From ede5afcbdd39d74064abe0ff84c11c50b102d276 Mon Sep 17 00:00:00 2001
From: Matteo Mara <matteo.mara@sonarsource.com>
Date: Thu, 16 Mar 2023 10:44:39 +0100
Subject: SONAR-18809 fix SSF-358

Co-authored-by: Ambroise C <ambroise.christea@sonarsource.com>
---
 .../auth/saml/SamlAuthStatusPageGenerator.java     | 12 ++++-----
 .../org/sonar/auth/saml/SamlAuthenticator.java     |  6 ++---
 .../src/main/resources/samlAuthResult.html         |  7 ++++-
 .../auth/saml/SamlAuthStatusPageGeneratorTest.java |  5 +++-
 .../org/sonar/auth/saml/SamlAuthenticatorTest.java |  2 ++
 .../src/test/resources/samlAuthResultEmpty.html    | 31 +++++++++++++---------
 6 files changed, 39 insertions(+), 24 deletions(-)

(limited to 'server/sonar-auth-saml/src')

diff --git a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlAuthStatusPageGenerator.java b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlAuthStatusPageGenerator.java
index d29d21d105a..5c774e2d501 100644
--- a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlAuthStatusPageGenerator.java
+++ b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlAuthStatusPageGenerator.java
@@ -25,21 +25,21 @@ import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
 import org.json.JSONObject;
 
 public final class SamlAuthStatusPageGenerator {
 
   private static final String WEB_CONTEXT = "%WEB_CONTEXT%";
   private static final String SAML_AUTHENTICATION_STATUS = "%SAML_AUTHENTICATION_STATUS%";
-
   private static final String HTML_TEMPLATE_NAME = "samlAuthResult.html";
 
   private SamlAuthStatusPageGenerator() {
     throw new IllegalStateException("This Utility class cannot be instantiated");
   }
 
-  public static String getSamlAuthStatusHtml(SamlAuthenticationStatus samlAuthenticationStatus) {
-    Map<String, String> substitutionsMap = getSubstitutionsMap(samlAuthenticationStatus);
+  public static String getSamlAuthStatusHtml(HttpServletRequest request, SamlAuthenticationStatus samlAuthenticationStatus) {
+    Map<String, String> substitutionsMap = getSubstitutionsMap(request, samlAuthenticationStatus);
     String htmlTemplate = getPlainTemplate();
 
     return substitutionsMap
@@ -48,15 +48,15 @@ public final class SamlAuthStatusPageGenerator {
       .reduce(htmlTemplate, (accumulator, pattern) -> accumulator.replace(pattern, substitutionsMap.get(pattern)));
   }
 
-  private static Map<String, String> getSubstitutionsMap(SamlAuthenticationStatus samlAuthenticationStatus) {
+  private static Map<String, String> getSubstitutionsMap(HttpServletRequest request, SamlAuthenticationStatus samlAuthenticationStatus) {
     return Map.of(
-      WEB_CONTEXT, "",
+      WEB_CONTEXT, request.getContextPath(),
       SAML_AUTHENTICATION_STATUS, getBase64EncodedStatus(samlAuthenticationStatus));
   }
 
   private static String getBase64EncodedStatus(SamlAuthenticationStatus samlAuthenticationStatus) {
     byte[] bytes = new JSONObject(samlAuthenticationStatus).toString().getBytes(StandardCharsets.UTF_8);
-    return String.format("'%s'", Base64.getEncoder().encodeToString(bytes));
+    return String.format("%s", Base64.getEncoder().encodeToString(bytes));
   }
 
   private static String getPlainTemplate() {
diff --git a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlAuthenticator.java b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlAuthenticator.java
index 20406d36db2..42e0697fe1c 100644
--- a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlAuthenticator.java
+++ b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlAuthenticator.java
@@ -210,10 +210,10 @@ public class SamlAuthenticator {
 
   public String getAuthenticationStatusPage(HttpServletRequest request, HttpServletResponse response) {
     try {
-      Auth auth = this.initSamlAuth(request, response);
-      return getSamlAuthStatusHtml(getSamlAuthenticationStatus(auth, samlSettings));
+      Auth auth = initSamlAuth(request, response);
+      return getSamlAuthStatusHtml(request, getSamlAuthenticationStatus(auth, samlSettings));
     } catch (IllegalStateException e) {
-      return getSamlAuthStatusHtml(getSamlAuthenticationStatus(String.format("%s due to: %s", e.getMessage(), e.getCause().getMessage())));
+      return getSamlAuthStatusHtml(request, getSamlAuthenticationStatus(String.format("%s due to: %s", e.getMessage(), e.getCause().getMessage())));
     }
   }
 }
diff --git a/server/sonar-auth-saml/src/main/resources/samlAuthResult.html b/server/sonar-auth-saml/src/main/resources/samlAuthResult.html
index 85e987b33ca..a49503aa659 100644
--- a/server/sonar-auth-saml/src/main/resources/samlAuthResult.html
+++ b/server/sonar-auth-saml/src/main/resources/samlAuthResult.html
@@ -113,9 +113,12 @@
       <div class="box">
         <div id="status"></div>
       </div>
+      <div id="response" data-response="%SAML_AUTHENTICATION_STATUS%"></div>
     </div>
 
     <script>
+      window.addEventListener('DOMContentLoaded', (event) => {
+
       function createBox() {
         const box = document.createElement("div");
         box.className = "box";
@@ -173,7 +176,8 @@
         container.appendChild(box);
       }
 
-      const response = %SAML_AUTHENTICATION_STATUS%;
+      const variables = document.querySelector("#response");
+      const response = variables.dataset.response;
       const decodedStatus = JSON.parse(atob(response));
       const status = decodedStatus.status;
       const attributes = decodedStatus.availableAttributes;
@@ -206,6 +210,7 @@
           addSection(container, "Attribute mappings", createTable(mappings));
         }
       }
+      });
     </script>
   </body>
 </html>
diff --git a/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlAuthStatusPageGeneratorTest.java b/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlAuthStatusPageGeneratorTest.java
index 643129df0c7..440279c227b 100644
--- a/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlAuthStatusPageGeneratorTest.java
+++ b/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlAuthStatusPageGeneratorTest.java
@@ -25,6 +25,7 @@ import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.HashMap;
+import javax.servlet.http.HttpServletRequest;
 import org.junit.Test;
 
 import static org.junit.Assert.assertEquals;
@@ -38,14 +39,16 @@ public class SamlAuthStatusPageGeneratorTest {
   @Test
   public void test_full_html_generation_with_empty_values() {
     SamlAuthenticationStatus samlAuthenticationStatus = mock(SamlAuthenticationStatus.class);
+    HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
 
     when(samlAuthenticationStatus.getStatus()).thenReturn(null);
     when(samlAuthenticationStatus.getErrors()).thenReturn(new ArrayList<>());
     when(samlAuthenticationStatus.getWarnings()).thenReturn(new ArrayList<>());
     when(samlAuthenticationStatus.getAvailableAttributes()).thenReturn(new HashMap<>());
     when(samlAuthenticationStatus.getMappedAttributes()).thenReturn(new HashMap<>());
+    when(httpServletRequest.getContextPath()).thenReturn("context");
 
-    String completeHtmlTemplate = getSamlAuthStatusHtml(samlAuthenticationStatus);
+    String completeHtmlTemplate = getSamlAuthStatusHtml(httpServletRequest, samlAuthenticationStatus);
     String expectedTemplate = loadTemplateFromResources(EMPTY_HTML_TEMPLATE_NAME);
 
     assertEquals(expectedTemplate, completeHtmlTemplate);
diff --git a/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlAuthenticatorTest.java b/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlAuthenticatorTest.java
index fe2ce6a5aad..1c473879e3d 100644
--- a/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlAuthenticatorTest.java
+++ b/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlAuthenticatorTest.java
@@ -25,6 +25,7 @@ import org.junit.Test;
 
 import static org.junit.Assert.*;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 public class SamlAuthenticatorTest {
 
@@ -33,6 +34,7 @@ public class SamlAuthenticatorTest {
     SamlAuthenticator samlAuthenticator = new SamlAuthenticator(mock(SamlSettings.class), mock(SamlMessageIdChecker.class));
     HttpServletRequest request = mock(HttpServletRequest.class);
     HttpServletResponse response = mock(HttpServletResponse.class);
+    when(request.getContextPath()).thenReturn("context");
 
     String authenticationStatus = samlAuthenticator.getAuthenticationStatusPage(request, response);
 
diff --git a/server/sonar-auth-saml/src/test/resources/samlAuthResultEmpty.html b/server/sonar-auth-saml/src/test/resources/samlAuthResultEmpty.html
index de4879d8ce3..b592d671155 100644
--- a/server/sonar-auth-saml/src/test/resources/samlAuthResultEmpty.html
+++ b/server/sonar-auth-saml/src/test/resources/samlAuthResultEmpty.html
@@ -3,40 +3,40 @@
   <head>
     <meta http-equiv="content-type" content="text/html; charset=UTF-8" charset="UTF-8" />
     <meta http-equiv="X-UA-Compatible" content="IE=edge" />
-    <link rel="apple-touch-icon" href="/apple-touch-icon.png" />
-    <link rel="apple-touch-icon" sizes="57x57" href="/apple-touch-icon-57x57.png" />
-    <link rel="apple-touch-icon" sizes="60x60" href="/apple-touch-icon-60x60.png" />
-    <link rel="apple-touch-icon" sizes="72x72" href="/apple-touch-icon-72x72.png" />
-    <link rel="apple-touch-icon" sizes="76x76" href="/apple-touch-icon-76x76.png" />
+    <link rel="apple-touch-icon" href="context/apple-touch-icon.png" />
+    <link rel="apple-touch-icon" sizes="57x57" href="context/apple-touch-icon-57x57.png" />
+    <link rel="apple-touch-icon" sizes="60x60" href="context/apple-touch-icon-60x60.png" />
+    <link rel="apple-touch-icon" sizes="72x72" href="context/apple-touch-icon-72x72.png" />
+    <link rel="apple-touch-icon" sizes="76x76" href="context/apple-touch-icon-76x76.png" />
     <link
       rel="apple-touch-icon"
       sizes="114x114"
-      href="/apple-touch-icon-114x114.png"
+      href="context/apple-touch-icon-114x114.png"
     />
     <link
       rel="apple-touch-icon"
       sizes="120x120"
-      href="/apple-touch-icon-120x120.png"
+      href="context/apple-touch-icon-120x120.png"
     />
     <link
       rel="apple-touch-icon"
       sizes="144x144"
-      href="/apple-touch-icon-144x144.png"
+      href="context/apple-touch-icon-144x144.png"
     />
     <link
       rel="apple-touch-icon"
       sizes="152x152"
-      href="/apple-touch-icon-152x152.png"
+      href="context/apple-touch-icon-152x152.png"
     />
     <link
       rel="apple-touch-icon"
       sizes="180x180"
-      href="/apple-touch-icon-180x180.png"
+      href="context/apple-touch-icon-180x180.png"
     />
-    <link rel="icon" type="image/x-icon" href="/favicon.ico" />
+    <link rel="icon" type="image/x-icon" href="context/favicon.ico" />
     <meta name="application-name" content="SonarQube" />
     <meta name="msapplication-TileColor" content="#FFFFFF" />
-    <meta name="msapplication-TileImage" content="/mstile-512x512.png" />
+    <meta name="msapplication-TileImage" content="context/mstile-512x512.png" />
     <title>SAML Authentication Test</title>
 
     <style>
@@ -113,9 +113,12 @@
       <div class="box">
         <div id="status"></div>
       </div>
+      <div id="response" data-response="eyJ3YXJuaW5ncyI6W10sImF2YWlsYWJsZUF0dHJpYnV0ZXMiOnt9LCJlcnJvcnMiOltdLCJtYXBwZWRBdHRyaWJ1dGVzIjp7fX0="></div>
     </div>
 
     <script>
+      window.addEventListener('DOMContentLoaded', (event) => {
+
       function createBox() {
         const box = document.createElement("div");
         box.className = "box";
@@ -173,7 +176,8 @@
         container.appendChild(box);
       }
 
-      const response = 'eyJ3YXJuaW5ncyI6W10sImF2YWlsYWJsZUF0dHJpYnV0ZXMiOnt9LCJlcnJvcnMiOltdLCJtYXBwZWRBdHRyaWJ1dGVzIjp7fX0=';
+      const variables = document.querySelector("#response");
+      const response = variables.dataset.response;
       const decodedStatus = JSON.parse(atob(response));
       const status = decodedStatus.status;
       const attributes = decodedStatus.availableAttributes;
@@ -206,6 +210,7 @@
           addSection(container, "Attribute mappings", createTable(mappings));
         }
       }
+      });
     </script>
   </body>
 </html>
-- 
cgit v1.2.3