Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-01 10:59:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use static CSS in OneTimeToken default UI

Browse Source
This commit is contained in:
Daniel Garnier-Moiroux 2024-09-05 21:05:41 +02:00 committed by Rob Winch
parent e958ff2d4a
commit c1b9035544
4 changed files with 27 additions and 267 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/src/main/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurer.java
View File

@ -46,6 +46,7 @@ import org.springframework.security.web.authentication.ott.GeneratedOneTimeToken
import org.springframework.security.web.authentication.ott.OneTimeTokenAuthenticationConverter; import org.springframework.security.web.authentication.ott.OneTimeTokenAuthenticationConverter;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter; import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter; import org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter;
import org.springframework.security.web.authentication.ui.DefaultResourcesFilter;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.security.web.csrf.CsrfToken; import org.springframework.security.web.csrf.CsrfToken;
@ -136,6 +137,7 @@ public final class OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>>
generateFilter.setGeneratedOneTimeTokenHandler(getGeneratedOneTimeTokenHandler(http)); generateFilter.setGeneratedOneTimeTokenHandler(getGeneratedOneTimeTokenHandler(http));
generateFilter.setRequestMatcher(antMatcher(HttpMethod.POST, this.generateTokenUrl)); generateFilter.setRequestMatcher(antMatcher(HttpMethod.POST, this.generateTokenUrl));
http.addFilter(postProcess(generateFilter)); http.addFilter(postProcess(generateFilter));
http.addFilter(DefaultResourcesFilter.css());
} }
private GeneratedOneTimeTokenHandler getGeneratedOneTimeTokenHandler(H http) { private GeneratedOneTimeTokenHandler getGeneratedOneTimeTokenHandler(H http) {

158
config/src/test/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurerTests.java
View File

@ -21,6 +21,7 @@ import java.io.IOException;
import jakarta.servlet.ServletException; import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
@ -53,6 +54,7 @@ import static org.springframework.security.test.web.servlet.response.SecurityMoc
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated; import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@ -64,143 +66,6 @@ public class OneTimeTokenLoginConfigurerTests {
@Autowired(required = false) @Autowired(required = false)
MockMvc mvc; MockMvc mvc;
public static final String EXPECTED_HTML_HEAD = """
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title>Please sign in</title>
<style>
/* General layout */
body {
font-family: system-ui, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
background-color: #eee;
padding: 40px 0;
margin: 0;
line-height: 1.5;
}
\s\s\s\s
h2 {
margin-top: 0;
margin-bottom: 0.5rem;
font-size: 2rem;
font-weight: 500;
line-height: 2rem;
}
\s\s\s\s
.content {
margin-right: auto;
margin-left: auto;
padding-right: 15px;
padding-left: 15px;
width: 100%;
box-sizing: border-box;
}
\s\s\s\s
@media (min-width: 800px) {
.content {
max-width: 760px;
}
}
\s\s\s\s
/* Components */
a,
a:visited {
text-decoration: none;
color: #06f;
}
\s\s\s\s
a:hover {
text-decoration: underline;
color: #003c97;
}
\s\s\s\s
input[type="text"],
input[type="password"] {
height: auto;
width: 100%;
font-size: 1rem;
padding: 0.5rem;
box-sizing: border-box;
}
\s\s\s\s
button {
padding: 0.5rem 1rem;
font-size: 1.25rem;
line-height: 1.5;
border: none;
border-radius: 0.1rem;
width: 100%;
}
\s\s\s\s
button.primary {
color: #fff;
background-color: #06f;
}
\s\s\s\s
.alert {
padding: 0.75rem 1rem;
margin-bottom: 1rem;
line-height: 1.5;
border-radius: 0.1rem;
width: 100%;
box-sizing: border-box;
border-width: 1px;
border-style: solid;
}
\s\s\s\s
.alert.alert-danger {
color: #6b1922;
background-color: #f7d5d7;
border-color: #eab6bb;
}
\s\s\s\s
.alert.alert-success {
color: #145222;
background-color: #d1f0d9;
border-color: #c2ebcb;
}
\s\s\s\s
.screenreader {
position: absolute;
clip: rect(0 0 0 0);
height: 1px;
width: 1px;
padding: 0;
border: 0;
overflow: hidden;
}
\s\s\s\s
table {
width: 100%;
max-width: 100%;
margin-bottom: 2rem;
}
\s\s\s\s
.table-striped tr:nth-of-type(2n + 1) {
background-color: #e1e1e1;
}
\s\s\s\s
td {
padding: 0.75rem;
vertical-align: top;
}
\s\s\s\s
/* Login / logout layouts */
.login-form,
.logout-form {
max-width: 340px;
padding: 0 15px 15px 15px;
margin: 0 auto 2rem auto;
box-sizing: border-box;
}
</style>
</head>
""";
@Test @Test
void oneTimeTokenWhenCorrectTokenThenCanAuthenticate() throws Exception { void oneTimeTokenWhenCorrectTokenThenCanAuthenticate() throws Exception {
this.spring.register(OneTimeTokenDefaultConfig.class).autowire(); this.spring.register(OneTimeTokenDefaultConfig.class).autowire();
@ -252,6 +117,14 @@ public class OneTimeTokenLoginConfigurerTests {
.andExpectAll(status().isFound(), redirectedUrl("/login?error"), unauthenticated()); .andExpectAll(status().isFound(), redirectedUrl("/login?error"), unauthenticated());
} }
@Test
void oneTimeTokenWhenConfiguredThenServesCss() throws Exception {
this.spring.register(OneTimeTokenDefaultConfig.class).autowire();
this.mvc.perform(get("/default-ui.css"))
.andExpect(status().isOk())
.andExpect(content().string(Matchers.containsString("body {")));
}
@Test @Test
void oneTimeTokenWhenFormLoginConfiguredThenRendersRequestTokenForm() throws Exception { void oneTimeTokenWhenFormLoginConfiguredThenRendersRequestTokenForm() throws Exception {
this.spring.register(OneTimeTokenFormLoginConfig.class).autowire(); this.spring.register(OneTimeTokenFormLoginConfig.class).autowire();
@ -262,8 +135,17 @@ public class OneTimeTokenLoginConfigurerTests {
.andExpect((result) -> { .andExpect((result) -> {
CsrfToken token = (CsrfToken) result.getRequest().getAttribute(CsrfToken.class.getName()); CsrfToken token = (CsrfToken) result.getRequest().getAttribute(CsrfToken.class.getName());
assertThat(result.getResponse().getContentAsString()).isEqualTo( assertThat(result.getResponse().getContentAsString()).isEqualTo(
EXPECTED_HTML_HEAD +
""" """
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title>Please sign in</title>
<link href="/default-ui.css" rel="stylesheet" />
</head>
<body> <body>
<div class="content"> <div class="content">
<form class="login-form" method="post" action="/login"> <form class="login-form" method="post" action="/login">

8
web/src/main/java/org/springframework/security/web/authentication/ui/DefaultOneTimeTokenSubmitPageGeneratingFilter.java
View File

@ -28,7 +28,6 @@ import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import org.springframework.security.web.util.CssUtils;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -64,9 +63,10 @@ public final class DefaultOneTimeTokenSubmitPageGeneratingFilter extends OncePer
} }
private String generateHtml(HttpServletRequest request) { private String generateHtml(HttpServletRequest request) {
String contextPath = request.getContextPath();
String token = request.getParameter("token"); String token = request.getParameter("token");
String tokenValue = StringUtils.hasText(token) ? token : ""; String tokenValue = StringUtils.hasText(token) ? token : "";
String contextPath = request.getContextPath();
String hiddenInputs = this.resolveHiddenInputs.apply(request) String hiddenInputs = this.resolveHiddenInputs.apply(request)
.entrySet() .entrySet()
@ -75,7 +75,7 @@ public final class DefaultOneTimeTokenSubmitPageGeneratingFilter extends OncePer
.collect(Collectors.joining("\n")); .collect(Collectors.joining("\n"));
return HtmlTemplates.fromTemplate(ONE_TIME_TOKEN_SUBMIT_PAGE_TEMPLATE) return HtmlTemplates.fromTemplate(ONE_TIME_TOKEN_SUBMIT_PAGE_TEMPLATE)
.withRawHtml("cssStyle", CssUtils.getCssStyleBlock().indent(4)) .withValue("contextPath", contextPath)
.withValue("tokenValue", tokenValue) .withValue("tokenValue", tokenValue)
.withValue("loginProcessingUrl", contextPath + this.loginProcessingUrl) .withValue("loginProcessingUrl", contextPath + this.loginProcessingUrl)
.withRawHtml("hiddenInputs", hiddenInputs) .withRawHtml("hiddenInputs", hiddenInputs)
@ -116,7 +116,7 @@ public final class DefaultOneTimeTokenSubmitPageGeneratingFilter extends OncePer
<title>One-Time Token Login</title> <title>One-Time Token Login</title>
<meta charset="utf-8"/> <meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/>
{{cssStyle}} <link href="{{contextPath}}/default-ui.css" rel="stylesheet" />
</head> </head>
<body> <body>
<div class="container"> <div class="container">

126
web/src/test/java/org/springframework/security/web/authentication/ui/DefaultOneTimeTokenSubmitPageGeneratingFilterTests.java
View File

@ -110,131 +110,7 @@ class DefaultOneTimeTokenSubmitPageGeneratingFilterTests {
<title>One-Time Token Login</title> <title>One-Time Token Login</title>
<meta charset="utf-8"/> <meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/>
<style> <link href="/default-ui.css" rel="stylesheet" />
/* General layout */
body {
font-family: system-ui, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
background-color: #eee;
padding: 40px 0;
margin: 0;
line-height: 1.5;
}
\s
h2 {
margin-top: 0;
margin-bottom: 0.5rem;
font-size: 2rem;
font-weight: 500;
line-height: 2rem;
}
\s
.content {
margin-right: auto;
margin-left: auto;
padding-right: 15px;
padding-left: 15px;
width: 100%;
box-sizing: border-box;
}
\s
@media (min-width: 800px) {
.content {
max-width: 760px;
}
}
\s
/* Components */
a,
a:visited {
text-decoration: none;
color: #06f;
}
\s
a:hover {
text-decoration: underline;
color: #003c97;
}
\s
input[type="text"],
input[type="password"] {
height: auto;
width: 100%;
font-size: 1rem;
padding: 0.5rem;
box-sizing: border-box;
}
\s
button {
padding: 0.5rem 1rem;
font-size: 1.25rem;
line-height: 1.5;
border: none;
border-radius: 0.1rem;
width: 100%;
}
\s
button.primary {
color: #fff;
background-color: #06f;
}
\s
.alert {
padding: 0.75rem 1rem;
margin-bottom: 1rem;
line-height: 1.5;
border-radius: 0.1rem;
width: 100%;
box-sizing: border-box;
border-width: 1px;
border-style: solid;
}
\s
.alert.alert-danger {
color: #6b1922;
background-color: #f7d5d7;
border-color: #eab6bb;
}
\s
.alert.alert-success {
color: #145222;
background-color: #d1f0d9;
border-color: #c2ebcb;
}
\s
.screenreader {
position: absolute;
clip: rect(0 0 0 0);
height: 1px;
width: 1px;
padding: 0;
border: 0;
overflow: hidden;
}
\s
table {
width: 100%;
max-width: 100%;
margin-bottom: 2rem;
}
\s
.table-striped tr:nth-of-type(2n + 1) {
background-color: #e1e1e1;
}
\s
td {
padding: 0.75rem;
vertical-align: top;
}
\s
/* Login / logout layouts */
.login-form,
.logout-form {
max-width: 340px;
padding: 0 15px 15px 15px;
margin: 0 auto 2rem auto;
box-sizing: border-box;
}
</style>
</head> </head>
<body> <body>
<div class="container"> <div class="container">