Skip to content

Commit 6ade548

Browse files
committed
Address coderabbit comments
1 parent d8f33a9 commit 6ade548

6 files changed

Lines changed: 46 additions & 26 deletions

File tree

all-in-one-apim/modules/distribution/product/src/main/extensions/password-recovery.jsp

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -210,10 +210,13 @@
210210
String callback = request.getParameter("callback");
211211
212212
// Validate the callback URL
213-
if (!StringUtils.isBlank(callback)
214-
&& !StringUtils.equalsIgnoreCase(callback, "null")
215-
&& !AuthenticationEndpointUtil.isValidMultiOptionURI(callback)) {
213+
if (StringUtils.isBlank(callback) || StringUtils.equalsIgnoreCase(callback, "null")) {
216214
callback = null;
215+
} else {
216+
String encodedCallback = IdentityManagementEndpointUtil.getURLEncodedCallback(callback);
217+
if (!AuthenticationEndpointUtil.isValidMultiOptionURI(encodedCallback)) {
218+
callback = null;
219+
}
217220
}
218221
219222
if (callback != null) {

all-in-one-apim/modules/distribution/product/src/main/extensions/self-registration-username-request.jsp

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -54,10 +54,13 @@
5454
/**
5555
* Validate the back to login URL.
5656
*/
57-
if (!StringUtils.isBlank(callback)
58-
&& !StringUtils.equalsIgnoreCase(callback, "null")
59-
&& !AuthenticationEndpointUtil.isValidMultiOptionURI(callback)) {
57+
if (StringUtils.isBlank(callback) || StringUtils.equalsIgnoreCase(callback, "null")) {
6058
callback = null;
59+
} else {
60+
String encodedCallback = IdentityManagementEndpointUtil.getURLEncodedCallback(callback);
61+
if (!AuthenticationEndpointUtil.isValidMultiOptionURI(encodedCallback)) {
62+
callback = null;
63+
}
6164
}
6265
6366
boolean isCallBackUrlEmpty = StringUtils.isBlank(callback);
@@ -189,14 +192,17 @@
189192
<%=IdentityManagementEndpointUtil.i18n(recoveryResourceBundle,
190193
"If.you.specify.tenant.domain.you.registered.under.super.tenant")%>
191194
</p>
192-
<input id="callback" name="callback" type="hidden" value="<%=callback%>"
193-
class="form-control" required>
195+
196+
<input id="callback" name="callback" type="hidden"
197+
value="<%=Encode.forHtmlAttribute(callback)%>" class="form-control">
198+
194199

195200
<% Map<String, String[]> requestMap = request.getParameterMap();
196201
for (Map.Entry<String, String[]> entry : requestMap.entrySet()) {
197202
String key = Encode.forHtmlAttribute(entry.getKey());
198203
String value = Encode.forHtmlAttribute(entry.getValue()[0]);
199-
if (StringUtils.equalsIgnoreCase("reCaptcha", key)) {
204+
if (StringUtils.equalsIgnoreCase("reCaptcha", key)
205+
|| StringUtils.equalsIgnoreCase("callback", key)) {
200206
continue;
201207
} %>
202208
<div class="field">

all-in-one-apim/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,7 @@
108108
boolean skipSignUpEnableCheck = Boolean.parseBoolean(request.getParameter("skipsignupenablecheck"));
109109
boolean isPasswordProvisionEnabled = Boolean.parseBoolean(request.getParameter("passwordProvisionEnabled"));
110110
boolean isSaaSApp = Boolean.parseBoolean(request.getParameter("isSaaSApp"));
111-
String callback = Encode.forHtmlAttribute(request.getParameter("callback"));
111+
String callback = request.getParameter("callback");
112112
User user = IdentityManagementServiceUtil.getInstance().resolveUser(username, tenantDomain, isSaaSApp);
113113
114114
if (skipSignUpEnableCheck) {
@@ -193,9 +193,10 @@
193193
/**
194194
* Validate the back to login URL. If the URL is not valid, set the URL to null.
195195
*/
196-
if (!StringUtils.isBlank(callback) && !StringUtils.equalsIgnoreCase(callback, "null")) {
196+
if (StringUtils.isBlank(callback) || StringUtils.equalsIgnoreCase(callback, "null")) {
197+
callback = null;
198+
} else {
197199
String encodedCallback = IdentityManagementEndpointUtil.getURLEncodedCallback(callback);
198-
199200
if (!AuthenticationEndpointUtil.isValidMultiOptionURI(encodedCallback)) {
200201
callback = null;
201202
}
@@ -502,7 +503,7 @@
502503
503504
if (callback != null) {
504505
%>
505-
<input type="hidden" name="callback" value="<%=callback %>"/>
506+
<input type="hidden" name="callback" value="<%=Encode.forHtmlAttribute(callback) %>"/>
506507
<% for (int index = 0; index < missingClaimList.length; index++) {
507508
String claim = missingClaimList[index];
508509
String claimDisplayName = missingClaimDisplayName[index];

api-control-plane/modules/distribution/product/src/main/extensions/password-recovery.jsp

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -210,10 +210,13 @@
210210
String callback = request.getParameter("callback");
211211
212212
// Validate the callback URL
213-
if (!StringUtils.isBlank(callback)
214-
&& !StringUtils.equalsIgnoreCase(callback, "null")
215-
&& !AuthenticationEndpointUtil.isValidMultiOptionURI(callback)) {
213+
if (StringUtils.isBlank(callback) || StringUtils.equalsIgnoreCase(callback, "null")) {
216214
callback = null;
215+
} else {
216+
String encodedCallback = IdentityManagementEndpointUtil.getURLEncodedCallback(callback);
217+
if (!AuthenticationEndpointUtil.isValidMultiOptionURI(encodedCallback)) {
218+
callback = null;
219+
}
217220
}
218221
219222
if (callback != null) {

api-control-plane/modules/distribution/product/src/main/extensions/self-registration-username-request.jsp

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -54,10 +54,13 @@
5454
/**
5555
* Validate the back to login URL.
5656
*/
57-
if (!StringUtils.isBlank(callback)
58-
&& !StringUtils.equalsIgnoreCase(callback, "null")
59-
&& !AuthenticationEndpointUtil.isValidMultiOptionURI(callback)) {
57+
if (StringUtils.isBlank(callback) || StringUtils.equalsIgnoreCase(callback, "null")) {
6058
callback = null;
59+
} else {
60+
String encodedCallback = IdentityManagementEndpointUtil.getURLEncodedCallback(callback);
61+
if (!AuthenticationEndpointUtil.isValidMultiOptionURI(encodedCallback)) {
62+
callback = null;
63+
}
6164
}
6265
6366
boolean isCallBackUrlEmpty = StringUtils.isBlank(callback);
@@ -189,14 +192,17 @@
189192
<%=IdentityManagementEndpointUtil.i18n(recoveryResourceBundle,
190193
"If.you.specify.tenant.domain.you.registered.under.super.tenant")%>
191194
</p>
192-
<input id="callback" name="callback" type="hidden" value="<%=callback%>"
193-
class="form-control" required>
195+
196+
<input id="callback" name="callback" type="hidden"
197+
value="<%=Encode.forHtmlAttribute(callback)%>" class="form-control">
198+
194199

195200
<% Map<String, String[]> requestMap = request.getParameterMap();
196201
for (Map.Entry<String, String[]> entry : requestMap.entrySet()) {
197202
String key = Encode.forHtmlAttribute(entry.getKey());
198203
String value = Encode.forHtmlAttribute(entry.getValue()[0]);
199-
if (StringUtils.equalsIgnoreCase("reCaptcha", key)) {
204+
if (StringUtils.equalsIgnoreCase("reCaptcha", key)
205+
|| StringUtils.equalsIgnoreCase("callback", key)) {
200206
continue;
201207
} %>
202208
<div class="field">

api-control-plane/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,7 @@
108108
boolean skipSignUpEnableCheck = Boolean.parseBoolean(request.getParameter("skipsignupenablecheck"));
109109
boolean isPasswordProvisionEnabled = Boolean.parseBoolean(request.getParameter("passwordProvisionEnabled"));
110110
boolean isSaaSApp = Boolean.parseBoolean(request.getParameter("isSaaSApp"));
111-
String callback = Encode.forHtmlAttribute(request.getParameter("callback"));
111+
String callback = request.getParameter("callback");
112112
User user = IdentityManagementServiceUtil.getInstance().resolveUser(username, tenantDomain, isSaaSApp);
113113
114114
if (skipSignUpEnableCheck) {
@@ -193,9 +193,10 @@
193193
/**
194194
* Validate the back to login URL. If the URL is not valid, set the URL to null.
195195
*/
196-
if (!StringUtils.isBlank(callback) && !StringUtils.equalsIgnoreCase(callback, "null")) {
196+
if (StringUtils.isBlank(callback) || StringUtils.equalsIgnoreCase(callback, "null")) {
197+
callback = null;
198+
} else {
197199
String encodedCallback = IdentityManagementEndpointUtil.getURLEncodedCallback(callback);
198-
199200
if (!AuthenticationEndpointUtil.isValidMultiOptionURI(encodedCallback)) {
200201
callback = null;
201202
}
@@ -502,7 +503,7 @@
502503
503504
if (callback != null) {
504505
%>
505-
<input type="hidden" name="callback" value="<%=callback %>"/>
506+
<input type="hidden" name="callback" value="<%=Encode.forHtmlAttribute(callback) %>"/>
506507
<% for (int index = 0; index < missingClaimList.length; index++) {
507508
String claim = missingClaimList[index];
508509
String claimDisplayName = missingClaimDisplayName[index];

0 commit comments

Comments
 (0)