Skip to content

Commit

Permalink
Merge branch 'release/3.40.2'
Browse files Browse the repository at this point in the history
  • Loading branch information
@msqr
msqr committed Nov 10, 2024
2 parents 709b66f + da5b705 commit 122ac09
Show file tree
Hide file tree
Showing 8 changed files with 52 additions and 21 deletions.
2 changes: 1 addition & 1 deletion solarnet/common/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ dependencyManagement {
}

description = 'SolarNet: Common'
version = '2.21.1'
version = '2.21.2'

base {
archivesName = 'solarnet-common'
Expand Down
14 changes: 7 additions & 7 deletions ...rc/main/java/net/solarnetwork/central/security/web/SecurityTokenAuthenticationFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,15 +161,15 @@ protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res,
(int) settings.getMinimumSpoolLength().toBytes(), settings.getSpoolDirectory());
HttpServletResponse response = res;

// for multipart requests, force the InputStream to be resolved now so the parameters
// are not parsed by the servlet container
if ( req.getContentType() != null && MediaType.MULTIPART_FORM_DATA
.isCompatibleWith(MimeType.valueOf(req.getContentType())) ) {
request.getContentSHA256();
}

AuthenticationData data;
try {
// for multipart requests, force the InputStream to be resolved now so the parameters
// are not parsed by the servlet container
if ( req.getContentType() != null && MediaType.MULTIPART_FORM_DATA
.isCompatibleWith(MimeType.valueOf(req.getContentType())) ) {
request.getContentSHA256();
}

data = AuthenticationDataFactory.authenticationDataForAuthorizationHeader(request);
} catch ( net.solarnetwork.web.jakarta.security.SecurityException e ) {
deny(request, response, new MaxUploadSizeExceededException(
Expand Down
2 changes: 1 addition & 1 deletion ...src/main/java/net/solarnetwork/central/web/support/WebServiceGlobalControllerSupport.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -332,7 +332,7 @@ public Result<?> handleAuthenticationException(AuthenticationException e, WebReq
@ExceptionHandler(AccessDeniedException.class)
@ResponseBody
@ResponseStatus(code = HttpStatus.FORBIDDEN)
public Result<?> handleAuthenticationException(AccessDeniedException e, WebRequest request) {
public Result<?> handleAccessDeniedException(AccessDeniedException e, WebRequest request) {
log.info("AccessDeniedException in request {}: {}", requestDescription(request), e.getMessage());
return error(null, e.getMessage());
}
Expand Down
42 changes: 35 additions & 7 deletions ...ecurityTokenAuthenticationFilterTest.java → ...curityTokenAuthenticationFilterTests.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/* ==================================================================
* SecurityTokenAuthenticationFilterTest.java - Dec 13, 2012 6:08:36 AM
* SecurityTokenAuthenticationFilterTests.java - Dec 13, 2012 6:08:36 AM
*
* Copyright 2007-2012 SolarNetwork.net Dev Team
*
Expand Down Expand Up @@ -38,17 +38,14 @@
import static org.junit.Assert.assertNotNull;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.easymock.EasyMock;
import org.junit.Before;
import org.junit.Test;
Expand All @@ -62,6 +59,10 @@
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.util.AntPathMatcher;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import net.solarnetwork.central.security.AuthenticatedToken;
import net.solarnetwork.central.security.BasicSecurityPolicy;
import net.solarnetwork.central.security.SecurityTokenType;
Expand All @@ -74,9 +75,9 @@
* Unit tests for the {@link SecurityTokenAuthenticationFilter} class.
*
* @author matt
* @version 2.1
* @version 2.2
*/
public class SecurityTokenAuthenticationFilterTest {
public class SecurityTokenAuthenticationFilterTests {

private static final String HTTP_HEADER_AUTH = "Authorization";
private static final String TEST_AUTH_TOKEN = "12345678901234567890";
Expand Down Expand Up @@ -797,4 +798,31 @@ public void apiPathV2MultiWithInvertedDenied() throws ServletException, IOExcept
validateUnauthorizedResponse(AuthenticationScheme.V2, "Access denied");
}

@Test
public void multipartFormDataRequestTooLargeV2() throws ServletException, IOException {
// GIVEN
final Date now = new Date();
MockHttpServletRequest request = new MockHttpServletRequest("POST", "/mock/path/here");
request.setContentType(MediaType.MULTIPART_FORM_DATA_VALUE);
request.setContent("foo=bar".getBytes(StandardCharsets.UTF_8));
request.addHeader("Date", now);
setupAuthorizationHeader(request,
createAuthorizationHeaderV2Value(TEST_AUTH_TOKEN, TEST_PASSWORD, request, now));

// create new request as we read the input stream above
request = new MockHttpServletRequest("POST", "/mock/path/here");
request.setContentType(MediaType.MULTIPART_FORM_DATA_VALUE);
request.setContent("foo=bar".getBytes(StandardCharsets.UTF_8));
request.addHeader("Date", now);

// WHEN
filter.setMaxRequestBodySize(1);
replay(filterChain, userDetailsService);
filter.doFilter(request, response, filterChain);

// THEN
verify(filterChain, userDetailsService);
assertThat("Status code", response.getStatus(), is(403));
}

}
2 changes: 1 addition & 1 deletion solarnet/solarquery/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'

description = 'SolarQuery'
version = '2.8.2'
version = '2.8.3'

base {
archivesName = 'solarquery'
Expand Down
5 changes: 3 additions & 2 deletions solarnet/solarquery/src/main/java/net/solarnetwork/central/query/biz/dao/DaoQueryBiz.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@
import net.solarnetwork.central.datum.v2.domain.Datum;
import net.solarnetwork.central.datum.v2.domain.DatumDateInterval;
import net.solarnetwork.central.datum.v2.domain.DatumPK;
import net.solarnetwork.central.datum.v2.domain.ObjectDatumStreamMetadataId;
import net.solarnetwork.central.datum.v2.domain.ReadingDatum;
import net.solarnetwork.central.datum.v2.support.DatumUtils;
import net.solarnetwork.central.datum.v2.support.StreamDatumFilteredResultsProcessor;
Expand Down Expand Up @@ -177,7 +178,7 @@ public Set<NodeSourcePK> findAvailableSources(GeneralNodeDatumFilter filter) {
BasicDatumCriteria c = DatumUtils.criteriaFromFilter(filter);
c.setObjectKind(ObjectDatumKind.Node);
validateDatumCriteria(c);
Iterable<ObjectDatumStreamMetadata> results = metaDao.findDatumStreamMetadata(c);
Iterable<ObjectDatumStreamMetadataId> results = metaDao.findDatumStreamMetadataIds(c);
return stream(results.spliterator(), false)
.map(e -> new NodeSourcePK(e.getObjectId(), e.getSourceId()))
.collect(toCollection(LinkedHashSet::new));
Expand All @@ -200,7 +201,7 @@ public Set<NodeSourcePK> findAvailableSources(SecurityActor actor, DatumFilter f
} else {
return Collections.emptySet();
}
Iterable<ObjectDatumStreamMetadata> results = metaDao.findDatumStreamMetadata(c);
Iterable<ObjectDatumStreamMetadataId> results = metaDao.findDatumStreamMetadataIds(c);
return stream(results.spliterator(), false)
.map(e -> new NodeSourcePK(e.getObjectId(), e.getSourceId()))
.collect(toCollection(LinkedHashSet::new));
Expand Down
4 changes: 3 additions & 1 deletion ...olarquery/src/test/java/net/solarnetwork/central/query/biz/dao/test/DaoQueryBizTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import static java.util.Collections.singletonMap;
import static java.util.UUID.randomUUID;
import static net.solarnetwork.central.datum.v2.domain.BasicObjectDatumStreamMetadata.emptyMeta;
import static net.solarnetwork.central.datum.v2.domain.ObjectDatumStreamMetadataId.idForMetadata;
import static net.solarnetwork.domain.datum.DatumProperties.propertiesOf;
import static net.solarnetwork.domain.datum.DatumPropertiesStatistics.statisticsOf;
import static net.solarnetwork.util.NumberUtils.decimalArray;
Expand Down Expand Up @@ -341,7 +342,8 @@ public void findSources_dataToken() {
Capture<ObjectStreamCriteria> filterCaptor = new Capture<>();
ObjectDatumStreamMetadata meta = emptyMeta(UUID.randomUUID(), "UTC", ObjectDatumKind.Node,
TEST_NODE_ID, TEST_SOURCE_ID);
expect(metaDao.findDatumStreamMetadata(capture(filterCaptor))).andReturn(singleton(meta));
expect(metaDao.findDatumStreamMetadataIds(capture(filterCaptor)))
.andReturn(singleton(idForMetadata(meta)));

// WHEN
replayAll();
Expand Down
2 changes: 1 addition & 1 deletion solarnet/solaruser/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'

description = 'SolarUser'
version = '2.28.1'
version = '2.28.2'

base {
archivesName = 'solaruser'
Expand Down

0 comments on commit 122ac09

Please sign in to comment.