From 5fc00a6cd0323e4f482ac8a221a33f55b49d98a8 Mon Sep 17 00:00:00 2001 From: Nayan <83352306+nayan-rafiq@users.noreply.github.com> Date: Mon, 25 Oct 2021 11:43:02 +0600 Subject: [PATCH] fix: check with url path when redirecting to default application url (#8207) When deciding whether to redirect to default application or the redirect url provided during signup, it'll compare with url path now. Earlier it was considering any query params added to the redirect url. --- .../AuthenticationSuccessHandler.java | 33 +++++++++++++++---- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/AuthenticationSuccessHandler.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/AuthenticationSuccessHandler.java index 2f341e4018..5091df5d74 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/AuthenticationSuccessHandler.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/AuthenticationSuccessHandler.java @@ -24,6 +24,7 @@ import org.springframework.security.web.server.ServerRedirectStrategy; import org.springframework.security.web.server.WebFilterExchange; import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler; import org.springframework.stereotype.Component; +import org.springframework.util.StringUtils; import org.springframework.web.server.ServerWebExchange; import reactor.core.publisher.Mono; import reactor.core.scheduler.Schedulers; @@ -194,7 +195,7 @@ public class AuthenticationSuccessHandler implements ServerAuthenticationSuccess boolean addFirstTimeExperienceParam = false; if (isFromSignup) { - if(redirectUrl.endsWith(RedirectHelper.DEFAULT_REDIRECT_URL) && defaultApplication != null) { + if(isDefaultRedirectUrl(redirectUrl) && defaultApplication != null) { addFirstTimeExperienceParam = true; HttpHeaders headers = exchange.getRequest().getHeaders(); redirectUrl = redirectHelper.buildApplicationUrl(defaultApplication, headers); @@ -205,6 +206,22 @@ public class AuthenticationSuccessHandler implements ServerAuthenticationSuccess return redirectStrategy.sendRedirect(exchange, URI.create(redirectUrl)); } + /** + * Checks if the provided url is default redirect url + * @param url which needs to be checked + * @return true if default url. false otherwise + */ + private boolean isDefaultRedirectUrl(String url) { + if(StringUtils.isEmpty(url)) { + return true; + } + try { + return URI.create(url).getPath().endsWith(RedirectHelper.DEFAULT_REDIRECT_URL); + } catch (IllegalArgumentException e) { + return false; + } + } + private Mono handleRedirect(WebFilterExchange webFilterExchange, Application defaultApplication, boolean isFromSignup) { ServerWebExchange exchange = webFilterExchange.getExchange(); @@ -214,13 +231,15 @@ public class AuthenticationSuccessHandler implements ServerAuthenticationSuccess .flatMap(redirectHelper::getRedirectUrl) .map(s -> { String url = s; - boolean addFirstTimeExperienceParam = false; - if(s.endsWith(RedirectHelper.DEFAULT_REDIRECT_URL) && defaultApplication != null) { - addFirstTimeExperienceParam = true; - HttpHeaders headers = exchange.getRequest().getHeaders(); - url = redirectHelper.buildApplicationUrl(defaultApplication, headers); - } if (isFromSignup) { + boolean addFirstTimeExperienceParam = false; + + // only redirect to default application if the redirectUrl contains no other url + if(isDefaultRedirectUrl(url) && defaultApplication != null) { + addFirstTimeExperienceParam = true; + HttpHeaders headers = exchange.getRequest().getHeaders(); + url = redirectHelper.buildApplicationUrl(defaultApplication, headers); + } // This redirectUrl will be used by the client to redirect after showing a welcome page. url = buildSignupSuccessUrl(url, addFirstTimeExperienceParam); }