From f2925ed22ce9999120e57271a5b6a56bc7cbc0e2 Mon Sep 17 00:00:00 2001 From: ivinokur Date: Fri, 8 Mar 2024 13:54:06 +0200 Subject: [PATCH] fixup! Encode redirect URL if needed on oauth1 callback request --- .../che/security/oauth/EmbeddedOAuthAPI.java | 22 ++++++++++++++----- .../oauth1/OAuthAuthenticationService.java | 11 ++-------- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java b/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java index a31cedde05..ff932feb15 100644 --- a/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java +++ b/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java @@ -124,15 +124,25 @@ public class EmbeddedOAuthAPI implements OAuthAPI { // Skip exception, the token will be stored in the next request. LOG.error(e.getMessage(), e); } - final String redirectAfterLogin = getParameter(params, "redirect_after_login"); - URI uri; + return Response.temporaryRedirect(URI.create(getRedirectAfterLoginUrl(params))).build(); + } + + /** + * Returns the redirect after login URL from the query parameters. If the URL is encoded by the + * CSM provider, it will be decoded, to avoid unsupported characters in the URL. + * + * @param parameters the query parameters + * @return the redirect after login URL + */ + public static String getRedirectAfterLoginUrl(Map> parameters) { + String redirectAfterLogin = getParameter(parameters, "redirect_after_login"); try { - uri = URI.create(redirectAfterLogin); + URI.create(redirectAfterLogin); } catch (IllegalArgumentException e) { // the redirectUrl was decoded by the CSM provider, so we need to encode it back. - uri = URI.create(encodeRedirectUrl(redirectAfterLogin)); + redirectAfterLogin = encodeRedirectUrl(redirectAfterLogin); } - return Response.temporaryRedirect(uri).build(); + return redirectAfterLogin; } /* @@ -152,7 +162,7 @@ public class EmbeddedOAuthAPI implements OAuthAPI { * JSON, as a query parameter. This prevents passing unsupported characters, like '{' and '}' to * the {@link URI#create(String)} method. */ - public static String encodeRedirectUrl(String url) { + private static String encodeRedirectUrl(String url) { try { String query = new URL(url).getQuery(); return url.substring(0, url.indexOf(query)) + URLEncoder.encode(query, UTF_8); diff --git a/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticationService.java b/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticationService.java index f5c5800000..c98c62d92f 100644 --- a/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticationService.java +++ b/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth1/OAuthAuthenticationService.java @@ -16,7 +16,7 @@ import static org.eclipse.che.commons.lang.UrlUtils.getParameter; import static org.eclipse.che.commons.lang.UrlUtils.getQueryParametersFromState; import static org.eclipse.che.commons.lang.UrlUtils.getRequestUrl; import static org.eclipse.che.commons.lang.UrlUtils.getState; -import static org.eclipse.che.security.oauth.EmbeddedOAuthAPI.encodeRedirectUrl; +import static org.eclipse.che.security.oauth.EmbeddedOAuthAPI.getRedirectAfterLoginUrl; import jakarta.ws.rs.GET; import jakarta.ws.rs.Path; @@ -74,14 +74,7 @@ public class OAuthAuthenticationService extends Service { final Map> parameters = getQueryParametersFromState(getState(requestUrl)); final String providerName = getParameter(parameters, "oauth_provider"); - String redirectAfterLogin = getParameter(parameters, "redirect_after_login"); - - try { - URI.create(redirectAfterLogin); - } catch (IllegalArgumentException e) { - // the redirectUrl was decoded by the CSM provider, so we need to encode it back. - redirectAfterLogin = encodeRedirectUrl(redirectAfterLogin); - } + final String redirectAfterLogin = getRedirectAfterLoginUrl(parameters); UriBuilder redirectUriBuilder = UriBuilder.fromUri(redirectAfterLogin);