From 16fbc73d334a09a766df96dfc3565adc0cb86208 Mon Sep 17 00:00:00 2001 From: priitr Date: Mon, 27 May 2019 08:26:49 +0300 Subject: [PATCH 1/4] AUT-319 - remove possible url-rewriting problem (#119) --- src/main/webapp/WEB-INF/classes/templates/fragments/head.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/webapp/WEB-INF/classes/templates/fragments/head.html b/src/main/webapp/WEB-INF/classes/templates/fragments/head.html index 9416f9d..b018185 100644 --- a/src/main/webapp/WEB-INF/classes/templates/fragments/head.html +++ b/src/main/webapp/WEB-INF/classes/templates/fragments/head.html @@ -1,7 +1,7 @@ - + From 376124cef9ddd9fe20771f561999f1c749e0e3f4 Mon Sep 17 00:00:00 2001 From: priitr Date: Mon, 27 May 2019 08:31:32 +0300 Subject: [PATCH 2/4] AUT-322 - fix state parameter not url encoded in response when invalid oidc authorize request provided (#120) --- .../OidcAuthorizeRequestValidationServletFilter.java | 9 +++++---- .../OidcAuthorizeRequestValidationServletFilterTest.java | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/main/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilter.java b/src/main/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilter.java index 43528d8..e3464c5 100644 --- a/src/main/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilter.java +++ b/src/main/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilter.java @@ -14,13 +14,14 @@ import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URLEncoder; -import java.nio.charset.StandardCharsets; import java.util.Arrays; import java.util.Collections; import java.util.List; import java.util.Objects; import java.util.stream.Collectors; +import static java.nio.charset.StandardCharsets.UTF_8; + @Slf4j @AllArgsConstructor public class OidcAuthorizeRequestValidationServletFilter implements Filter { @@ -62,11 +63,11 @@ private String getRedirectUrlToRelyingParty(HttpServletRequest request, OidcAuth StringBuilder sb = new StringBuilder(); sb.append(redirectUri); sb.append(redirectUri.contains("?") ? "&" : "?"); - sb.append(String.format("error=%s", URLEncoder.encode(e.getErrorCode(), StandardCharsets.UTF_8.name()))); - sb.append(String.format("&error_description=%s", URLEncoder.encode(e.getErrorDescription(), StandardCharsets.UTF_8.name()))); + sb.append(String.format("error=%s", URLEncoder.encode(e.getErrorCode(), UTF_8.name()))); + sb.append(String.format("&error_description=%s", URLEncoder.encode(e.getErrorDescription(), UTF_8.name()))); String state = request.getParameter(OidcAuthorizeRequestParameter.STATE.getParameterKey()); if (StringUtils.isNotBlank(state)) { - sb.append(String.format("&state=%s", state)); + sb.append(String.format("&state=%s", URLEncoder.encode(state, UTF_8.name()))); } return sb.toString(); diff --git a/src/test/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilterTest.java b/src/test/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilterTest.java index ebd99f5..84c96bd 100644 --- a/src/test/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilterTest.java +++ b/src/test/java/ee/ria/sso/oidc/OidcAuthorizeRequestValidationServletFilterTest.java @@ -225,7 +225,7 @@ private void assertExceptionThrownWhenParameterValidationFails(OidcAuthorizeRequ private void assertRedirectWhenParameterValidationFails(String redirectUri, String expectedDelimiter, OidcAuthorizeRequestParameter... parameters) throws IOException, ServletException { MockHttpServletRequest servletRequest = new MockHttpServletRequest(); servletRequest.addParameter("redirect_uri", redirectUri); - servletRequest.addParameter("state", "123456789abcdefghjiklmn"); + servletRequest.addParameter("state", "123456789abcdefghjiklmn&additional=1"); for (OidcAuthorizeRequestParameter parameter : parameters) { Mockito.doThrow(new OidcAuthorizeRequestValidator.InvalidRequestException(parameter, "test", "test description")).when(oidcRequestValidator).validateAuthenticationRequestParameters(Mockito.any()); @@ -234,7 +234,7 @@ private void assertRedirectWhenParameterValidationFails(String redirectUri, Stri servletFilter.doFilter(servletRequest, servletResponse, Mockito.mock(FilterChain.class)); Assert.assertEquals(302, servletResponse.getStatus()); - Assert.assertEquals(redirectUri + expectedDelimiter + "error=test&error_description=test+description&state=123456789abcdefghjiklmn", servletResponse.getRedirectedUrl()); + Assert.assertEquals(redirectUri + expectedDelimiter + "error=test&error_description=test+description&state=123456789abcdefghjiklmn%26additional%3D1", servletResponse.getRedirectedUrl()); } } From dc862af54e280ff28acb8e87796947d9d8ee071d Mon Sep 17 00:00:00 2001 From: priit_reiser Date: Thu, 30 May 2019 10:46:41 +0300 Subject: [PATCH 3/4] AUT-338 - update dependencies --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index dd7111e..f35201c 100644 --- a/pom.xml +++ b/pom.xml @@ -138,7 +138,7 @@ com.fasterxml.jackson.core jackson-databind - 2.9.8 + 2.9.9 From d7e170674d1b510e9e033e55d9123cd6b04ea65d Mon Sep 17 00:00:00 2001 From: priit_reiser Date: Thu, 30 May 2019 10:50:03 +0300 Subject: [PATCH 4/4] bump up the version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f35201c..98bf9ec 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ ee.ria.tara tara-server war - 1.4.7 + 1.4.8 5.3.9