SONAR-24047 Remove unnecessary custom proxy handling

2 files changed, 2 insertions, 69 deletions

diff --git a/server/sonar-auth-saml/src/it/java/org/sonar/auth/saml/SamlIdentityProviderIT.java b/server/sonar-auth-saml/src/it/java/org/sonar/auth/saml/SamlIdentityProviderIT.java
index a651a6d7a42..1b4542e0a0c 100644
--- a/server/sonar-auth-saml/src/it/java/org/sonar/auth/saml/SamlIdentityProviderIT.java
+++ b/server/sonar-auth-saml/src/it/java/org/sonar/auth/saml/SamlIdentityProviderIT.java
@@ -44,7 +44,6 @@ import org.sonar.api.server.http.HttpResponse;
 import org.sonar.api.testfixtures.log.LogTester;
 import org.sonar.api.utils.System2;
 import org.sonar.db.DbTester;
-import org.sonar.server.exceptions.UnauthorizedException;
 import org.sonar.server.http.JakartaHttpRequest;
 import org.sonar.server.http.JakartaHttpResponse;
 import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider;
@@ -196,40 +195,6 @@ public class SamlIdentityProviderIT {
     assertThat(callbackContext.verifyState.get()).isTrue();
   }
 
-
-  @Test
-  @Ignore("Tested with a real setup, the functionality works. The test needs to be fixed. Issue SONAR-24047")
-  public void failed_callback_when_behind_a_reverse_proxy_without_needed_header() {
-    setSettings(true);
-    setInstanceTime("2020-06-08T16:10:40.392Z");
-    // simulate reverse proxy stripping SSL and not adding X-Forwarded-Proto header
-    when(this.request.getRequestURL()).thenReturn(new StringBuffer("http://localhost/oauth2/callback/saml"));
-    DumbCallbackContext callbackContext = new DumbCallbackContext(request, response, "encoded_full_response_with_reverse_proxy.txt",
-      "https://localhost/oauth2/callback/saml");
-
-    assertThatThrownBy(() -> underTest.callback(callbackContext))
-      .isInstanceOf(UnauthorizedException.class)
-      .hasMessageContaining("The response was received at http://localhost/oauth2/callback/saml instead of https://localhost/oauth2/callback/saml");
-  }
-
-
-  @Test
-  public void successful_callback_when_behind_a_reverse_proxy_with_needed_header() {
-    setSettings(true);
-    setInstanceTime("2020-06-08T16:10:40.392Z");
-    // simulate reverse proxy stripping SSL and adding X-Forwarded-Proto header
-    when(this.request.getRequestURL()).thenReturn(new StringBuffer("http://localhost/oauth2/callback/saml"));
-    when(this.request.getHeader("X-Forwarded-Proto")).thenReturn("https");
-    DumbCallbackContext callbackContext = new DumbCallbackContext(request, response, "encoded_full_response_with_reverse_proxy.txt",
-      "https://localhost/oauth2/callback/saml");
-
-    underTest.callback(callbackContext);
-
-    assertThat(callbackContext.redirectedToRequestedPage.get()).isTrue();
-    assertThat(callbackContext.userIdentity.getProviderLogin()).isEqualTo("johndoe");
-    assertThat(callbackContext.verifyState.get()).isTrue();
-  }
-
   @Test
   public void callback_on_full_response() {
     setSettings(true);
diff --git a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlIdentityProvider.java b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlIdentityProvider.java
index bd4c97257cb..09319f5ea19 100644
--- a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlIdentityProvider.java
+++ b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlIdentityProvider.java
@@ -20,14 +20,10 @@
 package org.sonar.auth.saml;
 
 import java.util.regex.Pattern;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletRequestWrapper;
 import org.sonar.api.server.ServerSide;
 import org.sonar.api.server.authentication.Display;
 import org.sonar.api.server.authentication.OAuth2IdentityProvider;
 import org.sonar.api.server.authentication.UserIdentity;
-import org.sonar.api.server.http.HttpRequest;
-import org.sonar.server.http.JakartaHttpRequest;
 
 @ServerSide
 public class SamlIdentityProvider implements OAuth2IdentityProvider {
@@ -81,39 +77,11 @@ public class SamlIdentityProvider implements OAuth2IdentityProvider {
 
   @Override
   public void callback(CallbackContext context) {
-    //
-    // Workaround for onelogin/java-saml validation not taking into account running a reverse proxy configuration. This change
-    // makes the validation take into account 'X-Forwarded-Proto' and 'Host' headers set by the reverse proxy
-    // More details here:
-    // - https://github.com/onelogin/java-saml/issues/198
-    // - https://github.com/onelogin/java-saml/issues/95
-    //
-    HttpRequest processedRequest = useProxyHeadersInRequest(context.getHttpRequest());
-
-    UserIdentity userIdentity = samlAuthenticator.onCallback(context, processedRequest);
+
+    UserIdentity userIdentity = samlAuthenticator.onCallback(context, context.getHttpRequest());
     context.authenticate(userIdentity);
     context.redirectToRequestedPage();
 
   }
 
-  private static HttpRequest useProxyHeadersInRequest(HttpRequest request) {
-    String forwardedScheme = request.getHeader("X-Forwarded-Proto");
-    if (forwardedScheme != null) {
-      HttpServletRequest httpServletRequest = new HttpServletRequestWrapper(((JakartaHttpRequest) request).getDelegate()) {
-        @Override
-        public String getScheme() {
-          return forwardedScheme;
-        }
-
-        @Override
-        public StringBuffer getRequestURL() {
-          StringBuffer originalURL = ((HttpServletRequest) getRequest()).getRequestURL();
-          return new StringBuffer(HTTPS_PATTERN.matcher(originalURL.toString()).replaceFirst(forwardedScheme + "://"));
-        }
-      };
-      return new JakartaHttpRequest(httpServletRequest);
-    }
-
-    return request;
-  }
 }