fix issue when incorrect case url is used on emailed token links

2017-12-04 15:29:03 -05:00 · 2017-12-04 15:29:03 -05:00 · 741d55c731
commit 741d55c731
parent 1585b8dae5
6 changed files with 14 additions and 7 deletions
--- a/server/src/main/java/password/pwm/http/HttpHeader.java
+++ b/server/src/main/java/password/pwm/http/HttpHeader.java
@ -46,6 +46,9 @@ public enum HttpHeader {
    UserAgent("User-Agent"),
    Referer("Referer"),
    Origin("Origin"),
+    XForwardedFor("X-Forwarded-For"),
+    ETag("ETag"),
+    Expires("Expires"),

    XFrameOptions("X-Frame-Options"),
    XContentTypeOptions("X-Content-Type-Options"),
--- a/server/src/main/java/password/pwm/http/PwmRequest.java
+++ b/server/src/main/java/password/pwm/http/PwmRequest.java
@ -41,6 +41,7 @@ import password.pwm.error.ErrorInformation;
 import password.pwm.error.PwmError;
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.http.bean.ImmutableByteArray;
+import password.pwm.http.servlet.AbstractPwmServlet;
 import password.pwm.http.servlet.PwmServletDefinition;
 import password.pwm.http.servlet.command.CommandServlet;
 import password.pwm.ldap.UserInfo;
@ -290,7 +291,10 @@ public class PwmRequest extends PwmHttpRequestWrapper {
        Validator.validatePwmFormID(this);
    }

-    public boolean convertURLtokenCommand()
+    public boolean convertURLtokenCommand(
+            final PwmServletDefinition pwmServletDefinition,
+            final AbstractPwmServlet.ProcessAction processAction
+    )
            throws IOException, PwmUnrecoverableException
    {
        final String uri = getURLwithoutQueryString();
@ -324,9 +328,9 @@ public class PwmRequest extends PwmHttpRequestWrapper {

        final StringBuilder redirectURL = new StringBuilder();
        redirectURL.append(this.getHttpServletRequest().getContextPath());
-        redirectURL.append(this.getHttpServletRequest().getServletPath());
+        redirectURL.append(pwmServletDefinition.servletUrl());
        redirectURL.append("?");
-        redirectURL.append(PwmConstants.PARAM_ACTION_REQUEST).append("=enterCode");
+        redirectURL.append(PwmConstants.PARAM_ACTION_REQUEST).append("=").append(processAction.toString());
        redirectURL.append("&");
        redirectURL.append(PwmConstants.PARAM_TOKEN).append("=").append(tokenValue);

--- a/server/src/main/java/password/pwm/http/client/PwmHttpClient.java
+++ b/server/src/main/java/password/pwm/http/client/PwmHttpClient.java
@ -182,7 +182,7 @@ public class PwmHttpClient {
        for (final Map.Entry<String, String> headerEntry : headers.entrySet()) {
            final HttpHeader httpHeader = HttpHeader.forHttpHeader(headerEntry.getKey());
            final boolean sensitive = httpHeader != null && httpHeader.isSensitive();
-            msg.append("  header: ").append( httpHeader.getHttpName() ).append("=");
+            msg.append("  header: ").append( headerEntry.getValue() ).append("=");
            if (sensitive) {
                msg.append(PwmConstants.LOG_REMOVED_VALUE_REPLACEMENT);
            } else {
--- a/server/src/main/java/password/pwm/http/servlet/ActivateUserServlet.java
+++ b/server/src/main/java/password/pwm/http/servlet/ActivateUserServlet.java
@ -171,7 +171,7 @@ public class ActivateUserServlet extends AbstractPwmServlet {

        // convert a url command like /pwm/public/NewUserServlet/12321321 to redirect with a process action.
        if (action == null) {
-            if (pwmRequest.convertURLtokenCommand()) {
+            if (pwmRequest.convertURLtokenCommand(PwmServletDefinition.ActivateUser, ActivateUserAction.enterCode)) {
                return;
            }
        } else {
--- a/server/src/main/java/password/pwm/http/servlet/forgottenpw/ForgottenPasswordServlet.java
+++ b/server/src/main/java/password/pwm/http/servlet/forgottenpw/ForgottenPasswordServlet.java
@ -205,7 +205,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet {

        // convert a url command like /public/newuser/12321321 to redirect with a process action.
        if (action == null) {
-            if (pwmRequest.convertURLtokenCommand()) {
+            if (pwmRequest.convertURLtokenCommand(PwmServletDefinition.ForgottenPassword, ForgottenPasswordAction.enterCode)) {
                return ProcessStatus.Halt;
            }
        }
--- a/server/src/main/java/password/pwm/http/servlet/newuser/NewUserServlet.java
+++ b/server/src/main/java/password/pwm/http/servlet/newuser/NewUserServlet.java
@ -164,7 +164,7 @@ public class NewUserServlet extends ControlledPwmServlet {

        // convert a url command like /public/newuser/12321321 to redirect with a process action.
        if (action == null) {
-            if (pwmRequest.convertURLtokenCommand()) {
+            if (pwmRequest.convertURLtokenCommand(PwmServletDefinition.NewUser, NewUserAction.enterCode)) {
                return ProcessStatus.Halt;
            }
        } else if (action != NewUserAction.complete && action != NewUserAction.checkProgress ) {