fix: filter redirect URLs after login (#18584)

* fix: filter redirect URLs after login
dhis2 · Sep 12, 2024 · 0debfeb · 0debfeb
1 parent 3f32483
commit 0debfeb
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 9 deletions.
diff --git a/...-api/src/main/java/org/hisp/dhis/webapi/controller/security/AuthenticationController.java b/...-api/src/main/java/org/hisp/dhis/webapi/controller/security/AuthenticationController.java
@@ -226,17 +226,21 @@ private String getRedirectUrl(HttpServletRequest request, HttpServletResponse re
     SavedRequest savedRequest = requestCache.getRequest(request, null);
     if (savedRequest != null) {
       DefaultSavedRequest defaultSavedRequest = (DefaultSavedRequest) savedRequest;
-
-      if (defaultSavedRequest.getQueryString() != null) {
-        redirectUrl =
-            defaultSavedRequest.getRequestURI() + "?" + defaultSavedRequest.getQueryString();
-      } else {
-        redirectUrl = defaultSavedRequest.getRequestURI();
+      if (!filterSavedRequest(defaultSavedRequest)) {
+        if (defaultSavedRequest.getQueryString() != null) {
+          redirectUrl =
+              defaultSavedRequest.getRequestURI() + "?" + defaultSavedRequest.getQueryString();
+        } else {
+          redirectUrl = defaultSavedRequest.getRequestURI();
+        }
       }
-
       this.requestCache.removeRequest(request, response);
     }
-
     return redirectUrl;
   }
+
+  private boolean filterSavedRequest(DefaultSavedRequest savedRequest) {
+    String requestURI = savedRequest.getRequestURI();
+    return !requestURI.endsWith(".html") && !requestURI.endsWith("/") && requestURI.contains(".");
+  }
 }
diff --git a/dhis-2/dhis-web-server/src/test/java/org/hisp/dhis/auth/AuthTest.java b/dhis-2/dhis-web-server/src/test/java/org/hisp/dhis/auth/AuthTest.java
@@ -217,7 +217,36 @@ void testRedirectWithoutQueryParam() {
     testRedirectUrl("/api/users");
   }
 
+  @Test
+  void testRedirectToResource() {
+    testRedirectUrl("/api/users/resource.js", "/dhis-web-dashboard/");
+  }
+
+  @Test
+  void testRedirectToHtmlResource() {
+    testRedirectUrl("/api/users/resource.html", "/api/users/resource.html");
+  }
+
+  @Test
+  void testRedirectToSlashEnding() {
+    testRedirectUrl("/api/users/", "/api/users/");
+  }
+
+  @Test
+  void testRedirectToResourceWorker() {
+    testRedirectUrl("/dhis-web-dashboard/service-worker.js", "/dhis-web-dashboard/");
+  }
+
+  @Test
+  void testRedirectToCssResourceWorker() {
+    testRedirectUrl("/dhis-web-dashboard/static/css/main.4536e618.css", "/dhis-web-dashboard/");
+  }
+
   private static void testRedirectUrl(String url) {
+    testRedirectUrl(url, url);
+  }
+
+  private static void testRedirectUrl(String url, String redirectUrl) {
     String port = Integer.toString(availablePort);
 
     RestTemplate restTemplate = new RestTemplate();
@@ -243,6 +272,6 @@ private static void testRedirectUrl(String url) {
     assertNotNull(body);
     assertEquals(LoginResponse.STATUS.SUCCESS, body.getLoginStatus());
 
-    assertEquals(url, body.getRedirectUrl());
+    assertEquals(redirectUrl, body.getRedirectUrl());
   }
 }