UY-1523: properly append redirectToIdP for saml retrieval

Author: rkrysinski

oauth/src/main/java/pl/edu/icm/unity/oauth/client/web/OAuth2RetrievalUI.java

@@ -9,6 +9,7 @@
 import java.util.Optional;
 import java.util.Set;
 
+import org.apache.hc.core5.http.message.BasicNameValuePair;
 import org.apache.logging.log4j.Logger;
 
 import com.vaadin.flow.component.Component;
@@ -22,6 +23,7 @@
 import io.imunity.vaadin.auth.VaadinAuthentication;
 import io.imunity.vaadin.auth.idp.IdPAuthNComponent;
 import io.imunity.vaadin.auth.idp.IdPAuthNGridComponent;
+import io.imunity.vaadin.auth.idp.PathWithQueryProvider;
 import io.imunity.vaadin.elements.NotificationPresenter;
 import io.imunity.vaadin.endpoint.common.LoginMachineDetailsExtractor;
 import io.imunity.vaadin.endpoint.common.SessionStorage;
@@ -57,7 +59,7 @@ public class OAuth2RetrievalUI implements VaadinAuthentication.VaadinAuthenticat
 	private final NotificationPresenter notificationPresenter;
 
 	private VaadinAuthentication.AuthenticationCallback callback;
-	private String redirectParam;
+	private BasicNameValuePair redirectParam;
 
 	private VerticalLayout main;
 
@@ -162,7 +164,7 @@ public void clear()
 		idpComponent.setEnabled(true);
 	}
 
-	private String installRequestHandler()
+	private BasicNameValuePair installRequestHandler()
 	{
 		VaadinSession session = VaadinSession.getCurrent();
 		Collection<RequestHandler> requestHandlers = session.getRequestHandlers();
@@ -189,6 +191,7 @@ private void startFreshLogin(WrappedSession session)
 	{
 		SessionStorage.consumeRedirectUrl((ultimateReturnURL, currentRelativeURI) ->
 		{
+			PathWithQueryProvider currentRelativeURLProvider = new PathWithQueryProvider(currentRelativeURI);
 			try
 			{
 				LoginMachineDetails loginMachineDetails = LoginMachineDetailsExtractor.getLoginMachineDetailsFromCurrentRequest();
@@ -197,8 +200,8 @@ private void startFreshLogin(WrappedSession session)
 						ultimateReturnURL, callback.getTriggeringContext());
 				idpComponent.setEnabled(false);
 				callback.onStartedAuthentication();
-				String path = currentRelativeURI.getPath() + (currentRelativeURI.getQuery() != null ? "?" + currentRelativeURI.getQuery() : "");
-				context.setReturnUrl(path);
+
+				context.setReturnUrl(currentRelativeURLProvider.getPathAndQueryOnly());
 				session.setAttribute(RedirectRequestHandler.REMOTE_AUTHN_CONTEXT, context);
 			} catch (Exception e)
 			{
@@ -207,7 +210,8 @@ private void startFreshLogin(WrappedSession session)
 				clear();
 				return;
 			}
-			UI.getCurrent().getPage().open(currentRelativeURI.getPath() + "?" + redirectParam, SELF_WINDOW_NAME);
+			UI.getCurrent().getPage().open(currentRelativeURLProvider.getPathWithQueryParamsIncluding(redirectParam),
+				SELF_WINDOW_NAME);
 		});
 	}
 

saml/src/main/java/pl/edu/icm/unity/saml/sp/web/SAMLRetrievalUI.java

@@ -8,6 +8,7 @@
 import java.util.HashSet;
 import java.util.Set;
 
+import org.apache.hc.core5.http.message.BasicNameValuePair;
 import org.apache.logging.log4j.Logger;
 
 import com.vaadin.flow.component.Component;
@@ -20,6 +21,7 @@
 import io.imunity.vaadin.auth.VaadinAuthentication;
 import io.imunity.vaadin.auth.idp.IdPAuthNComponent;
 import io.imunity.vaadin.auth.idp.IdPAuthNGridComponent;
+import io.imunity.vaadin.auth.idp.PathWithQueryProvider;
 import io.imunity.vaadin.elements.NotificationPresenter;
 import io.imunity.vaadin.endpoint.common.LoginMachineDetailsExtractor;
 import io.imunity.vaadin.endpoint.common.SessionStorage;
@@ -61,7 +63,7 @@ public class SAMLRetrievalUI implements VaadinAuthentication.VaadinAuthenticatio
 	private final VaadinAuthentication.Context context;
 	private IdPAuthNComponent idpComponent;
 	private VaadinAuthentication.AuthenticationCallback callback;
-	private String redirectParam;
+	private BasicNameValuePair redirectParam;
 
 	public SAMLRetrievalUI(MessageSource msg, SAMLExchange credentialExchange,
 	                       SamlContextManagement samlContextManagement, TrustedIdPKey configKey,
@@ -129,7 +131,7 @@ private String getRetrievalClassName()
 		return authenticationStepContext.authnOptionId.getAuthenticatorKey() + "." + idpKey;
 	}
 
-	private String installRequestHandler()
+	private BasicNameValuePair installRequestHandler()
 	{
 		VaadinSession session = VaadinSession.getCurrent();
 		Collection<RequestHandler> requestHandlers = session.getRequestHandlers();
@@ -154,16 +156,16 @@ void startLogin()
 
 	private void startFreshLogin(WrappedSession session)
 	{
-		SessionStorage.consumeRedirectUrl((ultimateReturnURL, currentRelativeURI) ->
+		SessionStorage.consumeRedirectUrl((sessionStoredReturnURL, currentRelativeURI) ->
 		{
 			RemoteAuthnContext context;
-			String path = currentRelativeURI.getPath() + (currentRelativeURI.getQuery() != null ? "?" + currentRelativeURI.getQuery() : "");
+			PathWithQueryProvider currentRelativeURLProvider = new PathWithQueryProvider(currentRelativeURI);
 			try
 			{
 				LoginMachineDetails loginMachineDetails = LoginMachineDetailsExtractor.getLoginMachineDetailsFromCurrentRequest();
-				context = credentialExchange.createSAMLRequest(configKey, path,
+				context = credentialExchange.createSAMLRequest(configKey, currentRelativeURLProvider.getPathAndQueryOnly(),
 						authenticationStepContext,
-						loginMachineDetails, ultimateReturnURL, callback.getTriggeringContext());
+						loginMachineDetails, sessionStoredReturnURL, callback.getTriggeringContext());
 			} catch (Exception e)
 			{
 				notificationPresenter.showError(msg.getMessage("WebSAMLRetrieval.configurationError"), e.getMessage());
@@ -177,7 +179,7 @@ private void startFreshLogin(WrappedSession session)
 			session.setAttribute(VaadinRedirectRequestHandler.REMOTE_AUTHN_CONTEXT, context);
 			samlContextManagement.addAuthnContext(context);
 
-			UI.getCurrent().getPage().open(path + "?" + redirectParam, SELF_WINDOW_NAME);
+			UI.getCurrent().getPage().open(currentRelativeURLProvider.getPathWithQueryParamsIncluding(redirectParam), SELF_WINDOW_NAME);
 		});
 	}
 

vaadin-authentication/src/main/java/io/imunity/vaadin/auth/NavigationAccessControlInitializer.java

@@ -5,16 +5,16 @@
 
 package io.imunity.vaadin.auth;
 
-import com.vaadin.flow.server.ServiceInitEvent;
-import com.vaadin.flow.server.VaadinServiceInitListener;
-import com.vaadin.flow.server.auth.NavigationAccessControl;
-
-import io.imunity.vaadin.endpoint.common.SessionStorage;
-
 import static io.imunity.vaadin.endpoint.common.SessionStorage.REDIRECT_URL_SESSION_STORAGE_KEY;
+import static io.imunity.vaadin.endpoint.common.consent_utils.LoginInProgressService.URL_PARAM_CONTEXT_KEY;
+import static java.util.Objects.nonNull;
 
 import org.jsoup.nodes.Document;
 
+import com.vaadin.flow.server.ServiceInitEvent;
+import com.vaadin.flow.server.VaadinServiceInitListener;
+import com.vaadin.flow.server.auth.NavigationAccessControl;
+
 public class NavigationAccessControlInitializer implements VaadinServiceInitListener
 {
 	private final NavigationAccessControl navigationAccessControl;
@@ -47,9 +47,15 @@ private void saveOriginalUrlRequestInSessionStorageBeforeAllRedirects(ServiceIni
 	{
 		serviceInitEvent.addIndexHtmlRequestListener(response -> 
 		{
+			String signInCtx = response.getVaadinRequest().getParameter(URL_PARAM_CONTEXT_KEY);
+			String redirect = afterSuccessLoginRedirect;
+			if (nonNull(signInCtx))
+			{
+				redirect = afterSuccessLoginRedirect + "?" + URL_PARAM_CONTEXT_KEY + "=" + signInCtx;
+			}
 			Document document = response.getDocument();
 			document.body().append("<script>window.sessionStorage.setItem("
-					+ "\"" + REDIRECT_URL_SESSION_STORAGE_KEY + "\", " + afterSuccessLoginRedirect + ");</script>");
+					+ "\"" + REDIRECT_URL_SESSION_STORAGE_KEY + "\", " + redirect + ");</script>");
 		});
 	}
 }

vaadin-authentication/src/main/java/io/imunity/vaadin/auth/idp/AbstractRedirectRequestHandler.java

@@ -4,14 +4,19 @@
  */
 package io.imunity.vaadin.auth.idp;
 
-import com.vaadin.flow.server.*;
-
-import pl.edu.icm.unity.base.utils.Log;
+import java.io.IOException;
+import java.util.UUID;
 
+import org.apache.hc.core5.http.message.BasicNameValuePair;
 import org.apache.logging.log4j.Logger;
 
-import java.io.IOException;
-import java.util.UUID;
+import com.vaadin.flow.server.RequestHandler;
+import com.vaadin.flow.server.VaadinRequest;
+import com.vaadin.flow.server.VaadinResponse;
+import com.vaadin.flow.server.VaadinSession;
+import com.vaadin.flow.server.WrappedSession;
+
+import pl.edu.icm.unity.base.utils.Log;
 
 
 /**
@@ -54,9 +59,9 @@ public boolean handleRequest(VaadinSession vaadinSession, VaadinRequest request,
 	protected abstract boolean handleRequestInternal(Object context, VaadinSession vaadinSession, 
 			VaadinRequest request, VaadinResponse response) throws IOException;
 
-	public String getTriggeringParam()
+	public BasicNameValuePair getTriggeringParam()
 	{
-		return AbstractRedirectRequestHandler.TRIGGERING_PARAMETER + "=" + uniqueId;
+		return new BasicNameValuePair(AbstractRedirectRequestHandler.TRIGGERING_PARAMETER, uniqueId);
 	}
 
 	protected void setCommonHeaders(VaadinResponse response)

vaadin-authentication/src/main/java/io/imunity/vaadin/auth/idp/PathWithQueryProvider.java

@@ -0,0 +1,53 @@
+package io.imunity.vaadin.auth.idp;
+
+import java.net.URISyntaxException;
+import java.net.URL;
+
+import org.apache.hc.core5.http.message.BasicNameValuePair;
+import org.apache.hc.core5.net.URIBuilder;
+
+public class PathWithQueryProvider
+{
+	private final URL url;
+
+	public PathWithQueryProvider(URL url)
+	{
+		this.url = url;
+	}
+
+	public String getPathAndQueryOnly()
+	{
+		return getPathAndQuery(toURIBuilder());
+	}
+
+	public String getPathWithQueryParamsIncluding(BasicNameValuePair pair)
+	{
+		URIBuilder uriBuilder = toURIBuilder();
+		uriBuilder.addParameter(pair);
+		return getPathAndQuery(uriBuilder);
+	}
+
+	private URIBuilder toURIBuilder()
+	{
+		try
+		{
+			return new URIBuilder(url.toURI());
+		} catch (URISyntaxException e)
+		{
+			throw new RuntimeException("Can't extract path and query from URL", e);
+		}
+	}
+
+	private String getPathAndQuery(URIBuilder uriBuilder)
+	{
+		try
+		{
+			String path = uriBuilder.getPath();
+			String query = uriBuilder.getQueryParams().isEmpty() ? "" : "?" + uriBuilder.build().getRawQuery();
+			return path + query;
+		} catch (URISyntaxException e)
+		{
+			throw new RuntimeException("Can't extract path and query from URL", e);
+		}
+	}
+}