From 9b1148abc1b4aabdba6734fe363397ff7dd1ce7c Mon Sep 17 00:00:00 2001 From: "Florian Roks, Daimler TSS GmbH" Date: Thu, 4 Mar 2021 08:14:53 +0100 Subject: [PATCH] Respect the springdoc.cache.disabled setting for recalculating the oauth2 redirect url (as is done with the generated server url in api-docs). When springdoc is reachable under multiple host-names (e.g. through proxies & direct), the authentication-redirect otherwise always contains the host that was generated the first time for that specific instance. A unit-test was also added to ensure this behavior. --- .../webmvc/ui/SwaggerWelcomeCommon.java | 10 +++- ...ingDocOauthRedirectUrlRecalculateTest.java | 49 +++++++++++++++++++ 2 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 springdoc-openapi-ui/src/test/java/test/org/springdoc/ui/app5/SpringDocOauthRedirectUrlRecalculateTest.java diff --git a/springdoc-openapi-ui/src/main/java/org/springdoc/webmvc/ui/SwaggerWelcomeCommon.java b/springdoc-openapi-ui/src/main/java/org/springdoc/webmvc/ui/SwaggerWelcomeCommon.java index fb55bd023..9d633644c 100644 --- a/springdoc-openapi-ui/src/main/java/org/springdoc/webmvc/ui/SwaggerWelcomeCommon.java +++ b/springdoc-openapi-ui/src/main/java/org/springdoc/webmvc/ui/SwaggerWelcomeCommon.java @@ -16,6 +16,8 @@ import static org.springdoc.core.Constants.SWAGGER_UI_URL; public abstract class SwaggerWelcomeCommon extends AbstractSwaggerWelcome { + private String originalRelativeOauth2RedirectUrl; + /** * Instantiates a new Abstract swagger welcome. * @param swaggerUiConfig the swagger ui config @@ -28,7 +30,7 @@ public SwaggerWelcomeCommon(SwaggerUiConfigProperties swaggerUiConfig, SpringDoc protected String redirectToUi(HttpServletRequest request) { buildConfigUrl(request.getContextPath(), ServletUriComponentsBuilder.fromCurrentContextPath()); - String sbUrl = swaggerUiConfigParameters.getUiRootPath() + SWAGGER_UI_URL; + String sbUrl = swaggerUiConfigParameters.getUiRootPath() + SWAGGER_UI_URL; UriComponentsBuilder uriBuilder = getUriComponentsBuilder(sbUrl); // forward all queryParams from original request @@ -44,7 +46,11 @@ protected Map openapiJson(HttpServletRequest request) { @Override protected void calculateOauth2RedirectUrl(UriComponentsBuilder uriComponentsBuilder) { - if (!swaggerUiConfigParameters.isValidUrl(swaggerUiConfigParameters.getOauth2RedirectUrl())) + if (!swaggerUiConfigParameters.isValidUrl(swaggerUiConfigParameters.getOauth2RedirectUrl())) { + originalRelativeOauth2RedirectUrl = swaggerUiConfigParameters.getOauth2RedirectUrl(); swaggerUiConfigParameters.setOauth2RedirectUrl(uriComponentsBuilder.path(swaggerUiConfigParameters.getUiRootPath()).path(swaggerUiConfigParameters.getOauth2RedirectUrl()).build().toString()); + } else if (springDocConfigProperties.isCacheDisabled() && originalRelativeOauth2RedirectUrl != null) { + swaggerUiConfigParameters.setOauth2RedirectUrl(uriComponentsBuilder.path(swaggerUiConfigParameters.getUiRootPath()).path(originalRelativeOauth2RedirectUrl).build().toString()); + } } } diff --git a/springdoc-openapi-ui/src/test/java/test/org/springdoc/ui/app5/SpringDocOauthRedirectUrlRecalculateTest.java b/springdoc-openapi-ui/src/test/java/test/org/springdoc/ui/app5/SpringDocOauthRedirectUrlRecalculateTest.java new file mode 100644 index 000000000..620360ace --- /dev/null +++ b/springdoc-openapi-ui/src/test/java/test/org/springdoc/ui/app5/SpringDocOauthRedirectUrlRecalculateTest.java @@ -0,0 +1,49 @@ +/* + * + * * Copyright 2019-2020 the original author or authors. + * * + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * https://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * + */ + +package test.org.springdoc.ui.app5; + +import org.junit.jupiter.api.Test; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.test.context.TestPropertySource; +import test.org.springdoc.ui.AbstractSpringDocTest; + +import static org.hamcrest.CoreMatchers.equalTo; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +@TestPropertySource(properties = {"server.forward-headers-strategy=framework", "springdoc.cache.disabled=true"}) +public class SpringDocOauthRedirectUrlRecalculateTest extends AbstractSpringDocTest { + + @Test + public void oauth2_redirect_url_recalculation() throws Exception { + mockMvc.perform(get("/v3/api-docs/swagger-config").header("X-Forwarded-Proto", "https").header("X-Forwarded-Host", "host1")) + .andExpect(status().isOk()) + .andExpect(jsonPath("oauth2RedirectUrl", equalTo("https://host1/swagger-ui/oauth2-redirect.html"))); + + mockMvc.perform(get("/v3/api-docs/swagger-config").header("X-Forwarded-Proto", "http").header("X-Forwarded-Host", "host2:8080")) + .andExpect(status().isOk()) + .andExpect(jsonPath("oauth2RedirectUrl", equalTo("http://host2:8080/swagger-ui/oauth2-redirect.html"))); + } + + @SpringBootApplication + static class SpringDocTestApp { + } + +} \ No newline at end of file