mirror of
https://github.com/datahub-project/datahub.git
synced 2025-08-26 10:06:13 +00:00
fix(deps) fix : (commons-httpclient:commons-httpclient) (#14436)
Co-authored-by: david-leifker <114954101+david-leifker@users.noreply.github.com>
This commit is contained in:
rahul MALAWADKAR
GitHub
parent
6c6abca29e
commit
19c99a3b8a
@ -397,6 +397,7 @@ configure(subprojects.findAll {! it.name.startsWith('spark-lineage')}) {
|
|||||||
exclude group: 'com.typesafe.play', module: 'shaded-asynchttpclient'
|
exclude group: 'com.typesafe.play', module: 'shaded-asynchttpclient'
|
||||||
exclude group: "com.typesafe.akka", module: "akka-protobuf-v3_$playScalaVersion"
|
exclude group: "com.typesafe.akka", module: "akka-protobuf-v3_$playScalaVersion"
|
||||||
exclude group: 'com.typesafe.play', module: 'shaded-oauth'
|
exclude group: 'com.typesafe.play', module: 'shaded-oauth'
|
||||||
|
exclude group: 'commons-httpclient', module: 'commons-httpclient'
|
||||||
exclude group: 'commons-collections', module: 'commons-collections'
|
exclude group: 'commons-collections', module: 'commons-collections'
|
||||||
|
|
||||||
// Tomcat excluded for jetty
|
// Tomcat excluded for jetty
|
||||||
|
|||||||
@ -31,8 +31,8 @@ import java.util.Base64;
|
|||||||
import java.util.Optional;
|
import java.util.Optional;
|
||||||
import javax.annotation.Nonnull;
|
import javax.annotation.Nonnull;
|
||||||
import javax.inject.Inject;
|
import javax.inject.Inject;
|
||||||
import org.apache.commons.httpclient.InvalidRedirectLocationException;
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
import org.apache.http.client.RedirectException;
|
||||||
import org.pac4j.core.client.Client;
|
import org.pac4j.core.client.Client;
|
||||||
import org.pac4j.core.context.CallContext;
|
import org.pac4j.core.context.CallContext;
|
||||||
import org.pac4j.core.context.WebContext;
|
import org.pac4j.core.context.WebContext;
|
||||||
@ -109,13 +109,12 @@ public class AuthenticationController extends Controller {
|
|||||||
try {
|
try {
|
||||||
URI redirectUri = new URI(redirectPath);
|
URI redirectUri = new URI(redirectPath);
|
||||||
if (redirectUri.getScheme() != null || redirectUri.getAuthority() != null) {
|
if (redirectUri.getScheme() != null || redirectUri.getAuthority() != null) {
|
||||||
throw new InvalidRedirectLocationException(
|
throw new RedirectException(
|
||||||
"Redirect location must be relative to the base url, cannot "
|
"Redirect location must be relative to the base url, cannot "
|
||||||
+ "redirect to other domains: "
|
+ "redirect to other domains: "
|
||||||
+ redirectPath,
|
+ redirectPath);
|
||||||
redirectPath);
|
|
||||||
}
|
}
|
||||||
} catch (URISyntaxException | InvalidRedirectLocationException e) {
|
} catch (URISyntaxException | RedirectException e) {
|
||||||
logger.warn(e.getMessage());
|
logger.warn(e.getMessage());
|
||||||
redirectPath = "/";
|
redirectPath = "/";
|
||||||
}
|
}
|
||||||
|
|||||||
@ -88,6 +88,7 @@ dependencies {
|
|||||||
|
|
||||||
testImplementation 'org.seleniumhq.selenium:htmlunit-driver:2.67.0'
|
testImplementation 'org.seleniumhq.selenium:htmlunit-driver:2.67.0'
|
||||||
testImplementation externalDependency.mockito
|
testImplementation externalDependency.mockito
|
||||||
|
testImplementation externalDependency.mockitoInline
|
||||||
testImplementation externalDependency.playTest
|
testImplementation externalDependency.playTest
|
||||||
testImplementation 'org.awaitility:awaitility:4.2.0'
|
testImplementation 'org.awaitility:awaitility:4.2.0'
|
||||||
testImplementation 'no.nav.security:mock-oauth2-server:2.1.9'
|
testImplementation 'no.nav.security:mock-oauth2-server:2.1.9'
|
||||||
|
|||||||
@ -1,14 +1,12 @@
|
|||||||
package controllers;
|
package controllers;
|
||||||
|
|
||||||
import static auth.AuthUtils.REDIRECT_URL_COOKIE_NAME;
|
import static auth.AuthUtils.REDIRECT_URL_COOKIE_NAME;
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
import static org.junit.jupiter.api.Assertions.*;
|
||||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
|
||||||
import static org.mockito.ArgumentMatchers.any;
|
import static org.mockito.ArgumentMatchers.any;
|
||||||
import static org.mockito.ArgumentMatchers.anyString;
|
import static org.mockito.ArgumentMatchers.anyString;
|
||||||
import static org.mockito.Mockito.mock;
|
import static org.mockito.Mockito.*;
|
||||||
import static org.mockito.Mockito.when;
|
|
||||||
|
|
||||||
|
import auth.AuthUtils;
|
||||||
import auth.sso.SsoManager;
|
import auth.sso.SsoManager;
|
||||||
import auth.sso.SsoProvider;
|
import auth.sso.SsoProvider;
|
||||||
import client.AuthServiceClient;
|
import client.AuthServiceClient;
|
||||||
@ -20,6 +18,7 @@ import java.util.Optional;
|
|||||||
import org.apache.commons.compress.utils.Lists;
|
import org.apache.commons.compress.utils.Lists;
|
||||||
import org.junit.jupiter.api.BeforeEach;
|
import org.junit.jupiter.api.BeforeEach;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
import org.mockito.MockedStatic;
|
||||||
import org.pac4j.core.client.Client;
|
import org.pac4j.core.client.Client;
|
||||||
import org.pac4j.core.context.CallContext;
|
import org.pac4j.core.context.CallContext;
|
||||||
import org.pac4j.core.exception.http.FoundAction;
|
import org.pac4j.core.exception.http.FoundAction;
|
||||||
@ -212,4 +211,34 @@ public class AuthenticationControllerTest {
|
|||||||
|
|
||||||
assertTrue(allCookiesSecure, "All cookies should be secure");
|
assertTrue(allCookiesSecure, "All cookies should be secure");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testAuthenticateWithAbsoluteRedirectUriResetsToRoot() {
|
||||||
|
// No SSO
|
||||||
|
when(ssoManager.isSsoEnabled()).thenReturn(false);
|
||||||
|
|
||||||
|
// Absolute URI triggers RedirectException in authenticate()
|
||||||
|
Http.Request request =
|
||||||
|
new Http.RequestBuilder()
|
||||||
|
.method("GET")
|
||||||
|
.uri("/authenticate?redirect_uri=http://evil.com")
|
||||||
|
.build();
|
||||||
|
|
||||||
|
try (MockedStatic<AuthUtils> authUtilsMock = mockStatic(auth.AuthUtils.class)) {
|
||||||
|
// Make hasValidSessionCookie return true so we take the direct redirect path
|
||||||
|
authUtilsMock.when(() -> auth.AuthUtils.hasValidSessionCookie(any())).thenReturn(true);
|
||||||
|
|
||||||
|
Result result = controller.authenticate(request);
|
||||||
|
|
||||||
|
// Should redirect (303) to "/" after catching RedirectException
|
||||||
|
assertEquals(303, result.status());
|
||||||
|
assertEquals("/", result.redirectLocation().orElse(""));
|
||||||
|
|
||||||
|
// We should not have any redirect cookie here because we bypass SSO
|
||||||
|
boolean hasRedirectCookie =
|
||||||
|
Lists.newArrayList(result.cookies().iterator()).stream()
|
||||||
|
.anyMatch(cookie -> cookie.name().equals(REDIRECT_URL_COOKIE_NAME));
|
||||||
|
assertFalse(hasRedirectCookie, "No redirect cookie expected when redirectPath reset to '/'");
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user