Skip to content

Commit

Permalink
Minor security fixes #5 and #6
Browse files Browse the repository at this point in the history
  • Loading branch information
kadraman committed Jan 19, 2023
1 parent ac34f03 commit 9717291
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ public static String getTargetUrl(HttpServletRequest request, HttpServletRespons
CustomUserDetails customUserDetails = (CustomUserDetails) authentication.getPrincipal();
boolean isAdmin = customUserDetails.getAuthorities().stream().anyMatch(a -> a.getAuthority().equals("ROLE_ADMIN"));
boolean isUser = !isAdmin;
String targetUrl = INDEX_URL;
String targetUrl;

if (isAdmin) {
targetUrl = ADMIN_HOME_URL;
Expand All @@ -112,7 +112,7 @@ public static String getTargetUrl(HttpServletRequest request, HttpServletRespons
targetUrl = USER_HOME_URL;
} else {
targetUrl = loginReferer;
String targetPath = null;
String targetPath = "";
try {
targetPath = new URL(targetUrl).getPath();
} catch (MalformedURLException ex) {
Expand Down Expand Up @@ -147,7 +147,7 @@ protected void clearAuthenticationAttributes(HttpServletRequest request) {
private boolean requestAndRegisterVerification(UUID userId) {
try {
int otp = verificationService.generateOTP(userId.toString());
log.debug("Generated OTP '" + String.valueOf(otp) + "' for user id: " + userId.toString());
log.debug("Generated OTP '" + otp + "' for user id: " + userId);
return (otp != 0);
} catch (VerificationRequestFailedException ex) {
log.error(ex.getLocalizedMessage());
Expand Down
9 changes: 7 additions & 2 deletions src/main/java/com/microfocus/example/utils/UserUtils.java
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,12 @@ public static void registerUser(String firstName, String lastName, String email)
if (dataFile.exists()) {
jsonArray = (JSONArray) jsonParser.parse(new FileReader(getFilePath(NEWSLETTER_USER_FILE)));
} else {
dataFile.createNewFile();
log.debug("Created: " + getFilePath(NEWSLETTER_USER_FILE));
Boolean created = dataFile.createNewFile();
if (created) {
log.debug("Created: " + getFilePath(NEWSLETTER_USER_FILE));
} else {
log.debug("Using existing: " + getFilePath(NEWSLETTER_USER_FILE));
}
}

try (OutputStream fos = new FileOutputStream(dataFile, false)) {
Expand Down Expand Up @@ -132,6 +136,7 @@ public void logZipContents(String fName)
while (e.hasMoreElements()) {
log.info(e.nextElement().toString());
}
zf.close();
}

private static String getFilePath(String relativePath) {
Expand Down

0 comments on commit 9717291

Please sign in to comment.