added option to send host_url as an index appended to appid in the st…

…ate parameter of an auth request
Erudika · Mar 12, 2024 · 08cee4b · 08cee4b
1 parent 64c4a81
commit 08cee4b
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 3 deletions.
diff --git a/para-server/src/main/java/com/erudika/para/server/security/SecurityUtils.java b/para-server/src/main/java/com/erudika/para/server/security/SecurityUtils.java
@@ -56,6 +56,7 @@
 import javax.servlet.http.HttpSession;
 import javax.ws.rs.core.HttpHeaders;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.math.NumberUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -497,7 +498,8 @@ public static String getAppidFromAuthRequest(HttpServletRequest request) {
 		} else if (!StringUtils.isBlank(appidFromAppid)) {
 			return StringUtils.trimToNull(appidFromAppid);
 		} else  {
-			return StringUtils.trimToNull(appidFromState);
+			// allow state parameter to contain appid and an index of "host_url" to return to, i.e. ?state={appid}|2
+			return StringUtils.trimToNull(StringUtils.substringBefore(appidFromState, "|"));
 		}
 	}
 
@@ -521,4 +523,28 @@ public static Set<String> getHostUrlAliasesForReturn(App app) {
 		}
 		return Collections.emptySet();
 	}
+
+	/**
+	 * @param hostUrlAliases host URL aliases
+	 * @param request request
+	 * @return a host URL or null
+	 */
+	public static String getHostUrlFromQueryStringOrStateParam(Set<String> hostUrlAliases, HttpServletRequest request) {
+		if (request != null) {
+			String hostUrlParam = request.getParameter("host_url");
+			if (StringUtils.isBlank(hostUrlParam)) {
+				String state = request.getParameter("state");
+				if (StringUtils.contains(state, "|") && NumberUtils.isDigits(StringUtils.substringAfterLast(state, "|"))) {
+					int index = Math.abs(NumberUtils.toInt(StringUtils.substringAfterLast(state, "|"), 0));
+					if (hostUrlAliases != null && index < hostUrlAliases.size() && index >= 0) {
+						return hostUrlAliases.toArray(String[]::new)[index];
+					} else {
+						return null;
+					}
+				}
+			}
+			return hostUrlParam;
+		}
+		return null;
+	}
 }
diff --git a/...er/src/main/java/com/erudika/para/server/security/SimpleAuthenticationFailureHandler.java b/...er/src/main/java/com/erudika/para/server/security/SimpleAuthenticationFailureHandler.java
@@ -52,7 +52,7 @@ public void onAuthenticationFailure(HttpServletRequest request, HttpServletRespo
 			if (app != null) {
 				String customURI = (String) app.getSetting("signin_failure");
 				Set<String> hostUrlAliases = SecurityUtils.getHostUrlAliasesForReturn(app);
-				String hostUrlParam = request.getParameter("host_url");
+				String hostUrlParam = SecurityUtils.getHostUrlFromQueryStringOrStateParam(hostUrlAliases, request);
 				if (app.isRootApp() && StringUtils.isBlank(customURI)) {
 					customURI = Para.getConfig().signinFailurePath();
 				}

diff --git a/...er/src/main/java/com/erudika/para/server/security/SimpleAuthenticationSuccessHandler.java b/...er/src/main/java/com/erudika/para/server/security/SimpleAuthenticationSuccessHandler.java
@@ -58,7 +58,7 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
 			if (app != null) {
 				String customURI = (String) app.getSetting("signin_success");
 				Set<String> hostUrlAliases = SecurityUtils.getHostUrlAliasesForReturn(app);
-				String hostUrlParam = request.getParameter("host_url");
+				String hostUrlParam = SecurityUtils.getHostUrlFromQueryStringOrStateParam(hostUrlAliases, request);
 				if (app.isRootApp() && StringUtils.isBlank(customURI)) {
 					customURI = Para.getConfig().signinSuccessPath();
 				}