From 2ba104bff2ee3912b40f0741b529fe4f5c5926ac Mon Sep 17 00:00:00 2001 From: Ashan Thamara Palihakkara <75057725+ashanthamara@users.noreply.github.com> Date: Sun, 3 Dec 2023 22:28:04 +0530 Subject: [PATCH 1/3] Disregard callback url regex validation when accessurl is configured in the app --- .../recovery/IdentityRecoveryConstants.java | 1 + .../NotificationPasswordRecoveryManager.java | 12 ++++++---- .../signup/UserSelfRegistrationManager.java | 15 ++++++++----- .../carbon/identity/recovery/util/Utils.java | 22 +++++++++++++++++++ 4 files changed, 41 insertions(+), 9 deletions(-) diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java index 41a1c40cb7..4d12152d06 100644 --- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java +++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java @@ -142,6 +142,7 @@ public class IdentityRecoveryConstants { public static final String EXECUTE_ACTION = "ui.execute"; public static final String UTF_8 = "UTF-8"; public static final String CALLBACK = "callback"; + public static final String ACCESS_URL = "accessUrl"; public static final String IS_LITE_SIGN_UP = "isLiteSignUp"; public static final String DEFAULT_CALLBACK_REGEX = ".*"; public static final String IS_USER_PORTAL_URL = "isUserPortalURL"; diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java index 8ef023aa87..0628203361 100644 --- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java +++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java @@ -484,12 +484,16 @@ private HashMap buildPropertyMap(Property[] properties) { private void validateCallback(Property[] properties, String tenantDomain) throws IdentityRecoveryServerException { String callbackURL = null; + String appAccessURL = null; try { callbackURL = Utils.getCallbackURL(properties); - if (StringUtils.isNotBlank(callbackURL) && !Utils.validateCallbackURL(callbackURL, tenantDomain, - IdentityRecoveryConstants.ConnectorConfig.RECOVERY_CALLBACK_REGEX)) { - throw Utils.handleServerException( - IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, callbackURL); + appAccessURL = Utils.getAccessUrl(properties); + if (StringUtils.isEmpty(appAccessURL) && !callbackURL.equals(appAccessURL)) { + if (StringUtils.isNotBlank(callbackURL) && !Utils.validateCallbackURL(callbackURL, tenantDomain, + IdentityRecoveryConstants.ConnectorConfig.RECOVERY_CALLBACK_REGEX)) { + throw Utils.handleServerException( + IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, callbackURL); + } } } catch (URISyntaxException | UnsupportedEncodingException | IdentityEventException e) { throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java index b3229e407a..7c57b2d53c 100644 --- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java +++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java @@ -97,6 +97,7 @@ import java.io.UnsupportedEncodingException; import java.net.MalformedURLException; +import java.net.URISyntaxException; import java.text.SimpleDateFormat; import java.time.Instant; import java.util.ArrayList; @@ -153,14 +154,18 @@ public NotificationResponseBean registerUser(User user, String password, Claim[] // Callback URL validation String callbackURL = null; + String appAccessUrl = null; try { callbackURL = Utils.getCallbackURLFromRegistration(properties); - if (StringUtils.isNotBlank(callbackURL) && !Utils.validateCallbackURL(callbackURL, tenantDomain, - IdentityRecoveryConstants.ConnectorConfig.SELF_REGISTRATION_CALLBACK_REGEX)) { - throw Utils.handleServerException( - IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, callbackURL); + appAccessUrl = Utils.getAccessUrl(properties); + if (StringUtils.isEmpty(appAccessUrl) && !callbackURL.equals(appAccessUrl)) { + if (StringUtils.isNotBlank(callbackURL) && !Utils.validateCallbackURL(callbackURL, tenantDomain, + IdentityRecoveryConstants.ConnectorConfig.SELF_REGISTRATION_CALLBACK_REGEX)) { + throw Utils.handleServerException( + IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, callbackURL); + } } - } catch (MalformedURLException | UnsupportedEncodingException | IdentityEventException e) { + } catch (MalformedURLException | UnsupportedEncodingException | IdentityEventException | URISyntaxException e) { throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, callbackURL); } diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java index 24279506a9..2ec1ec0b39 100644 --- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java +++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java @@ -719,6 +719,28 @@ public static String getCallbackURL(org.wso2.carbon.identity.recovery.model.Prop return callbackURL; } + public static String getAccessUrl(org.wso2.carbon.identity.recovery.model.Property[] properties) + throws UnsupportedEncodingException, URISyntaxException { + + if (properties == null) { + return null; + } + String accessURL = null; + for (org.wso2.carbon.identity.recovery.model.Property property : properties) { + if (IdentityRecoveryConstants.ACCESS_URL.equals(property.getKey())) { + accessURL = property.getValue(); + break; + } + } + + if (StringUtils.isNotBlank(accessURL)) { + URI uri = new URI(accessURL); + accessURL = new URI(uri.getScheme(), uri.getAuthority(), uri.getPath(), null, null) + .toString(); + } + return accessURL; + } + /** * Get whether this is tenant flow * From 47e973bf1bd8817ab28abe25549992ec43e49d2b Mon Sep 17 00:00:00 2001 From: Ashan Thamara Palihakkara <75057725+ashanthamara@users.noreply.github.com> Date: Tue, 5 Dec 2023 14:12:54 +0530 Subject: [PATCH 2/3] changed accessUrl property to isAccessUrlAvailable boolean property --- .../recovery/IdentityRecoveryConstants.java | 2 +- .../NotificationPasswordRecoveryManager.java | 6 ++---- .../signup/UserSelfRegistrationManager.java | 8 +++----- .../carbon/identity/recovery/util/Utils.java | 18 +++++------------- 4 files changed, 11 insertions(+), 23 deletions(-) diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java index 4d12152d06..1bd55319c9 100644 --- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java +++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java @@ -142,7 +142,7 @@ public class IdentityRecoveryConstants { public static final String EXECUTE_ACTION = "ui.execute"; public static final String UTF_8 = "UTF-8"; public static final String CALLBACK = "callback"; - public static final String ACCESS_URL = "accessUrl"; + public static final String IS_ACCESS_URL_AVAILABLE = "isAccessUrlAvailable"; public static final String IS_LITE_SIGN_UP = "isLiteSignUp"; public static final String DEFAULT_CALLBACK_REGEX = ".*"; public static final String IS_USER_PORTAL_URL = "isUserPortalURL"; diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java index 0628203361..a52c9e1a83 100644 --- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java +++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java @@ -484,11 +484,9 @@ private HashMap buildPropertyMap(Property[] properties) { private void validateCallback(Property[] properties, String tenantDomain) throws IdentityRecoveryServerException { String callbackURL = null; - String appAccessURL = null; try { - callbackURL = Utils.getCallbackURL(properties); - appAccessURL = Utils.getAccessUrl(properties); - if (StringUtils.isEmpty(appAccessURL) && !callbackURL.equals(appAccessURL)) { + if (!Utils.isAccessUrlAvailable(properties)) { + callbackURL = Utils.getCallbackURL(properties); if (StringUtils.isNotBlank(callbackURL) && !Utils.validateCallbackURL(callbackURL, tenantDomain, IdentityRecoveryConstants.ConnectorConfig.RECOVERY_CALLBACK_REGEX)) { throw Utils.handleServerException( diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java index 7c57b2d53c..5b55365428 100644 --- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java +++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java @@ -154,18 +154,16 @@ public NotificationResponseBean registerUser(User user, String password, Claim[] // Callback URL validation String callbackURL = null; - String appAccessUrl = null; try { - callbackURL = Utils.getCallbackURLFromRegistration(properties); - appAccessUrl = Utils.getAccessUrl(properties); - if (StringUtils.isEmpty(appAccessUrl) && !callbackURL.equals(appAccessUrl)) { + if (!Utils.isAccessUrlAvailable(properties)) { + callbackURL = Utils.getCallbackURLFromRegistration(properties); if (StringUtils.isNotBlank(callbackURL) && !Utils.validateCallbackURL(callbackURL, tenantDomain, IdentityRecoveryConstants.ConnectorConfig.SELF_REGISTRATION_CALLBACK_REGEX)) { throw Utils.handleServerException( IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, callbackURL); } } - } catch (MalformedURLException | UnsupportedEncodingException | IdentityEventException | URISyntaxException e) { + } catch (MalformedURLException | UnsupportedEncodingException | IdentityEventException e) { throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, callbackURL); } diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java index 2ec1ec0b39..53d940b5a4 100644 --- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java +++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java @@ -719,25 +719,17 @@ public static String getCallbackURL(org.wso2.carbon.identity.recovery.model.Prop return callbackURL; } - public static String getAccessUrl(org.wso2.carbon.identity.recovery.model.Property[] properties) - throws UnsupportedEncodingException, URISyntaxException { - + public static boolean isAccessUrlAvailable(org.wso2.carbon.identity.recovery.model.Property[] properties) { if (properties == null) { - return null; + return false; } - String accessURL = null; + boolean accessURL = false; for (org.wso2.carbon.identity.recovery.model.Property property : properties) { - if (IdentityRecoveryConstants.ACCESS_URL.equals(property.getKey())) { - accessURL = property.getValue(); + if (IdentityRecoveryConstants.IS_ACCESS_URL_AVAILABLE.equals(property.getKey())) { + accessURL = Boolean.parseBoolean(property.getValue()) ; break; } } - - if (StringUtils.isNotBlank(accessURL)) { - URI uri = new URI(accessURL); - accessURL = new URI(uri.getScheme(), uri.getAuthority(), uri.getPath(), null, null) - .toString(); - } return accessURL; } From 31998916882f541b0b3b35056f20d8f3e49873d9 Mon Sep 17 00:00:00 2001 From: Ashan Thamara Palihakkara <75057725+ashanthamara@users.noreply.github.com> Date: Tue, 5 Dec 2023 20:54:53 +0530 Subject: [PATCH 3/3] Modified isAccessUrlAvailable() method --- .../carbon/identity/recovery/util/Utils.java | 24 +++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java index 53d940b5a4..ccbde142b9 100644 --- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java +++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java @@ -719,18 +719,22 @@ public static String getCallbackURL(org.wso2.carbon.identity.recovery.model.Prop return callbackURL; } - public static boolean isAccessUrlAvailable(org.wso2.carbon.identity.recovery.model.Property[] properties) { - if (properties == null) { - return false; - } - boolean accessURL = false; - for (org.wso2.carbon.identity.recovery.model.Property property : properties) { - if (IdentityRecoveryConstants.IS_ACCESS_URL_AVAILABLE.equals(property.getKey())) { - accessURL = Boolean.parseBoolean(property.getValue()) ; - break; + /** + * Get isAccessUrlAvailable property value. + * + * @param properties Properties array. + * @return Boolean value of the isAccessUrlAvailable property. + */ + public static Boolean isAccessUrlAvailable(org.wso2.carbon.identity.recovery.model.Property[] properties) { + + if (properties != null) { + for (org.wso2.carbon.identity.recovery.model.Property property : properties) { + if (IdentityRecoveryConstants.IS_ACCESS_URL_AVAILABLE.equals(property.getKey())) { + return Boolean.parseBoolean(property.getValue()); + } } } - return accessURL; + return false; } /**