Skip to content
Snippets Groups Projects
Commit 5a8ed6cd authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Added URL encoding of group names and configuration for allowing encoded backslash character

parent cdc85827
No related branches found
No related tags found
No related merge requests found
Pipeline #1225 passed
......@@ -16,6 +16,9 @@ import org.springframework.transaction.annotation.EnableTransactionManagement;
public class GmsApplication {
public static void main(String[] args) {
// Needed to use %5C (backslash URL encoded) in path variables (otherwise BadRequest error is sent)
System.setProperty("org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH", "true");
SpringApplication.run(GmsApplication.class, args);
}
......
......@@ -21,6 +21,8 @@ import it.inaf.ia2.gms.service.SearchService;
import it.inaf.ia2.rap.data.RapUser;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
......@@ -105,8 +107,10 @@ public class JWTWebServiceController {
* be defined adding ".+", otherwise Spring will think it is a file
* extension (thanks https://stackoverflow.com/a/16333149/771431)
*/
@GetMapping(value = {"/ws/jwt/search/{group:.+}", "/vo/search/{group:.+}"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void isMemberOf(@PathVariable("group") String group, HttpServletResponse response) throws IOException {
@GetMapping(value = {"/ws/jwt/search/**", "/vo/search/**"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void isMemberOf(HttpServletRequest request, HttpServletResponse response) throws IOException {
String group = getGroupFromRequest(request, "/ws/jwt/search/", "/vo/search/");
List<String> groupNames = groupNameService.extractGroupNames(group);
......@@ -338,8 +342,10 @@ public class JWTWebServiceController {
response.setStatus(HttpServletResponse.SC_CREATED);
}
@GetMapping(value = {"/ws/jwt/email/{group:.+}", "/email/{group:.+}"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void getEmailOfMembers(@PathVariable("group") String groupNames, @RequestParam("permission") Optional<Permission> permission, HttpServletResponse response) throws IOException {
@GetMapping(value = {"/ws/jwt/email/**", "/email/**"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void getEmailOfMembers(HttpServletRequest request, @RequestParam("permission") Optional<Permission> permission, HttpServletResponse response) throws IOException {
String groupNames = getGroupFromRequest(request, "/ws/jwt/email/", "/email/");
GroupEntity groupEntity = groupNameService.getGroupFromNames(Optional.of(groupNames));
......@@ -379,4 +385,14 @@ public class JWTWebServiceController {
responseBody.put("mergedId", mergedId);
return ResponseEntity.ok(responseBody);
}
private String getGroupFromRequest(HttpServletRequest request, String... basePaths) {
for (String basePath : basePaths) {
String completeBasePath = request.getContextPath() + basePath;
if (request.getRequestURI().startsWith(completeBasePath)) {
return URLDecoder.decode(request.getRequestURI().substring(completeBasePath.length()), StandardCharsets.UTF_8);
}
}
return "";
}
}
......@@ -3,6 +3,8 @@ package it.inaf.ia2.gms.service;
import it.inaf.ia2.gms.exception.BadRequestException;
import it.inaf.ia2.gms.persistence.GroupsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
......@@ -136,6 +138,8 @@ public class GroupNameService {
return new ArrayList<>();
}
groupStr = URLDecoder.decode(groupStr, StandardCharsets.UTF_8);
List<String> names = new ArrayList<>();
String currentName = "";
for (int i = 0; i < groupStr.length(); i++) {
......
......@@ -31,7 +31,7 @@ public class GroupNameServiceTest {
private GroupNameService groupNameService;
@Test
public void getNamesTest() {
public void testGetNames() {
GroupEntity group = new GroupEntity();
group.setName("Child\\.withDot");
......@@ -54,7 +54,7 @@ public class GroupNameServiceTest {
}
@Test
public void getRootTest() {
public void testGetRoot() {
Set<String> groupIds = new HashSet<>();
groupIds.add("ROOT");
......@@ -79,9 +79,9 @@ public class GroupNameServiceTest {
}
@Test
public void extractGroupNamesTest() {
public void testExtractGroupNames() {
List<String> names = groupNameService.extractGroupNames("group1.people.name\\.surname.another\\.composite");
List<String> names = groupNameService.extractGroupNames("group1.people.name\\.surname.another%5C.composite");
assertEquals(4, names.size());
assertEquals("group1", names.get(0));
......@@ -89,14 +89,14 @@ public class GroupNameServiceTest {
assertEquals("name.surname", names.get(2));
assertEquals("another.composite", names.get(3));
}
@Test
public void extractGroupNamesTestEmpty() {
public void testExtractGroupNamesEmpty() {
assertTrue(groupNameService.extractGroupNames("").isEmpty());
}
@Test
public void extractGroupNamesTestNull() {
public void testExtractGroupNamesNull() {
assertTrue(groupNameService.extractGroupNames(null).isEmpty());
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment