Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 21:33:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use contextPath in One-Time-Token default submit UI

Browse Source
This commit is contained in:
Daniel Garnier-Moiroux 2024-09-06 11:23:29 +02:00 committed by Marcus Hert Da Coregio
parent ef31ae1a98
commit 528d739a60
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
web/src/main/java/org/springframework/security/web/authentication/ui/DefaultOneTimeTokenSubmitPageGeneratingFilter.java
View File

@ -66,6 +66,7 @@ public final class DefaultOneTimeTokenSubmitPageGeneratingFilter extends OncePer
private String generateHtml(HttpServletRequest request) { private String generateHtml(HttpServletRequest request) {
String token = request.getParameter("token"); String token = request.getParameter("token");
String tokenValue = StringUtils.hasText(token) ? token : ""; String tokenValue = StringUtils.hasText(token) ? token : "";
String contextPath = request.getContextPath();
String hiddenInputs = this.resolveHiddenInputs.apply(request) String hiddenInputs = this.resolveHiddenInputs.apply(request)
.entrySet() .entrySet()
@ -76,7 +77,7 @@ public final class DefaultOneTimeTokenSubmitPageGeneratingFilter extends OncePer
return HtmlTemplates.fromTemplate(ONE_TIME_TOKEN_SUBMIT_PAGE_TEMPLATE) return HtmlTemplates.fromTemplate(ONE_TIME_TOKEN_SUBMIT_PAGE_TEMPLATE)
.withRawHtml("cssStyle", CssUtils.getCssStyleBlock().indent(4)) .withRawHtml("cssStyle", CssUtils.getCssStyleBlock().indent(4))
.withValue("tokenValue", tokenValue) .withValue("tokenValue", tokenValue)
.withValue("loginProcessingUrl", this.loginProcessingUrl) .withValue("loginProcessingUrl", contextPath + this.loginProcessingUrl)
.withRawHtml("hiddenInputs", hiddenInputs) .withRawHtml("hiddenInputs", hiddenInputs)
.render(); .render();
} }

9
web/src/test/java/org/springframework/security/web/authentication/ui/DefaultOneTimeTokenSubmitPageGeneratingFilterTests.java
View File

@ -77,6 +77,15 @@ class DefaultOneTimeTokenSubmitPageGeneratingFilterTests {
assertThat(response).contains("<form class=\"login-form\" action=\"/login/another\" method=\"post\">"); assertThat(response).contains("<form class=\"login-form\" action=\"/login/another\" method=\"post\">");
} }
@Test
void setContextThenGenerates() throws Exception {
this.request.setContextPath("/context");
this.filter.setLoginProcessingUrl("/login/another");
this.filter.doFilterInternal(this.request, this.response, this.filterChain);
String response = this.response.getContentAsString();
assertThat(response).contains("<form class=\"login-form\" action=\"/context/login/another\" method=\"post\">");
}
@Test @Test
void filterWhenTokenQueryParamUsesSpecialCharactersThenValueIsEscaped() throws Exception { void filterWhenTokenQueryParamUsesSpecialCharactersThenValueIsEscaped() throws Exception {
this.request.setParameter("token", "this<>!@#\""); this.request.setParameter("token", "this<>!@#\"");