package org.sonar.server.authentication;
+import com.google.common.io.Resources;
import java.io.IOException;
+import java.net.URL;
+import java.nio.charset.StandardCharsets;
import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringUtils;
+import org.sonar.api.internal.apachecommons.lang.StringEscapeUtils;
import org.sonar.api.platform.Server;
import org.sonar.api.web.ServletFilter;
public static final String VALIDATION_RELAY_STATE = "validation-query";
public static final String SAML_VALIDATION_URL = "/saml/validation_callback";
+ private String redirectionPageTemplate;
private final Server server;
public SamlValidationRedirectionFilter(Server server) {
return UrlPattern.create(CALLBACK_PATH + "saml");
}
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ super.init(filterConfig);
+ this.redirectionPageTemplate = extractTemplate("validation-redirection.html");
+ }
+
+ String extractTemplate(String templateLocation) {
+ try {
+ URL url = Resources.getResource(templateLocation);
+ return Resources.toString(url, StandardCharsets.UTF_8);
+ } catch (IOException | IllegalArgumentException e) {
+ throw new IllegalStateException("Cannot read the template " + templateLocation, e);
+ }
+ }
+
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
if (isSamlValidation(httpRequest)) {
HttpServletResponse httpResponse = (HttpServletResponse) response;
- httpResponse.setStatus(HttpServletResponse.SC_TEMPORARY_REDIRECT);
- httpResponse.setHeader("Location", server.getContextPath() + SAML_VALIDATION_URL);
+
+ String samlResponse = StringEscapeUtils.escapeHtml(request.getParameter("SAMLResponse"));
+
+ String template = StringUtils.replaceEachRepeatedly(redirectionPageTemplate,
+ new String[]{"%VALIDATION_URL%", "%SAML_RESPONSE%"},
+ new String[]{server.getContextPath() + SAML_VALIDATION_URL, samlResponse});
+
+ httpResponse.setContentType("text/html");
+ httpResponse.getWriter().print(template);
return;
}
chain.doFilter(request, response);
package org.sonar.server.authentication;
import java.io.IOException;
+import java.io.PrintWriter;
import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
+import org.mockito.ArgumentCaptor;
import org.sonar.api.platform.Server;
import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.Assert.assertThrows;
+import static org.mockito.ArgumentMatchers.matches;
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoInteractions;
+import static org.mockito.Mockito.when;
public class SamlValidationRedirectionFilterTest {
SamlValidationRedirectionFilter underTest;
@Before
- public void setup() {
+ public void setup() throws ServletException {
Server server = mock(Server.class);
doReturn("").when(server).getContextPath();
underTest = new SamlValidationRedirectionFilter(server);
+ underTest.init(mock(FilterConfig.class));
}
@Test
HttpServletResponse servletResponse = mock(HttpServletResponse.class);
FilterChain filterChain = mock(FilterChain.class);
- doReturn("validation-query").when(servletRequest).getParameter("RelayState");
+ String validSample = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
+ when(servletRequest.getParameter(matches("SAMLResponse"))).thenReturn(validSample);
+ when(servletRequest.getParameter(matches("RelayState"))).thenReturn("validation-query");
+ PrintWriter pw = mock(PrintWriter.class);
+ when(servletResponse.getWriter()).thenReturn(pw);
+
underTest.doFilter(servletRequest, servletResponse, filterChain);
- verify(servletResponse).setStatus(HttpServletResponse.SC_TEMPORARY_REDIRECT);
- verify(servletResponse).setHeader("Location", "/saml/validation_callback");
+ verify(servletResponse).setContentType("text/html");
+ ArgumentCaptor<String> htmlProduced = ArgumentCaptor.forClass(String.class);
+ verify(pw).print(htmlProduced.capture());
+ assertThat(htmlProduced.getValue()).contains(validSample);
+ }
+
+ @Test
+ public void do_filter_validation_wrong_SAML_response() throws ServletException, IOException {
+ HttpServletRequest servletRequest = mock(HttpServletRequest.class);
+ HttpServletResponse servletResponse = mock(HttpServletResponse.class);
+ FilterChain filterChain = mock(FilterChain.class);
+
+ String maliciousSaml = "test\"</input><script>/*hack website*/</script><input value=\"";
+
+ when(servletRequest.getParameter(matches("SAMLResponse"))).thenReturn(maliciousSaml);
+ when(servletRequest.getParameter(matches("RelayState"))).thenReturn("validation-query");
+ PrintWriter pw = mock(PrintWriter.class);
+ when(servletResponse.getWriter()).thenReturn(pw);
+
+ underTest.doFilter(servletRequest, servletResponse, filterChain);
+
+ verify(servletResponse).setContentType("text/html");
+ ArgumentCaptor<String> htmlProduced = ArgumentCaptor.forClass(String.class);
+ verify(pw).print(htmlProduced.capture());
+ assertThat(htmlProduced.getValue()).doesNotContain("<script>/*hack website*/</script>");
}
@Test
verifyNoInteractions(servletResponse);
}
+
+ @Test
+ public void extract_nonexistant_template() {
+ assertThrows(IllegalStateException.class, () -> underTest.extractTemplate("not-there"));
+ }
}
projects / sonarqube.git / commitdiff