seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixup! Encode redirect URL if needed on oauth1 callback request

pull/663/head
ivinokur 2024-03-08 13:54:06 +02:00
parent 6b18287731
commit f2925ed22c
2 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java
View File

@ -124,15 +124,25 @@ public class EmbeddedOAuthAPI implements OAuthAPI {
// Skip exception, the token will be stored in the next request.
LOG.error(e.getMessage(), e);
}
final String redirectAfterLogin = getParameter(params, "redirect_after_login");
URI uri;
return Response.temporaryRedirect(URI.create(getRedirectAfterLoginUrl(params))).build();
}
/**
* Returns the redirect after login URL from the query parameters. If the URL is encoded by the
* CSM provider, it will be decoded, to avoid unsupported characters in the URL.
*
* @param parameters the query parameters
* @return the redirect after login URL
*/
public static String getRedirectAfterLoginUrl(Map<String, List<String>> parameters) {
String redirectAfterLogin = getParameter(parameters, "redirect_after_login");
try {
uri = URI.create(redirectAfterLogin);
URI.create(redirectAfterLogin);
} catch (IllegalArgumentException e) {
// the redirectUrl was decoded by the CSM provider, so we need to encode it back.
uri = URI.create(encodeRedirectUrl(redirectAfterLogin));
redirectAfterLogin = encodeRedirectUrl(redirectAfterLogin);
}
return Response.temporaryRedirect(uri).build();
return redirectAfterLogin;
}
/*
@ -152,7 +162,7 @@ public class EmbeddedOAuthAPI implements OAuthAPI {
* JSON, as a query parameter. This prevents passing unsupported characters, like '{' and '}' to
* the {@link URI#create(String)} method.
*/
public static String encodeRedirectUrl(String url) {
private static String encodeRedirectUrl(String url) {
try {
String query = new URL(url).getQuery();
return url.substring(0, url.indexOf(query)) + URLEncoder.encode(query, UTF_8);

11
wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticationService.java
View File

@ -16,7 +16,7 @@ import static org.eclipse.che.commons.lang.UrlUtils.getParameter;
import static org.eclipse.che.commons.lang.UrlUtils.getQueryParametersFromState;
import static org.eclipse.che.commons.lang.UrlUtils.getRequestUrl;
import static org.eclipse.che.commons.lang.UrlUtils.getState;
import static org.eclipse.che.security.oauth.EmbeddedOAuthAPI.encodeRedirectUrl;
import static org.eclipse.che.security.oauth.EmbeddedOAuthAPI.getRedirectAfterLoginUrl;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
@ -74,14 +74,7 @@ public class OAuthAuthenticationService extends Service {
final Map<String, List<String>> parameters = getQueryParametersFromState(getState(requestUrl));
final String providerName = getParameter(parameters, "oauth_provider");
String redirectAfterLogin = getParameter(parameters, "redirect_after_login");
try {
URI.create(redirectAfterLogin);
} catch (IllegalArgumentException e) {
// the redirectUrl was decoded by the CSM provider, so we need to encode it back.
redirectAfterLogin = encodeRedirectUrl(redirectAfterLogin);
}
final String redirectAfterLogin = getRedirectAfterLoginUrl(parameters);
UriBuilder redirectUriBuilder = UriBuilder.fromUri(redirectAfterLogin);