seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

commit

pull/568/head
Igor 2023-09-25 16:08:37 +03:00
parent 53c92508f1
commit 858b748068
1 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java
View File

@ -87,18 +87,7 @@ public class EmbeddedOAuthAPI implements OAuthAPI, OAuthTokenFetcher {
if (!isNullOrEmpty(redirectAfterLogin)
&& errorValues != null
&& errorValues.contains("access_denied")) {
try {
URL url = new URL(redirectAfterLogin);
String query = url.getQuery();
return Response.temporaryRedirect(
URI.create(
redirectAfterLogin.substring(0, redirectAfterLogin.indexOf(query))
+ URLEncoder.encode(query + "&error_code=access_denied", UTF_8)))
.build();
} catch (MalformedURLException e) {
LOG.error(e.getMessage(), e);
throw new RuntimeException(e);
}
return Response.temporaryRedirect(URI.create(encodeRedirectUrl())).build();
}
final String providerName = getParameter(params, "oauth_provider");
OAuthAuthenticator oauth = getAuthenticator(providerName);
@ -116,6 +105,23 @@ public class EmbeddedOAuthAPI implements OAuthAPI, OAuthTokenFetcher {
return Response.temporaryRedirect(URI.create(redirectAfterLogin)).build();
}
/**
* Encode the redirect URL query parameters to avoid the error when the redirect URL contains
* JSON, as a query parameter. This prevents passing unsupported characters, like '{' and '}' to
* the {@link URI#create(String)} method.
*/
private String encodeRedirectUrl() {
try {
URL url = new URL(redirectAfterLogin);
String query = url.getQuery();
return redirectAfterLogin.substring(0, redirectAfterLogin.indexOf(query))
+ URLEncoder.encode(query + "&error_code=access_denied", UTF_8);
} catch (MalformedURLException e) {
LOG.error(e.getMessage(), e);
throw new RuntimeException(e);
}
}
@Override
public Set<OAuthAuthenticatorDescriptor> getRegisteredAuthenticators(UriInfo uriInfo) {
Set<OAuthAuthenticatorDescriptor> result = new HashSet<>();