From 43ce03a23edb4e62d62182135847d7fde6e051e2 Mon Sep 17 00:00:00 2001 From: milanmajchrak <90026355+milanmajchrak@users.noreply.github.com> Date: Tue, 7 May 2024 12:54:30 +0200 Subject: [PATCH] Shibboleth login - Added email validation (#644) * Added email validation and input/output encodings are loaded from the cfg. * Fixed checkstyle violation * Refactored condition which check empty character in the email. --- .../clarin/ClarinShibAuthentication.java | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java b/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java index 28fd67a71599..822543d08c80 100644 --- a/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java +++ b/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java @@ -18,6 +18,7 @@ import java.util.Map; import java.util.Objects; import java.util.UUID; +import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -578,7 +579,7 @@ protected EPerson findEPerson(Context context, HttpServletRequest request) throw // 2) Second, look for an email header. if (eperson == null && emailHeader != null) { - String email = findSingleAttribute(request, emailHeader); + String email = getEmailAcceptedOrNull(findSingleAttribute(request, emailHeader)); if (StringUtils.isEmpty(email) && Objects.nonNull(clarinVerificationToken)) { email = clarinVerificationToken.getEmail(); } @@ -694,7 +695,7 @@ protected EPerson registerNewEPerson(Context context, HttpServletRequest request // Header values String netid = Util.formatNetId(findSingleAttribute(request, netidHeader), org); - String email = findSingleAttribute(request, emailHeader); + String email = getEmailAcceptedOrNull(findSingleAttribute(request, emailHeader)); String fname = Headers.updateValueByCharset(findSingleAttribute(request, fnameHeader)); String lname = Headers.updateValueByCharset(findSingleAttribute(request, lnameHeader)); @@ -816,7 +817,7 @@ protected void updateEPerson(Context context, HttpServletRequest request, EPerso String lnameHeader = configurationService.getProperty("authentication-shibboleth.lastname-header"); String netid = Util.formatNetId(findSingleAttribute(request, netidHeader), shibheaders.get_idp()); - String email = findSingleAttribute(request, emailHeader); + String email = getEmailAcceptedOrNull(findSingleAttribute(request, emailHeader)); String fname = Headers.updateValueByCharset(findSingleAttribute(request, fnameHeader)); String lname = Headers.updateValueByCharset(findSingleAttribute(request, lnameHeader)); @@ -1171,7 +1172,12 @@ protected String findAttribute(HttpServletRequest request, String name) { if (!StringUtils.isEmpty(value) && reconvertAttributes) { try { - value = new String(value.getBytes("ISO-8859-1"), "UTF-8"); + String inputEncoding = configurationService.getProperty("shibboleth.name.conversion.inputEncoding", + "ISO-8859-1"); + String outputEncoding = configurationService.getProperty("shibboleth.name.conversion.outputEncoding", + "UTF-8"); + + value = new String(value.getBytes(inputEncoding), outputEncoding); } catch (UnsupportedEncodingException ex) { log.warn("Failed to reconvert shibboleth attribute (" + name + ").", ex); @@ -1324,5 +1330,13 @@ public boolean canChangePassword(Context context, EPerson ePerson, String curren public boolean areSpecialGroupsApplicable(Context context, HttpServletRequest request) { return true; } + + public String getEmailAcceptedOrNull(String email) { + // no whitespaces in mail + if (StringUtils.isEmpty(email) || Pattern.compile("\\s").matcher(email).find()) { + return null; + } + return email; + } }