artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 16:56:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor/moved uriAndQueryString to ObpS

Browse Source
This commit is contained in:
hongwei 2023-09-13 16:21:02 +02:00
parent cb3f00b648
commit 49d065af20
6 changed files with 35 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
obp-api/src/main/scala/code/api/OBPRestHelper.scala
View File

@ -41,7 +41,7 @@ import code.api.v5_0_0.OBPAPI5_0_0
import code.api.v5_1_0.OBPAPI5_1_0
import code.loginattempts.LoginAttempt
import code.model.dataAccess.AuthUser
import code.util.Helper.MdcLoggable
import code.util.Helper.{MdcLoggable, ObpS}
import com.alibaba.ttl.TransmittableThreadLocal
import com.openbankproject.commons.model.ErrorMessage
import com.openbankproject.commons.util.{ApiVersion, ReflectUtils, ScannedApiVersion}
@ -376,7 +376,7 @@ trait OBPRestHelper extends RestHelper with MdcLoggable {
val body: Box[String] = getRequestBody(S.request)
val implementedInVersion = S.request.openOrThrowException(attemptedToOpenAnEmptyBox).view
val verb = S.request.openOrThrowException(attemptedToOpenAnEmptyBox).requestType.method
val url = URLDecoder.decode(S.uriAndQueryString.getOrElse(""),"UTF-8")
val url = URLDecoder.decode(ObpS.uriAndQueryString.getOrElse(""),"UTF-8")
val correlationId = getCorrelationId()
val reqHeaders = S.request.openOrThrowException(attemptedToOpenAnEmptyBox).request.headers
val remoteIpAddress = getRemoteIpAddress()

6
obp-api/src/main/scala/code/api/ResourceDocs1_4_0/ResourceDocsAPIMethods.scala
View File

@ -250,7 +250,7 @@ trait ResourceDocsAPIMethods extends MdcLoggable with APIMethods220 with APIMeth
var cacheKey = (randomUUID().toString, randomUUID().toString, randomUUID().toString)
CacheKeyFromArguments.buildCacheKey {
Caching.memoizeSyncWithProvider (Some(cacheKey.toString())) (getStaticResourceDocsTTL second) {
logger.debug(s"Generating OBP Resource Docs requestedApiVersion is $requestedApiVersionString")
logger.debug(s"Generating OBP-getStaticResourceDocsObpCached requestedApiVersion is $requestedApiVersionString")
val requestedApiVersion = ApiVersionUtils.valueOf(requestedApiVersionString)
val resourceDocJson = resourceDocsToResourceDocJson(getResourceDocsList(requestedApiVersion), resourceDocTags, partialFunctionNames, isVersion4OrHigher, locale)
@ -284,7 +284,7 @@ trait ResourceDocsAPIMethods extends MdcLoggable with APIMethods220 with APIMeth
var cacheKey = (randomUUID().toString, randomUUID().toString, randomUUID().toString)
CacheKeyFromArguments.buildCacheKey {
Caching.memoizeSyncWithProvider (Some(cacheKey.toString())) (getStaticResourceDocsTTL second) {
logger.debug(s"Generating OBP Resource Docs requestedApiVersion is $requestedApiVersionString")
logger.debug(s"Generating getAllResourceDocsObpCached-Docs requestedApiVersion is $requestedApiVersionString")
val requestedApiVersion = ApiVersionUtils.valueOf(requestedApiVersionString)
val dynamicDocs = allDynamicResourceDocs
@ -723,7 +723,7 @@ trait ResourceDocsAPIMethods extends MdcLoggable with APIMethods220 with APIMeth
var cacheKey = (randomUUID().toString, randomUUID().toString, randomUUID().toString)
CacheKeyFromArguments.buildCacheKey {
Caching.memoizeSyncWithProvider (Some(cacheKey.toString())) (getStaticResourceDocsTTL second) {
logger.debug(s"Generating Swagger requestedApiVersion is $requestedApiVersionString")
logger.debug(s"Generating Swagger-getResourceDocsSwaggerCached requestedApiVersion is $requestedApiVersionString")
Box.tryo(ApiVersionUtils.valueOf(requestedApiVersionString)) match {
case Full(requestedApiVersion) =>

16
obp-api/src/main/scala/code/api/util/APIUtil.scala
View File

@ -419,7 +419,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
val implementedInVersion = S.request.openOrThrowException(attemptedToOpenAnEmptyBox).view
//(GET, POST etc.) --S.request.get.requestType.method
val verb = S.request.openOrThrowException(attemptedToOpenAnEmptyBox).requestType.method
val url = S.uriAndQueryString.getOrElse("")
val url = ObpS.uriAndQueryString.getOrElse("")
val correlationId = getCorrelationId()
//execute saveMetric in future, as we do not need to know result of operation
@ -899,6 +899,18 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
case _ => false
}
}
/** only A-Z, a-z, 0-9,-,_,. =, & and max length <= 2048 */
def basicUriAndQueryStringValidation(urlString: String): Boolean = {
val regex =
"""^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?""".r
val decodeUrlValue = URLDecoder.decode(urlString, "UTF-8").trim()
decodeUrlValue match {
case regex(_*) if (decodeUrlValue.length <= 2048) => true
case _ => false
}
}
@ -3001,7 +3013,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
val body: Box[String] = getRequestBody(S.request)
val implementedInVersion = S.request.openOrThrowException(attemptedToOpenAnEmptyBox).view
val verb = S.request.openOrThrowException(attemptedToOpenAnEmptyBox).requestType.method
val url = URLDecoder.decode(S.uriAndQueryString.getOrElse(""),"UTF-8")
val url = URLDecoder.decode(ObpS.uriAndQueryString.getOrElse(""),"UTF-8")
val correlationId = getCorrelationId()
val reqHeaders = S.request.openOrThrowException(attemptedToOpenAnEmptyBox).request.headers
val remoteIpAddress = getRemoteIpAddress()

10
obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
View File

@ -744,7 +744,7 @@ import net.liftweb.util.Helpers._
override def signupXhtml (user:AuthUser) = {
<div id="signup" tabindex="-1">
<form method="post" action={S.uriAndQueryString.getOrElse(S.uri)}>
<form method="post" action={ObpS.uriAndQueryString.getOrElse(S.uri)}>
<h1>{signupFormTitle}</h1>
{legalNoticeDiv}
<div id="signup-general-error" class="alert alert-danger hide"><span data-lift="Msg?id=error"/></div>
@ -786,13 +786,13 @@ import net.liftweb.util.Helpers._
def userLoginFailed = {
logger.info("failed: " + failedLoginRedirect.get)
// variable redir is from failedLoginRedirect, it is set-up in OAuthAuthorisation.scala as following code:
// val currentUrl = S.uriAndQueryString.getOrElse("/")
// val currentUrl = ObpS.uriAndQueryString.getOrElse("/")
// AuthUser.failedLoginRedirect.set(Full(Helpers.appendParams(currentUrl, List((FailedLoginParam, "true")))))
val redir = failedLoginRedirect.get
//Check the internal redirect, in case for open redirect issue.
// variable redir is from loginRedirect, it is set-up in OAuthAuthorisation.scala as following code:
// val currentUrl = S.uriAndQueryString.getOrElse("/")
// val currentUrl = ObpS.uriAndQueryString.getOrElse("/")
// AuthUser.loginRedirect.set(Full(Helpers.appendParams(currentUrl, List((LogUserOutParam, "false")))))
if (Helper.isValidInternalRedirectUrl(redir.toString)) {
S.redirectTo(redir.toString)
@ -1016,7 +1016,7 @@ def restoreSomeSessions(): Unit = {
}
//Check the internal redirect, in case for open redirect issue.
// variable redirect is from loginRedirect, it is set-up in OAuthAuthorisation.scala as following code:
// val currentUrl = S.uriAndQueryString.getOrElse("/")
// val currentUrl = ObpS.uriAndQueryString.getOrElse("/")
// AuthUser.loginRedirect.set(Full(Helpers.appendParams(currentUrl, List((LogUserOutParam, "false")))))
def checkInternalRedirectAndLogUserIn(preLoginState: () => Unit, redirect: String, user: AuthUser) = {
if (Helper.isValidInternalRedirectUrl(redirect)) {
@ -1573,7 +1573,7 @@ def restoreSomeSessions(): Unit = {
//Check the internal redirect, in case for open redirect issue.
// variable redir is from loginRedirect, it is set-up in OAuthAuthorisation.scala as following code:
// val currentUrl = S.uriAndQueryString.getOrElse("/")
// val currentUrl = ObpS.uriAndQueryString.getOrElse("/")
// AuthUser.loginRedirect.set(Full(Helpers.appendParams(currentUrl, List((LogUserOutParam, "false")))))
val loginRedirectSave = loginRedirect.is

2
obp-api/src/main/scala/code/snippet/OAuthAuthorisation.scala
View File

@ -122,7 +122,7 @@ object OAuthAuthorisation {
S.redirectTo(appendParams(redirectionUrl, redirectionParam))
}
} else {
val currentUrl = S.uriAndQueryString.getOrElse("/")
val currentUrl = ObpS.uriAndQueryString.getOrElse("/")
/*if (AuthUser.loggedIn_?) {
AuthUser.logUserOut()
//Bit of a hack here, but for reasons I haven't had time to discover, if this page doesn't get

11
obp-api/src/main/scala/code/util/Helper.scala
View File

@ -464,6 +464,7 @@ object Helper extends Loggable {
lazy val result = method.invoke(net.liftweb.http.S, args: _*)
val methodName = method.getName
if (methodName.equals("param")&&result.isInstanceOf[Box[String]]&&result.asInstanceOf[Box[String]].isDefined) {
//we provide the basic check for all the parameters
val resultAfterChecked =
@ -479,7 +480,15 @@ object Helper extends Loggable {
result.asInstanceOf[Box[String]].filter(APIUtil.checkMediumString(_)==SILENCE_IS_GOLDEN)
}
if(resultAfterChecked.isEmpty) {
logger.debug(s"ObpS.param validation failed. The input key is: ${if (args.length>0)args.apply(0) else ""}, value is:$result")
logger.debug(s"ObpS.${methodName} validation failed. The input key is: ${if (args.length>0)args.apply(0) else ""}, value is:$result")
}
resultAfterChecked
} else if (methodName.equals("uri") && result.isInstanceOf[String] ||
methodName.equals("uriAndQueryString") && result.isInstanceOf[Box[String]] && result.asInstanceOf[Box[String]].isDefined ||
methodName.equals("queryString") && result.isInstanceOf[Box[String]]&&result.asInstanceOf[Box[String]].isDefined){
val resultAfterChecked = result.asInstanceOf[Box[String]].filter(APIUtil.basicUriAndQueryStringValidation(_))
if(resultAfterChecked.isEmpty) {
logger.debug(s"ObpS.${methodName} validation failed. The value is:$result")
}
resultAfterChecked
} else {