From 971729125189fe041bfd563459aa5375a9a65a01 Mon Sep 17 00:00:00 2001
From: kadraman <kevin.lee@microfocus.com>
Date: Thu, 19 Jan 2023 09:15:32 +0000
Subject: [PATCH] Minor security fixes #5 and #6

---
 .../handlers/CustomAuthenticationSuccessHandler.java     | 6 +++---
 .../java/com/microfocus/example/utils/UserUtils.java     | 9 +++++++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/microfocus/example/config/handlers/CustomAuthenticationSuccessHandler.java b/src/main/java/com/microfocus/example/config/handlers/CustomAuthenticationSuccessHandler.java
index 0e7f44e5..ed8921a5 100644
--- a/src/main/java/com/microfocus/example/config/handlers/CustomAuthenticationSuccessHandler.java
+++ b/src/main/java/com/microfocus/example/config/handlers/CustomAuthenticationSuccessHandler.java
@@ -101,7 +101,7 @@ public static String getTargetUrl(HttpServletRequest request, HttpServletRespons
         CustomUserDetails customUserDetails = (CustomUserDetails) authentication.getPrincipal();
         boolean isAdmin = customUserDetails.getAuthorities().stream().anyMatch(a -> a.getAuthority().equals("ROLE_ADMIN"));
         boolean isUser = !isAdmin;
-        String targetUrl = INDEX_URL;
+        String targetUrl;
 
         if (isAdmin) {
             targetUrl = ADMIN_HOME_URL;
@@ -112,7 +112,7 @@ public static String getTargetUrl(HttpServletRequest request, HttpServletRespons
                 targetUrl = USER_HOME_URL;
             } else {
                 targetUrl = loginReferer;
-                String targetPath = null;
+                String targetPath = "";
                 try {
                     targetPath = new URL(targetUrl).getPath();
                 } catch (MalformedURLException ex) {
@@ -147,7 +147,7 @@ protected void clearAuthenticationAttributes(HttpServletRequest request) {
     private boolean requestAndRegisterVerification(UUID userId) {
         try {
             int otp = verificationService.generateOTP(userId.toString());
-            log.debug("Generated OTP '" + String.valueOf(otp) + "' for user id: " + userId.toString());
+            log.debug("Generated OTP '" + otp + "' for user id: " + userId);
             return (otp != 0);
         } catch (VerificationRequestFailedException ex) {
             log.error(ex.getLocalizedMessage());
diff --git a/src/main/java/com/microfocus/example/utils/UserUtils.java b/src/main/java/com/microfocus/example/utils/UserUtils.java
index 30f834a0..885286be 100644
--- a/src/main/java/com/microfocus/example/utils/UserUtils.java
+++ b/src/main/java/com/microfocus/example/utils/UserUtils.java
@@ -80,8 +80,12 @@ public static void registerUser(String firstName, String lastName, String email)
         if (dataFile.exists()) {
             jsonArray = (JSONArray) jsonParser.parse(new FileReader(getFilePath(NEWSLETTER_USER_FILE)));
         } else {
-            dataFile.createNewFile();
-            log.debug("Created: " + getFilePath(NEWSLETTER_USER_FILE));
+            Boolean created = dataFile.createNewFile();
+            if (created) {
+                log.debug("Created: " + getFilePath(NEWSLETTER_USER_FILE));
+            } else {
+                log.debug("Using existing: " + getFilePath(NEWSLETTER_USER_FILE));
+            }
         }
 
         try (OutputStream fos = new FileOutputStream(dataFile, false)) {
@@ -132,6 +136,7 @@ public void logZipContents(String fName)
         while (e.hasMoreElements()) {
             log.info(e.nextElement().toString());
         }
+        zf.close();
     }
 
     private static String getFilePath(String relativePath) {