Minor fixes stopping invalid sessions (#1850)

* Update UserAuthenticationFilter.java

* Update RequestUriUtils.java

* Update RequestUriUtils.java

* Update RequestUriUtilsTest.java
This commit is contained in:
Anthony Stirling 2024-09-08 23:06:46 +02:00 committed by GitHub
parent 6f52189ed2
commit db563c765d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 6 additions and 12 deletions

View file

@ -159,7 +159,7 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
}; };
for (String pattern : permitAllPatterns) { for (String pattern : permitAllPatterns) {
if (uri.startsWith(pattern) || uri.endsWith(".svg")) { if (uri.startsWith(pattern) || uri.endsWith(".svg") || uri.endsWith(".png") || uri.endsWith(".ico")) {
return true; return true;
} }
} }

View file

@ -4,16 +4,7 @@ public class RequestUriUtils {
public static boolean isStaticResource(String requestURI) { public static boolean isStaticResource(String requestURI) {
return requestURI.startsWith("/css/") return isStaticResource("", requestURI);
|| requestURI.startsWith("/fonts/")
|| requestURI.startsWith("/js/")
|| requestURI.startsWith("/images/")
|| requestURI.startsWith("/public/")
|| requestURI.startsWith("/pdfjs/")
|| requestURI.startsWith("/pdfjs-legacy/")
|| requestURI.endsWith(".svg")
|| requestURI.endsWith(".webmanifest")
|| requestURI.startsWith("/api/v1/info/status");
} }
public static boolean isStaticResource(String contextPath, String requestURI) { public static boolean isStaticResource(String contextPath, String requestURI) {
@ -24,7 +15,10 @@ public class RequestUriUtils {
|| requestURI.startsWith(contextPath + "/images/") || requestURI.startsWith(contextPath + "/images/")
|| requestURI.startsWith(contextPath + "/public/") || requestURI.startsWith(contextPath + "/public/")
|| requestURI.startsWith(contextPath + "/pdfjs/") || requestURI.startsWith(contextPath + "/pdfjs/")
|| requestURI.startsWith(contextPath + "/login")
|| requestURI.endsWith(".svg") || requestURI.endsWith(".svg")
|| requestURI.endsWith(".png")
|| requestURI.endsWith(".ico")
|| requestURI.endsWith(".webmanifest") || requestURI.endsWith(".webmanifest")
|| requestURI.startsWith(contextPath + "/api/v1/info/status"); || requestURI.startsWith(contextPath + "/api/v1/info/status");
} }

View file

@ -19,7 +19,7 @@ public class RequestUriUtilsTest {
assertFalse(RequestUriUtils.isStaticResource("/api/v1/users")); assertFalse(RequestUriUtils.isStaticResource("/api/v1/users"));
assertFalse(RequestUriUtils.isStaticResource("/api/v1/orders")); assertFalse(RequestUriUtils.isStaticResource("/api/v1/orders"));
assertFalse(RequestUriUtils.isStaticResource("/")); assertFalse(RequestUriUtils.isStaticResource("/"));
assertFalse(RequestUriUtils.isStaticResource("/login")); assertTrue(RequestUriUtils.isStaticResource("/login"));
assertFalse(RequestUriUtils.isStaticResource("/register")); assertFalse(RequestUriUtils.isStaticResource("/register"));
assertFalse(RequestUriUtils.isStaticResource("/api/v1/products")); assertFalse(RequestUriUtils.isStaticResource("/api/v1/products"));
} }