flywithu/android-library
1
0
Fork 0
mirror of https://github.com/owncloud/android-library.git synced 2025-10-31 02:17:41 +00:00
Code Issues Releases Wiki Activity

fix wrong handling of redirect to unsecure connection

Browse Source
This commit is contained in:
Schabi 2020-11-10 11:25:33 +01:00
parent f9593303e1
commit 3c7a1abbe7
2 changed files with 48 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
owncloudComLibrary/src/main/java/com/owncloud/android/lib/resources/status/StatusRequester.kt
View File

@ -28,6 +28,7 @@ import com.owncloud.android.lib.common.OwnCloudClient
import com.owncloud.android.lib.common.http.HttpConstants import com.owncloud.android.lib.common.http.HttpConstants
import com.owncloud.android.lib.common.http.methods.nonwebdav.GetMethod import com.owncloud.android.lib.common.http.methods.nonwebdav.GetMethod
import com.owncloud.android.lib.common.operations.RemoteOperationResult import com.owncloud.android.lib.common.operations.RemoteOperationResult
import com.owncloud.android.lib.resources.status.HttpScheme.HTTPS_SCHEME import com.owncloud.android.lib.resources.status.HttpScheme.HTTPS_SCHEME
import com.owncloud.android.lib.resources.status.HttpScheme.HTTP_SCHEME import com.owncloud.android.lib.resources.status.HttpScheme.HTTP_SCHEME
import org.json.JSONObject import org.json.JSONObject
@ -36,14 +37,20 @@ import java.util.concurrent.TimeUnit
internal class StatusRequester { internal class StatusRequester {
private fun checkIfConnectionIsRedirectedToNoneSecure( /**
isConnectionSecure: Boolean, * This function is ment to detect if a redirect from a secure to an unsecure connection
* was made. If only connections from unsecure connections to unsecure connections were made
* this function should not return true, because if the whole redirect chain was unsecure
* we assume it was a debug setup.
*/
fun isRedirectedToNonSecureConnection(
redirectedToUnsecureLocationBefore: Boolean,
baseUrl: String, baseUrl: String,
redirectedUrl: String redirectedUrl: String
): Boolean { ) = redirectedToUnsecureLocationBefore
return isConnectionSecure || || (baseUrl.startsWith(HTTPS_SCHEME)
(baseUrl.startsWith(HTTPS_SCHEME) && redirectedUrl.startsWith(HTTP_SCHEME)) && (!redirectedUrl.startsWith(HTTPS_SCHEME))
} && redirectedUrl.startsWith(HTTP_SCHEME))
fun updateLocationWithRedirectPath(oldLocation: String, redirectedLocation: String): String { fun updateLocationWithRedirectPath(oldLocation: String, redirectedLocation: String): String {
if (!redirectedLocation.startsWith("/")) if (!redirectedLocation.startsWith("/"))
@ -84,7 +91,7 @@ internal class StatusRequester {
} else { } else {
val nextLocation = updateLocationWithRedirectPath(currentLocation, result.redirectedLocation) val nextLocation = updateLocationWithRedirectPath(currentLocation, result.redirectedLocation)
redirectedToUnsecureLocation = redirectedToUnsecureLocation =
checkIfConnectionIsRedirectedToNoneSecure( isRedirectedToNonSecureConnection(
redirectedToUnsecureLocation, redirectedToUnsecureLocation,
currentLocation, currentLocation,
nextLocation nextLocation

39
owncloudComLibrary/src/test/java/com/owncloud/android/lib/StatusRequestorTest.kt
View File

@ -26,39 +26,68 @@ package com.owncloud.android.lib
import com.owncloud.android.lib.resources.status.StatusRequester import com.owncloud.android.lib.resources.status.StatusRequester
import org.junit.Assert.assertEquals import org.junit.Assert.assertEquals
import org.junit.Assert.assertFalse
import org.junit.Assert.assertTrue
import org.junit.Test import org.junit.Test
class StatusRequestorTest { class StatusRequestorTest {
private val requestor = StatusRequester() private val requester = StatusRequester()
@Test @Test
fun `update location - ok - absolute path`() { fun `update location - ok - absolute path`() {
val newLocation = requestor.updateLocationWithRedirectPath(TEST_DOMAIN, "$TEST_DOMAIN$SUB_PATH") val newLocation = requester.updateLocationWithRedirectPath(TEST_DOMAIN, "$TEST_DOMAIN$SUB_PATH")
assertEquals("$TEST_DOMAIN$SUB_PATH", newLocation) assertEquals("$TEST_DOMAIN$SUB_PATH", newLocation)
} }
@Test @Test
fun `update location - ok - smaller absolute path`() { fun `update location - ok - smaller absolute path`() {
val newLocation = requestor.updateLocationWithRedirectPath("$TEST_DOMAIN$SUB_PATH", TEST_DOMAIN) val newLocation = requester.updateLocationWithRedirectPath("$TEST_DOMAIN$SUB_PATH", TEST_DOMAIN)
assertEquals(TEST_DOMAIN, newLocation) assertEquals(TEST_DOMAIN, newLocation)
} }
@Test @Test
fun `update location - ok - relative path`() { fun `update location - ok - relative path`() {
val newLocation = requestor.updateLocationWithRedirectPath(TEST_DOMAIN, SUB_PATH) val newLocation = requester.updateLocationWithRedirectPath(TEST_DOMAIN, SUB_PATH)
assertEquals("$TEST_DOMAIN$SUB_PATH", newLocation) assertEquals("$TEST_DOMAIN$SUB_PATH", newLocation)
} }
@Test @Test
fun `update location - ok - replace relative path`() { fun `update location - ok - replace relative path`() {
val newLocation = requestor.updateLocationWithRedirectPath( val newLocation = requester.updateLocationWithRedirectPath(
"$TEST_DOMAIN/some/other/subdir", SUB_PATH "$TEST_DOMAIN/some/other/subdir", SUB_PATH
) )
assertEquals("$TEST_DOMAIN$SUB_PATH", newLocation) assertEquals("$TEST_DOMAIN$SUB_PATH", newLocation)
} }
@Test
fun `check redirect to unsecure connection - ok - redirect to http`() {
assertTrue(requester.isRedirectedToNonSecureConnection(
false, SECURE_DOMAIN, UNSECURE_DOMAIN))
}
@Test
fun `check redirect to unsecure connection - ko - redirect to https from http`() {
assertFalse(requester.isRedirectedToNonSecureConnection(
false, UNSECURE_DOMAIN, SECURE_DOMAIN))
}
@Test
fun `check redirect to unsecure connection - ko - from https to https`() {
assertFalse(requester.isRedirectedToNonSecureConnection(
false, SECURE_DOMAIN, SECURE_DOMAIN))
}
@Test
fun `check redirect to unsecure connection - ok - from https to https with previous http`() {
assertTrue(requester.isRedirectedToNonSecureConnection(
true, SECURE_DOMAIN, SECURE_DOMAIN))
}
companion object { companion object {
const val TEST_DOMAIN = "https://cloud.somewhere.com" const val TEST_DOMAIN = "https://cloud.somewhere.com"
const val SUB_PATH = "/subdir" const val SUB_PATH = "/subdir"
const val SECURE_DOMAIN = "https://cloud.somewhere.com"
const val UNSECURE_DOMAIN = "http://somewhereelse.org"
} }
} }