From be0100c3d6489db77d06a8c3b1d5265db1bce91a Mon Sep 17 00:00:00 2001 From: milanmajchrak Date: Thu, 25 Apr 2024 12:11:22 +0200 Subject: [PATCH 1/3] Added email validation and input/output encodings are loaded from the cfg. --- .../clarin/ClarinShibAuthentication.java | 20 +++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java b/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java index 28fd67a71599..f32440755f95 100644 --- a/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java +++ b/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java @@ -578,7 +578,7 @@ protected EPerson findEPerson(Context context, HttpServletRequest request) throw // 2) Second, look for an email header. if (eperson == null && emailHeader != null) { - String email = findSingleAttribute(request, emailHeader); + String email = getEmailAcceptedOrNull(findSingleAttribute(request, emailHeader)); if (StringUtils.isEmpty(email) && Objects.nonNull(clarinVerificationToken)) { email = clarinVerificationToken.getEmail(); } @@ -694,7 +694,7 @@ protected EPerson registerNewEPerson(Context context, HttpServletRequest request // Header values String netid = Util.formatNetId(findSingleAttribute(request, netidHeader), org); - String email = findSingleAttribute(request, emailHeader); + String email = getEmailAcceptedOrNull(findSingleAttribute(request, emailHeader)); String fname = Headers.updateValueByCharset(findSingleAttribute(request, fnameHeader)); String lname = Headers.updateValueByCharset(findSingleAttribute(request, lnameHeader)); @@ -816,7 +816,7 @@ protected void updateEPerson(Context context, HttpServletRequest request, EPerso String lnameHeader = configurationService.getProperty("authentication-shibboleth.lastname-header"); String netid = Util.formatNetId(findSingleAttribute(request, netidHeader), shibheaders.get_idp()); - String email = findSingleAttribute(request, emailHeader); + String email = getEmailAcceptedOrNull(findSingleAttribute(request, emailHeader)); String fname = Headers.updateValueByCharset(findSingleAttribute(request, fnameHeader)); String lname = Headers.updateValueByCharset(findSingleAttribute(request, lnameHeader)); @@ -1171,7 +1171,12 @@ protected String findAttribute(HttpServletRequest request, String name) { if (!StringUtils.isEmpty(value) && reconvertAttributes) { try { - value = new String(value.getBytes("ISO-8859-1"), "UTF-8"); + String inputEncoding = configurationService.getProperty("shibboleth.name.conversion.inputEncoding", + "ISO-8859-1"); + String outputEncoding = configurationService.getProperty("shibboleth.name.conversion.outputEncoding", + "UTF-8"); + + value = new String(value.getBytes(inputEncoding), outputEncoding); } catch (UnsupportedEncodingException ex) { log.warn("Failed to reconvert shibboleth attribute (" + name + ").", ex); @@ -1324,5 +1329,12 @@ public boolean canChangePassword(Context context, EPerson ePerson, String curren public boolean areSpecialGroupsApplicable(Context context, HttpServletRequest request) { return true; } + + public String getEmailAcceptedOrNull(String email) { + if (email == null || email.isEmpty() || email.matches(".*\\s+.*")){ // no whitespaces in mail + return null; + } + return email; + } } From 22839c7209d2ce7134e3af719561b89bfa549f92 Mon Sep 17 00:00:00 2001 From: milanmajchrak Date: Thu, 25 Apr 2024 12:46:26 +0200 Subject: [PATCH 2/3] Fixed checkstyle violation --- .../dspace/authenticate/clarin/ClarinShibAuthentication.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java b/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java index f32440755f95..3e75a46bab48 100644 --- a/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java +++ b/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java @@ -1331,7 +1331,7 @@ public boolean areSpecialGroupsApplicable(Context context, HttpServletRequest re } public String getEmailAcceptedOrNull(String email) { - if (email == null || email.isEmpty() || email.matches(".*\\s+.*")){ // no whitespaces in mail + if (email == null || email.isEmpty() || email.matches(".*\\s+.*")) { // no whitespaces in mail return null; } return email; From cf7c8c05cf9fd561971adc940c038f36f9157659 Mon Sep 17 00:00:00 2001 From: milanmajchrak Date: Tue, 7 May 2024 08:45:48 +0200 Subject: [PATCH 3/3] Refactored condition which check empty character in the email. --- .../dspace/authenticate/clarin/ClarinShibAuthentication.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java b/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java index 3e75a46bab48..822543d08c80 100644 --- a/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java +++ b/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java @@ -18,6 +18,7 @@ import java.util.Map; import java.util.Objects; import java.util.UUID; +import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -1331,7 +1332,8 @@ public boolean areSpecialGroupsApplicable(Context context, HttpServletRequest re } public String getEmailAcceptedOrNull(String email) { - if (email == null || email.isEmpty() || email.matches(".*\\s+.*")) { // no whitespaces in mail + // no whitespaces in mail + if (StringUtils.isEmpty(email) || Pattern.compile("\\s").matcher(email).find()) { return null; } return email;