diff --git a/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/servlet/SMPApplicationXServletHandler.java b/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/servlet/SMPApplicationXServletHandler.java index 571df093..4c8c4523 100644 --- a/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/servlet/SMPApplicationXServletHandler.java +++ b/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/servlet/SMPApplicationXServletHandler.java @@ -19,10 +19,11 @@ import java.io.IOException; import com.helger.commons.http.CHttpHeader; -import com.helger.http.csp.CSP2Directive; -import com.helger.http.csp.CSP2Policy; -import com.helger.http.csp.CSP2SourceList; +import com.helger.http.csp.CSPDirective; +import com.helger.http.csp.CSPPolicy; +import com.helger.http.csp.CSPSourceList; import com.helger.phoss.smp.app.SMPWebAppConfiguration; +import com.helger.photon.app.csrf.CSRFSessionManager; import com.helger.photon.core.servlet.AbstractApplicationXServletHandler; import com.helger.servlet.response.UnifiedResponse; import com.helger.web.scope.IRequestWebScopeWithoutResponse; @@ -46,26 +47,33 @@ public void handleRequest (final IRequestWebScopeWithoutResponse aRequestScope, final boolean bReportingOnly = SMPWebAppConfiguration.isCSPReportingOnly (); final boolean bReporting = bReportingOnly || SMPWebAppConfiguration.isCSPReportingEnabled (); - final CSP2SourceList aScriptSrcList = new CSP2SourceList ().addKeywordSelf ().addKeywordUnsafeInline (); - final CSP2SourceList aStyleSrcList = new CSP2SourceList ().addKeywordSelf ().addKeywordUnsafeInline (); + final String sNonce = CSRFSessionManager.getInstance ().getNonce (); + final CSPSourceList aScriptSrcList = new CSPSourceList ().addKeywordSelf () + .addNonce (sNonce) + .addKeywordReportSample (); + final CSPSourceList aStyleSrcList = new CSPSourceList ().addKeywordSelf () + .addNonce (sNonce) + .addKeywordReportSample (); + final CSPSourceList aStyleSrcAttrList = new CSPSourceList ().addKeywordSelf ().addKeywordUnsafeInline (); // Allow data images for Bootstrap 4 - final CSP2SourceList aImgSrcList = new CSP2SourceList ().addKeywordSelf ().addHost ("data:"); - final CSP2SourceList aConnectSrcList = new CSP2SourceList ().addKeywordSelf (); - final CSP2SourceList aFontSrcList = new CSP2SourceList ().addKeywordSelf (); + final CSPSourceList aImgSrcList = new CSPSourceList ().addKeywordSelf ().addHost ("data:"); + final CSPSourceList aConnectSrcList = new CSPSourceList ().addKeywordSelf (); + final CSPSourceList aFontSrcList = new CSPSourceList ().addKeywordSelf (); - final CSP2Policy aPolicy = new CSP2Policy (); - aPolicy.addDirective (CSP2Directive.createDefaultSrc (new CSP2SourceList ().addKeywordNone ())) - .addDirective (CSP2Directive.createScriptSrc (aScriptSrcList)) - .addDirective (CSP2Directive.createStyleSrc (aStyleSrcList)) - .addDirective (CSP2Directive.createImgSrc (aImgSrcList)) - .addDirective (CSP2Directive.createConnectSrc (aConnectSrcList)) - .addDirective (CSP2Directive.createFontSrc (aFontSrcList)); + final CSPPolicy aPolicy = new CSPPolicy (); + aPolicy.addDirective (CSPDirective.createDefaultSrc (new CSPSourceList ().addKeywordNone ())) + .addDirective (CSPDirective.createScriptSrc (aScriptSrcList)) + .addDirective (CSPDirective.createStyleSrc (aStyleSrcList)) + .addDirective (CSPDirective.createStyleSrcAttr (aStyleSrcAttrList)) + .addDirective (CSPDirective.createImgSrc (aImgSrcList)) + .addDirective (CSPDirective.createConnectSrc (aConnectSrcList)) + .addDirective (CSPDirective.createFontSrc (aFontSrcList)); if (bReporting) { // Report only if enabled - avoid spaming - aPolicy.addDirective (CSP2Directive.createReportURI (aRequestScope.getContextPath () + - SMPCSPReportingServlet.SERVLET_DEFAULT_PATH)); + aPolicy.addDirective (CSPDirective.createReportURI (aRequestScope.getContextPath () + + SMPCSPReportingServlet.SERVLET_DEFAULT_PATH)); } // Default diff --git a/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/ui/SMPCommonUI.java b/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/ui/SMPCommonUI.java index d76a93c0..672cb0ef 100644 --- a/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/ui/SMPCommonUI.java +++ b/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/ui/SMPCommonUI.java @@ -54,7 +54,7 @@ import com.helger.html.jscode.JSAnonymousFunction; import com.helger.html.jscode.JSAssocArray; import com.helger.html.jscode.JSPackage; -import com.helger.html.jscode.JSVar; +import com.helger.html.jscode.JSParam; import com.helger.html.jscode.html.JSHtml; import com.helger.peppolid.peppol.doctype.IPeppolDocumentTypeIdentifierParts; import com.helger.phoss.smp.CSMPServer; @@ -207,7 +207,7 @@ public static BootstrapForm createViewLoginForm (@Nonnull final ILayoutExecution { final JSPackage aOnClick = new JSPackage (); final JSAnonymousFunction aJSSuccess = new JSAnonymousFunction (); - final JSVar aJSData = aJSSuccess.param ("data"); + final JSParam aJSData = aJSSuccess.param ("data"); aJSSuccess.body () ._if (aJSData.ref (AjaxExecutorPublicLogin.JSON_LOGGEDIN), JSHtml.windowLocationReload (), diff --git a/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/ui/secure/PageSecureBusinessCard.java b/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/ui/secure/PageSecureBusinessCard.java index cb67bb0d..6255cd5d 100644 --- a/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/ui/secure/PageSecureBusinessCard.java +++ b/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/ui/secure/PageSecureBusinessCard.java @@ -58,7 +58,7 @@ import com.helger.html.jscode.JSAnonymousFunction; import com.helger.html.jscode.JSAssocArray; import com.helger.html.jscode.JSPackage; -import com.helger.html.jscode.JSVar; +import com.helger.html.jscode.JSParam; import com.helger.pd.client.PDClient; import com.helger.peppolid.IParticipantIdentifier; import com.helger.peppolid.factory.IIdentifierFactory; @@ -214,10 +214,7 @@ protected void performAction (@Nonnull final WebPageExecutionContext aWPEC, final ISMPSettings aSettings = SMPMetaManager.getSettings (); aWPEC.postRedirectGetInternal (success ("The selected Business Card was successfully deleted!" + (aSettings.isDirectoryIntegrationEnabled () && - aSettings.isDirectoryIntegrationAutoUpdate () ? " " + - SMPWebAppConfiguration.getDirectoryName () + - " server should have been updated." - : ""))); + aSettings.isDirectoryIntegrationAutoUpdate () ? " " + SMPWebAppConfiguration.getDirectoryName () + " server should have been updated." : ""))); } else aWPEC.postRedirectGetInternal (error ("Failed to delete the selected Business Card!")); @@ -492,8 +489,8 @@ protected void validateAndSaveInputParameters (@Nonnull final WebPageExecutionCo final ISMPServiceGroupManager aServiceGroupManager = SMPMetaManager.getServiceGroupMgr (); final ISMPBusinessCardManager aBusinessCardMgr = SMPMetaManager.getBusinessCardMgr (); - final String sServiceGroupID = bEdit ? aSelectedObject.getID () : aWPEC.params () - .getAsString (FIELD_SERVICE_GROUP_ID); + final String sServiceGroupID = bEdit ? aSelectedObject.getID () + : aWPEC.params ().getAsString (FIELD_SERVICE_GROUP_ID); ISMPServiceGroup aServiceGroup = null; final ICommonsList aSMPEntities = new CommonsArrayList <> (); @@ -695,18 +692,15 @@ protected void validateAndSaveInputParameters (@Nonnull final WebPageExecutionCo .getFirstOrNull () .getName () .compareToIgnoreCase (o2.names ().getFirstOrNull ().getName ())); - if (aBusinessCardMgr.createOrUpdateSMPBusinessCard (aServiceGroup.getParticipantIdentifier (), aSMPEntities) != - null) + if (aBusinessCardMgr.createOrUpdateSMPBusinessCard (aServiceGroup.getParticipantIdentifier (), + aSMPEntities) != null) { final ISMPSettings aSettings = SMPMetaManager.getSettings (); aWPEC.postRedirectGetInternal (success ("The Business Card for Service Group '" + aServiceGroup.getID () + "' was successfully saved." + (aSettings.isDirectoryIntegrationEnabled () && - aSettings.isDirectoryIntegrationAutoUpdate () ? " " + - SMPWebAppConfiguration.getDirectoryName () + - " server should have been updated." - : ""))); + aSettings.isDirectoryIntegrationAutoUpdate () ? " " + SMPWebAppConfiguration.getDirectoryName () + " server should have been updated." : ""))); } else aWPEC.postRedirectGetInternal (error ("Error creating the Business Card for Service Group '" + @@ -723,8 +717,9 @@ private static HCRow _createIdentifierInputForm (@Nonnull final ILayoutExecution @Nonnull final FormErrorList aFormErrors) { final Locale aDisplayLocale = aLEC.getDisplayLocale (); - final String sIdentifierID = StringHelper.hasText (sExistingID) ? sExistingID : TMP_ID_PREFIX + - Integer.toString (GlobalIDFactory.getNewIntID ()); + final String sIdentifierID = StringHelper.hasText (sExistingID) ? sExistingID + : TMP_ID_PREFIX + + Integer.toString (GlobalIDFactory.getNewIntID ()); final HCRow aRow = new HCRow (); @@ -736,8 +731,8 @@ private static HCRow _createIdentifierInputForm (@Nonnull final ILayoutExecution sIdentifierID, SUFFIX_SCHEME); final HCEdit aCtrl = new HCEdit (new RequestField (sFieldScheme, - aExistingIdentifier == null ? null : aExistingIdentifier - .getScheme ())).setPlaceholder ("Identifier scheme"); + aExistingIdentifier == null ? null + : aExistingIdentifier.getScheme ())).setPlaceholder ("Identifier scheme"); aCtrl.addClass (CBootstrapCSS.FORM_CONTROL); aRow.addCell (aCtrl, BootstrapFormHelper.createDefaultErrorNode (aFormErrors.getListOfField (sFieldScheme), @@ -752,8 +747,8 @@ private static HCRow _createIdentifierInputForm (@Nonnull final ILayoutExecution sIdentifierID, SUFFIX_VALUE); final HCEdit aCtrl = new HCEdit (new RequestField (sFieldValue, - aExistingIdentifier == null ? null : aExistingIdentifier - .getValue ())).setPlaceholder ("Identifier value"); + aExistingIdentifier == null ? null + : aExistingIdentifier.getValue ())).setPlaceholder ("Identifier value"); aCtrl.addClass (CBootstrapCSS.FORM_CONTROL); aRow.addCell (aCtrl, BootstrapFormHelper.createDefaultErrorNode (aFormErrors.getListOfField (sFieldValue), @@ -774,8 +769,9 @@ private static HCRow _createContactInputForm (@Nonnull final ILayoutExecutionCon @Nonnull final FormErrorList aFormErrors) { final Locale aDisplayLocale = aLEC.getDisplayLocale (); - final String sContactID = StringHelper.hasText (sExistingID) ? sExistingID : TMP_ID_PREFIX + - Integer.toString (GlobalIDFactory.getNewIntID ()); + final String sContactID = StringHelper.hasText (sExistingID) ? sExistingID + : TMP_ID_PREFIX + + Integer.toString (GlobalIDFactory.getNewIntID ()); final HCRow aRow = new HCRow (); @@ -819,8 +815,8 @@ private static HCRow _createContactInputForm (@Nonnull final ILayoutExecutionCon sContactID, SUFFIX_PHONE); final HCEdit aCtrl = new HCEdit (new RequestField (sFieldPhone, - aExistingContact == null ? null : aExistingContact - .getPhoneNumber ())).setPlaceholder ("Contact phone number"); + aExistingContact == null ? null + : aExistingContact.getPhoneNumber ())).setPlaceholder ("Contact phone number"); aCtrl.addClass (CBootstrapCSS.FORM_CONTROL); aRow.addCell (aCtrl, BootstrapFormHelper.createDefaultErrorNode (aFormErrors.getListOfField (sFieldPhone), @@ -835,8 +831,8 @@ private static HCRow _createContactInputForm (@Nonnull final ILayoutExecutionCon sContactID, SUFFIX_EMAIL); final HCEdit aCtrl = new HCEdit (new RequestField (sFieldEmail, - aExistingContact == null ? null : aExistingContact - .getEmail ())).setPlaceholder ("Contact email address"); + aExistingContact == null ? null + : aExistingContact.getEmail ())).setPlaceholder ("Contact email address"); aCtrl.addClass (CBootstrapCSS.FORM_CONTROL); aRow.addCell (aCtrl, BootstrapFormHelper.createDefaultErrorNode (aFormErrors.getListOfField (sFieldEmail), @@ -858,8 +854,9 @@ private static IHCNode _createEntityInputForm (@Nonnull final LayoutExecutionCon { final Locale aDisplayLocale = aLEC.getDisplayLocale (); final IRequestWebScopeWithoutResponse aRequestScope = aLEC.getRequestScope (); - final String sEntityID = StringHelper.hasText (sExistingID) ? sExistingID : TMP_ID_PREFIX + - Integer.toString (GlobalIDFactory.getNewIntID ()); + final String sEntityID = StringHelper.hasText (sExistingID) ? sExistingID + : TMP_ID_PREFIX + + Integer.toString (GlobalIDFactory.getNewIntID ()); final BootstrapCard aPanel = new BootstrapCard ().setID (sEntityID); aPanel.createAndAddHeader ().addChild ("Business Entity"); @@ -879,23 +876,21 @@ private static IHCNode _createEntityInputForm (@Nonnull final LayoutExecutionCon final String sFieldCountryCode = RequestParamMap.getFieldName (PREFIX_ENTITY, sEntityID, SUFFIX_COUNTRY_CODE); aForm.addFormGroup (new BootstrapFormGroup ().setLabelMandatory ("Country") .setCtrl (new HCCountrySelect (new RequestField (sFieldCountryCode, - aExistingEntity == - null ? null + aExistingEntity == null ? null : aExistingEntity.getCountryCode ()), aDisplayLocale, HCCountrySelect.getAllCountries (EWithDeprecated.DEFAULT), - (aLocale, aContentLocale) -> aLocale - .getDisplayCountry (aContentLocale) + - " (" + - aLocale.getCountry () + - ")")) + (aLocale, + aContentLocale) -> aLocale.getDisplayCountry (aContentLocale) + + " (" + + aLocale.getCountry () + + ")")) .setErrorList (aFormErrors.getListOfField (sFieldCountryCode))); final String sFieldGeoInfo = RequestParamMap.getFieldName (PREFIX_ENTITY, sEntityID, SUFFIX_GEO_INFO); aForm.addFormGroup (new BootstrapFormGroup ().setLabel ("Geographical Information") .setCtrl (new HCTextArea (new RequestField (sFieldGeoInfo, - aExistingEntity == null - ? null + aExistingEntity == null ? null : aExistingEntity.getGeographicalInformation ()))) .setErrorList (aFormErrors.getListOfField (sFieldGeoInfo))); @@ -930,7 +925,7 @@ private static IHCNode _createEntityInputForm (@Nonnull final LayoutExecutionCon { final JSAnonymousFunction aJSAppend = new JSAnonymousFunction (); - final JSVar aJSAppendData = aJSAppend.param ("data"); + final JSParam aJSAppendData = aJSAppend.param ("data"); aJSAppend.body () .add (JQuery.idRef (sBodyID) .append (aJSAppendData.ref (PhotonUnifiedResponse.HtmlHelper.PROPERTY_HTML))); @@ -954,8 +949,7 @@ private static IHCNode _createEntityInputForm (@Nonnull final LayoutExecutionCon final String sFieldWebsiteURIs = RequestParamMap.getFieldName (PREFIX_ENTITY, sEntityID, SUFFIX_WEBSITE_URIS); aForm.addFormGroup (new BootstrapFormGroup ().setLabel ("Website URIs") .setCtrl (new HCTextArea (new RequestField (sFieldWebsiteURIs, - aExistingEntity == null - ? null + aExistingEntity == null ? null : StringHelper.getImploded ('\n', aExistingEntity.websiteURIs ())))) .setHelpText ("Put each Website URI in a separate line") @@ -993,7 +987,7 @@ private static IHCNode _createEntityInputForm (@Nonnull final LayoutExecutionCon { final JSAnonymousFunction aJSAppend = new JSAnonymousFunction (); - final JSVar aJSAppendData = aJSAppend.param ("data"); + final JSParam aJSAppendData = aJSAppend.param ("data"); aJSAppend.body () .add (JQuery.idRef (sBodyID) .append (aJSAppendData.ref (PhotonUnifiedResponse.HtmlHelper.PROPERTY_HTML))); @@ -1014,16 +1008,14 @@ private static IHCNode _createEntityInputForm (@Nonnull final LayoutExecutionCon final String sFieldAdditionalInfo = RequestParamMap.getFieldName (PREFIX_ENTITY, sEntityID, SUFFIX_ADDITIONAL_INFO); aForm.addFormGroup (new BootstrapFormGroup ().setLabel ("Additional Information") .setCtrl (new HCTextArea (new RequestField (sFieldAdditionalInfo, - aExistingEntity == null - ? null + aExistingEntity == null ? null : aExistingEntity.getAdditionalInformation ()))) .setErrorList (aFormErrors.getListOfField (sFieldAdditionalInfo))); final String sFieldRegDate = RequestParamMap.getFieldName (PREFIX_ENTITY, sEntityID, SUFFIX_REG_DATE); aForm.addFormGroup (new BootstrapFormGroup ().setLabel ("Registration Date") .setCtrl (BootstrapDateTimePicker.create (sFieldRegDate, - aExistingEntity == null - ? null + aExistingEntity == null ? null : aExistingEntity.getRegistrationDate (), aDisplayLocale)) .setErrorList (aFormErrors.getListOfField (sFieldRegDate))); @@ -1060,12 +1052,10 @@ protected void showInputForm (@Nonnull final WebPageExecutionContext aWPEC, // Show only service groups that don't have a BC already aForm.addFormGroup (new BootstrapFormGroup ().setLabelMandatory ("Service Group") .setCtrl (new HCServiceGroupSelect (new RequestField (FIELD_SERVICE_GROUP_ID, - aSelectedObject != - null ? aSelectedObject.getID () - : null), + aSelectedObject != null ? aSelectedObject.getID () + : null), aDisplayLocale, - x -> aBusinessCardMgr.getSMPBusinessCardOfID (x.getParticipantIdentifier ()) == - null)) + x -> aBusinessCardMgr.getSMPBusinessCardOfID (x.getParticipantIdentifier ()) == null)) .setErrorList (aFormErrors.getListOfField (FIELD_SERVICE_GROUP_ID))); } @@ -1095,7 +1085,7 @@ protected void showInputForm (@Nonnull final WebPageExecutionContext aWPEC, { final JSAnonymousFunction aJSAppend = new JSAnonymousFunction (); - final JSVar aJSAppendData = aJSAppend.param ("data"); + final JSParam aJSAppendData = aJSAppend.param ("data"); aJSAppend.body () .add (JQuery.idRef (aEntityContainer) .append (aJSAppendData.ref (PhotonUnifiedResponse.HtmlHelper.PROPERTY_HTML))); @@ -1148,8 +1138,8 @@ private IHCNode _createActionCell (@Nonnull final WebPageExecutionContext aWPEC, ret.addChildren (new HCTextNode (" "), new HCA (aWPEC.getSelfHref () .add (CPageParam.PARAM_ACTION, ACTION_PUBLISH_TO_INDEXER) - .add (CPageParam.PARAM_OBJECT, aCurObject.getID ())).setTitle ( - "Update Business Card in " + + .add (CPageParam.PARAM_OBJECT, aCurObject.getID ())) + .setTitle ("Update Business Card in " + SMPWebAppConfiguration.getDirectoryName ()) .addChild (EFamFamIcon.ARROW_RIGHT.getAsNode ())); } @@ -1206,8 +1196,8 @@ protected void showListOfExistingObjects (@Nonnull final WebPageExecutionContext final Locale aCountry = CountryCache.getInstance ().getCountry (aEntity.getCountryCode ()); final IHCCell aCountryCell = aRow.addCell (); - final EFamFamFlagIcon eIcon = aCountry == null ? null : EFamFamFlagIcon.getFromIDOrNull (aCountry - .getCountry ()); + final EFamFamFlagIcon eIcon = aCountry == null ? null + : EFamFamFlagIcon.getFromIDOrNull (aCountry.getCountry ()); if (eIcon != null) aCountryCell.addChild (eIcon.getAsNode ()).addChild (" "); aCountryCell.addChild (aCountry.getDisplayCountry (aDisplayLocale)); diff --git a/pom.xml b/pom.xml index ec79f50f..e37b0089 100644 --- a/pom.xml +++ b/pom.xml @@ -122,14 +122,14 @@ com.helger.web ph-web-parent-pom - 10.3.0 + 10.4.0-SNAPSHOT pom import com.helger.photon ph-oton-parent-pom - 9.2.9 + 9.3.0-SNAPSHOT pom import @@ -259,7 +259,7 @@ com.helger.maven ph-csscompress-maven-plugin - 7.0.3 + 7.0.4