IlyaSobolev/DocSpace-buildtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use server side templates

Browse Source
This commit is contained in:
Dmitrii Vershinin 2023-09-27 18:14:21 +05:00
parent 0f9d61b9f0
commit 8ee516850b
4 changed files with 23 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
common/ASC.OAuth/authorization/src/main/java/com/onlyoffice/authorization/configuration/ApplicationConfiguration.java
View File

@ -77,12 +77,7 @@ public class ApplicationConfiguration {
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
)
.csrf(c -> {
c.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
c.csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler());
})
.addFilterAfter(new CookieCsrfFilter(), BasicAuthenticationFilter.class)
.addFilterAfter(new SimpleCORSFilter(), BasicAuthenticationFilter.class)
.build();
}
}

13
common/ASC.OAuth/authorization/src/main/java/com/onlyoffice/authorization/configuration/AuthorizationServerConfiguration.java
View File

@ -3,8 +3,6 @@ package com.onlyoffice.authorization.configuration;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.SecurityContext;
import com.onlyoffice.authorization.extensions.filters.CookieCsrfFilter;
import com.onlyoffice.authorization.extensions.filters.SimpleCORSFilter;
import com.onlyoffice.authorization.extensions.jwks.JwksKeyPairGenerator;
import com.onlyoffice.authorization.extensions.providers.DocspaceAuthenticationProvider;
import jakarta.servlet.RequestDispatcher;
@ -16,7 +14,6 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
@ -30,9 +27,6 @@ import org.springframework.security.oauth2.server.authorization.settings.ClientS
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import java.security.NoSuchAlgorithmException;
@ -62,13 +56,6 @@ public class AuthorizationServerConfiguration {
dispatcher.forward(request, response);
}, new AntPathRequestMatcher(applicationConfiguration.getLogin())));
http.csrf(c -> {
c.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
c.csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler());
});
http.addFilterAfter(new CookieCsrfFilter(), BasicAuthenticationFilter.class);
http.addFilterAfter(new SimpleCORSFilter(), BasicAuthenticationFilter.class);
return http.build();
}

20
common/ASC.OAuth/authorization/src/main/java/com/onlyoffice/authorization/controllers/AuthorizationConsentController.java
View File

@ -56,20 +56,12 @@ public class AuthorizationConsentController {
}
}
String url = String.format(
"redirect:%s/consent?clientId=%s&state=%s&principalName=%s",
configuration.getFrontendUrl(),
clientId,
state,
principal.getName()
);
model.addAttribute("clientId", clientId);
model.addAttribute("state", state);
model.addAttribute("scopes", scopesToApprove);
model.addAttribute("previouslyApprovedScopes", previouslyApprovedScopes);
model.addAttribute("principalName", principal.getName());
if (scope.length() > 0)
url += String.format("&scopes=%s", String.join(",", scopesToApprove));
if (previouslyApprovedScopes.size() > 0)
url += String.format("&previouslyApprovedScopes=%s", String.join(",", previouslyApprovedScopes));
return url;
return "consent";
}
}

21
common/ASC.OAuth/authorization/src/main/java/com/onlyoffice/authorization/controllers/LoginController.java
View File

@ -6,6 +6,7 @@ import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
@Controller
@RequiredArgsConstructor
@ -18,10 +19,20 @@ public class LoginController {
public String login(HttpServletRequest request) {
log.debug("A new login request");
if (request.getDispatcherType().name() == null || !request.getDispatcherType().name().equals(FORWARD))
return String.format("redirect:%s/error", configuration.getFrontendUrl());
return String.format(
"redirect:%s/login?%s",
configuration.getFrontendUrl(),
request.getQueryString());
return "error";
return "login";
}
@GetMapping("/authorized")
public String authorized(
@RequestParam(name = "error", required = false) String error,
@RequestParam(name = "error_description", required = false) String description
) {
log.debug("Authorized redirect");
if (error != null && !error.isBlank() && description != null && !description.isBlank()) {
log.debug("Authorization error has occurred {} - {}", error, description);
return "error";
}
return "authorized";
}
}