expand All @@ -75,16 +76,15 @@ public void onAuthenticationSuccess(
&& !userService.isAuthenticationTypeByUsername(
username, AuthenticationType.OAUTH2)
&& oAuth.getAutoCreateUser()) {
response.sendRedirect(
request.getContextPath() + "/logout?oauth2AuthenticationErrorWeb=true");
response.sendRedirect(contextPath + "/logout?oauth2AuthenticationErrorWeb=true");
return;
} else {
try {
userService.processOAuth2PostLogin(username, oAuth.getAutoCreateUser());
response.sendRedirect("/");
response.sendRedirect(contextPath + "/");
return;
} catch (IllegalArgumentException e) {
response.sendRedirect("/logout?invalidUsername=true");
response.sendRedirect(contextPath + "/logout?invalidUsername=true");
return;
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/stirling/software/SPDF/controller/api/UserController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ public String register(@ModelAttribute UsernameAndPass requestModel, Model model
@PostMapping("/change-username")
public RedirectView changeUsername(
Principal principal,
@RequestParam(name = "currentPassword") String currentPassword,
@RequestParam(name = "currentPasswordChangeUsername") String currentPassword,
@RequestParam(name = "newUsername") String newUsername,
HttpServletRequest request,
HttpServletResponse response,
Expand Down
14 changes: 14 additions & 0 deletions src/main/java/stirling/software/SPDF/utils/RequestUriUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,20 @@ public static boolean isStaticResource(String requestURI) {
|| requestURI.startsWith("/pdfjs/")
|| requestURI.startsWith("/pdfjs-legacy/")
|| requestURI.endsWith(".svg")
|| requestURI.endsWith(".webmanifest")
|| requestURI.startsWith("/api/v1/info/status");
}

public static boolean isStaticResource(String contextPath, String requestURI) {

return requestURI.startsWith(contextPath + "/css/")
|| requestURI.startsWith(contextPath + "/fonts/")
|| requestURI.startsWith(contextPath + "/js/")
|| requestURI.startsWith(contextPath + "/images/")
|| requestURI.startsWith(contextPath + "/public/")
|| requestURI.startsWith(contextPath + "/pdfjs/")
|| requestURI.endsWith(".svg")
|| requestURI.endsWith(".webmanifest")
|| requestURI.startsWith(contextPath + "/api/v1/info/status");
}
}

0 comments on commit 1e72960

Please sign in to comment.