Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

fix: fix incorrect parsing of email ID in login rate limit (#27107)

Browse Source 
Previously, we had incorrect parsing logic wherein we were parsing '+' character for space because of URLDecoding into UTF-8 charset. we have removed the decoding logic now
This commit is contained in:
Shubham Saxena 2023-09-13 16:27:48 +05:30 committed by GitHub
parent 3fc29dc459
commit 59898e270a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/server/appsmith-server/src/main/java/com/appsmith/server/filters/PreAuth.java
View File

@ -12,7 +12,6 @@ import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono; import reactor.core.publisher.Mono;
import java.net.URI; import java.net.URI;
import java.net.URLDecoder;
import java.net.URLEncoder; import java.net.URLEncoder;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
@ -33,7 +32,7 @@ public class PreAuth implements WebFilter {
return rateLimitService return rateLimitService
.tryIncreaseCounter(RateLimitConstants.BUCKET_KEY_FOR_LOGIN_API, username) .tryIncreaseCounter(RateLimitConstants.BUCKET_KEY_FOR_LOGIN_API, username)
.flatMap(counterIncreaseAttemptSuccessful -> { .flatMap(counterIncreaseAttemptSuccessful -> {
if (!counterIncreaseAttemptSuccessful) { if (Boolean.FALSE.equals(counterIncreaseAttemptSuccessful)) {
log.error("Rate limit exceeded. Redirecting to login page."); log.error("Rate limit exceeded. Redirecting to login page.");
return handleRateLimitExceeded(exchange); return handleRateLimitExceeded(exchange);
} }
@ -48,14 +47,9 @@ public class PreAuth implements WebFilter {
} }
private Mono<String> getUsername(ServerWebExchange exchange) { private Mono<String> getUsername(ServerWebExchange exchange) {
return exchange.getFormData().flatMap(formData -> { return exchange.getFormData()
String username = formData.getFirst(FieldName.USERNAME.toString()); .map(formData -> formData.getFirst(FieldName.USERNAME.toString()))
if (username != null && !username.isEmpty()) { .defaultIfEmpty("");
return Mono.just(URLDecoder.decode(username, StandardCharsets.UTF_8));
}
return Mono.just("");
});
} }
private Mono<Void> handleRateLimitExceeded(ServerWebExchange exchange) { private Mono<Void> handleRateLimitExceeded(ServerWebExchange exchange) {