Added check for invalid public URLs; #237

phax · Mar 17, 2023 · 894d077 · 894d077
1 parent 9cf170f
commit 894d077
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 7 deletions.
diff --git a/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/servlet/SMPWebAppListener.java b/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/servlet/SMPWebAppListener.java
@@ -38,6 +38,7 @@
 import com.helger.commons.lang.priviledged.IPrivilegedAction;
 import com.helger.commons.regex.RegExHelper;
 import com.helger.commons.string.StringHelper;
+import com.helger.commons.url.URLHelper;
 import com.helger.network.proxy.ProxySelectorProxySettingsManager;
 import com.helger.network.proxy.settings.IProxySettings;
 import com.helger.network.proxy.settings.IProxySettingsProvider;
@@ -101,18 +102,21 @@ public static OffsetDateTime getStartupDateTime ()
   }
 
   @Override
+  @Nullable
   protected String getInitParameterDebug (@Nonnull final ServletContext aSC)
   {
     return SMPWebAppConfiguration.getGlobalDebug ();
   }
 
   @Override
+  @Nullable
   protected String getInitParameterProduction (@Nonnull final ServletContext aSC)
   {
     return SMPWebAppConfiguration.getGlobalProduction ();
   }
 
   @Override
+  @Nullable
   protected String getDataPath (@Nonnull final ServletContext aSC)
   {
     return SMPWebAppConfiguration.getDataPath ();
@@ -125,10 +129,22 @@ protected boolean shouldCheckFileAccess (@Nonnull final ServletContext aSC)
   }
 
   @Override
+  @Nullable
   protected String getInitParameterServerURL (@Nonnull final ServletContext aSC, final boolean bProductionMode)
   {
     // This is internally set in "StaticServerInfo" class
-    return SMPServerConfiguration.getPublicServerURL ();
+    final String sPublicURL = SMPServerConfiguration.getPublicServerURL ();
+    if (StringHelper.hasText (sPublicURL))
+    {
+      // Check validity (see #237)
+      if (URLHelper.getAsURL (sPublicURL, false) != null)
+        return sPublicURL;
+
+      final String sErrorMsg = "The configured public URL '" + sPublicURL + "' is not a valid URL!";
+      LOGGER.error (sErrorMsg);
+      throw new InitializationException (sErrorMsg);
+    }
+    return null;
   }
 
   private static void _initTimeZone ()

diff --git a/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/ui/secure/PageSecureTasksProblems.java b/phoss-smp-webapp/src/main/java/com/helger/phoss/smp/ui/secure/PageSecureTasksProblems.java
@@ -38,6 +38,7 @@
 import com.helger.commons.lang.ClassHelper;
 import com.helger.commons.string.StringHelper;
 import com.helger.commons.url.SimpleURL;
+import com.helger.commons.url.URLHelper;
 import com.helger.html.hc.IHCNode;
 import com.helger.html.hc.html.grouping.HCOL;
 import com.helger.html.hc.html.grouping.HCUL;
@@ -99,12 +100,22 @@ private IHCNode _createError (@Nonnull final String sMsg)
   private void _checkSettings (@Nonnull final HCOL aOL)
   {
     // Check that public URL is set
-    if (StringHelper.hasNoText (SMPServerConfiguration.getPublicServerURL ()))
+
+    final String sPublicUrl = SMPServerConfiguration.getPublicServerURL ();
+    if (StringHelper.hasNoText (sPublicUrl))
     {
       aOL.addItem (_createWarning ("The public server URL is not configured"),
                    div ("The configuration file property ").addChild (code (SMPServerConfiguration.KEY_SMP_PUBLIC_URL))
                                                            .addChild (" is not set. This property is usually required to create valid Internet-URLs."));
     }
+    else
+      if (URLHelper.getAsURL (sPublicUrl, false) == null)
+      {
+        aOL.addItem (_createError ("The public server URL configuration is invalid."),
+                     div ("The configuration file property ").addChild (code (SMPServerConfiguration.KEY_SMP_PUBLIC_URL))
+                                                             .addChild (" is not a valid URL: ")
+                                                             .addChild (code (sPublicUrl)));
+      }
 
     // Check that the global debug setting is off
     if (GlobalDebug.isDebugMode ())

diff --git a/...-smp-webapp/src/main/java/com/helger/phoss/smp/ui/secure/PageSecureTransportProfiles.java b/...-smp-webapp/src/main/java/com/helger/phoss/smp/ui/secure/PageSecureTransportProfiles.java
@@ -77,7 +77,7 @@ public class PageSecureTransportProfiles extends AbstractSMPWebPageForm <ISMPTra
   private static final ICommonsSet <String> DEFAULT_PROFILE_IDS;
   static
   {
-    // Use all non-deprecated ones
+    // Use all active ones
     DEFAULT_PROFILES.addAll (ESMPTransportProfile.values (), x -> x.getState () == ESMPTransportProfileState.ACTIVE);
     DEFAULT_PROFILE_IDS = new CommonsHashSet <> (DEFAULT_PROFILES, ESMPTransportProfile::getID);
   }
@@ -127,7 +127,7 @@ public EShowList handleAction (@Nonnull final WebPageExecutionContext aWPEC,
                             {
                               if (aTransportProfileMgr.createSMPTransportProfile (eTP.getID (),
                                                                                   eTP.getName (),
-                                                                                  eTP.isDeprecated ()) != null)
+                                                                                  eTP.getState () == ESMPTransportProfileState.DEPRECATED) != null)
                               {
                                 aSuccessBox.addChild (div ("Successfully created the transport profile '" +
                                                            eTP.getName () +
@@ -202,7 +202,7 @@ protected void showSelectedObject (@Nonnull final WebPageExecutionContext aWPEC,
     aForm.addFormGroup (new BootstrapFormGroup ().setLabel ("ID").setCtrl (aSelectedObject.getID ()));
     aForm.addFormGroup (new BootstrapFormGroup ().setLabel ("Name").setCtrl (aSelectedObject.getName ()));
     aForm.addFormGroup (new BootstrapFormGroup ().setLabel ("Deprecated?")
-                                                 .setCtrl (EPhotonCoreText.getYesOrNo (aSelectedObject.isDeprecated (),
+                                                 .setCtrl (EPhotonCoreText.getYesOrNo (aSelectedObject.getState () == ESMPTransportProfileState.DEPRECATED,
                                                                                        aDisplayLocale)));
 
     aNodeList.addChild (aForm);
@@ -239,7 +239,7 @@ protected void showInputForm (@Nonnull final WebPageExecutionContext aWPEC,
 
     aForm.addFormGroup (new BootstrapFormGroup ().setLabel ("Deprecated?")
                                                  .setCtrl (new HCCheckBox (new RequestFieldBoolean (FIELD_DEPRECATED,
-                                                                                                    aSelectedObject != null ? aSelectedObject.isDeprecated ()
+                                                                                                    aSelectedObject != null ? aSelectedObject.getState () == ESMPTransportProfileState.DEPRECATED
                                                                                                                             : DEFAULT_DEPRECATED)))
                                                  .setHelpText ("Is the transport profile deprecated?")
                                                  .setErrorList (aFormErrors.getListOfField (FIELD_DEPRECATED)));
@@ -330,7 +330,8 @@ protected void showListOfExistingObjects (@Nonnull final WebPageExecutionContext
       final HCRow aRow = aTable.addBodyRow ();
       aRow.addCell (new HCA (aViewLink).addChild (aCurObject.getID ()));
       aRow.addCell (aCurObject.getName ());
-      aRow.addCell (EPhotonCoreText.getYesOrNo (aCurObject.isDeprecated (), aDisplayLocale));
+      aRow.addCell (EPhotonCoreText.getYesOrNo (aCurObject.getState () == ESMPTransportProfileState.DEPRECATED,
+                                                aDisplayLocale));
 
       aRow.addCell (createEditLink (aWPEC, aCurObject, "Edit " + aCurObject.getID ()),
                     new HCTextNode (" "),