Rossen Stoyanchev
parent
08669cc7c3
commit
30d68f2de7
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -224,6 +224,7 @@ public class SimpMessagingTemplate extends AbstractMessageSendingTemplate<String
|
|||
throws MessagingException {
|
||||
|
||||
Assert.notNull(user, "User must not be null");
|
||||
Assert.isTrue(!user.contains("%2F"), "Invalid sequence \"%2F\" in user name: " + user);
|
||||
user = StringUtils.replace(user, "/", "%2F");
|
||||
destination = destination.startsWith("/") ? destination : "/" + destination;
|
||||
super.convertAndSend(this.destinationPrefix + user + destination, payload, headers, postProcessor);
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -203,6 +203,7 @@ public class DefaultUserDestinationResolver implements UserDestinationResolver {
|
|||
}
|
||||
Principal principal = SimpMessageHeaderAccessor.getUser(headers);
|
||||
String user = (principal != null ? principal.getName() : null);
|
||||
Assert.isTrue(user == null || !user.contains("%2F"), "Invalid sequence \"%2F\" in user name: " + user);
|
||||
Set<String> sessionIds = Collections.singleton(sessionId);
|
||||
return new ParseResult(sourceDestination, actualDestination, sourceDestination, sessionIds, user);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ import org.springframework.messaging.support.NativeMessageHeaderAccessor;
|
|||
import org.springframework.util.LinkedMultiValueMap;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link org.springframework.messaging.simp.SimpMessagingTemplate}.
|
||||
|
|
@ -86,6 +87,12 @@ public class SimpMessagingTemplateTests {
|
|||
assertThat(headerAccessor.getDestination()).isEqualTo("/user/https:%2F%2Fjoe.openid.example.org%2F/queue/foo");
|
||||
}
|
||||
|
||||
@Test // gh-23836
|
||||
public void convertAndSendToUserWithInvalidSequence() {
|
||||
assertThatIllegalArgumentException().isThrownBy(() ->
|
||||
this.messagingTemplate.convertAndSendToUser("joe%2F", "/queue/foo", "data"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void convertAndSendWithCustomHeader() {
|
||||
Map<String, Object> headers = Collections.<String, Object>singletonMap("key", "value");
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ import org.springframework.messaging.support.MessageBuilder;
|
|||
import org.springframework.util.StringUtils;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||
import static org.mockito.BDDMockito.given;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
|
|
@ -113,6 +114,15 @@ public class DefaultUserDestinationResolverTests {
|
|||
assertThat(actual.getUser()).isNull();
|
||||
}
|
||||
|
||||
@Test // gh-23836
|
||||
public void handleSubscribeInvalidUserName() {
|
||||
TestPrincipal user = new TestPrincipal("joe%2F");
|
||||
String sourceDestination = "/user/queue/foo";
|
||||
|
||||
Message<?> message = createMessage(SimpMessageType.SUBSCRIBE, user, "123", sourceDestination);
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.resolver.resolveDestination(message));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void handleUnsubscribe() {
|
||||
TestPrincipal user = new TestPrincipal("joe");
|
||||
|
|
|
|||
Loading…
Reference in New Issue