From 6af47d648a52a1257d24fc30ad031889cf30dd40 Mon Sep 17 00:00:00 2001
From: Matthew Scibilia <mscibilia91@gmail.com>
Date: Wed, 1 Apr 2020 00:28:51 +0800
Subject: [PATCH] refactor: Refactored to remove hasH2Console boolean flag and
 replace it with a check on the H2 console properties/path.

Fix #1307
---
 .../ContentSecurityPolicyHeaderWriter.java    |  3 +-
 .../spring/security/SecurityConfig.java       |  9 +++---
 ...ContentSecurityPolicyHeaderWriterTest.java | 32 +++++++------------
 3 files changed, 16 insertions(+), 28 deletions(-)

diff --git a/src/main/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriter.java b/src/main/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriter.java
index f5ed62af9c..fe9c030b45 100644
--- a/src/main/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriter.java
+++ b/src/main/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriter.java
@@ -151,7 +151,6 @@ class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
 	
 	private final boolean useCdn;
 	private final boolean useSingleHost;
-	private final boolean hasH2Console;
 	private final String host;
 	private final String h2ConsolePath;
 	
@@ -167,7 +166,7 @@ public void writeHeaders(HttpServletRequest request, HttpServletResponse respons
 	protected String constructDirectives(String uri) {
 		boolean onCollectionInfoPage = uri.startsWith(COLLECTION_INFO_PAGE_PATTERN);
 		boolean onAddSeriesPage = uri.equals(SeriesUrl.ADD_SERIES_PAGE);
-		boolean onH2ConsolePage = hasH2Console && uri.startsWith(h2ConsolePath);
+		boolean onH2ConsolePage = h2ConsolePath != null && uri.startsWith(h2ConsolePath);
 		
 		StringBuilder sb = new StringBuilder();
 		
diff --git a/src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java b/src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java
index 52b7a3de0a..7c6d92a096 100644
--- a/src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java
+++ b/src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java
@@ -87,22 +87,21 @@ public void configure(WebSecurity web) throws Exception {
 	protected void configure(HttpSecurity http) throws Exception {
 		boolean useSingleHost = !environment.acceptsProfiles("prod");
 		boolean useCdn = environment.getProperty("app.use-cdn", Boolean.class, Boolean.TRUE);
-		boolean hasH2Console = environment.acceptsProfiles("test");
 		
 		// @todo #226 Introduce app.use-public-hostname property
 		boolean usePublicHostname = environment.acceptsProfiles("prod");
 		String hostname = usePublicHostname ? SiteUrl.PUBLIC_URL : SiteUrl.SITE;
 
-		String h2ConsolePath = hasH2Console ? h2ConsoleProperties.getPath() : null;
+		String h2ConsolePath = h2ConsoleProperties == null ? null : h2ConsoleProperties.getPath();
 
 		// Allow unsecured requests to H2 consoles if available.
 		// See also spring.h2.console.path in application-test.properties
 		String[] pathsToIgnore =
-			hasH2Console ? new String[]{h2ConsolePath + "/**", SiteUrl.CSP_REPORTS_HANDLER}
-			             : new String[]{SiteUrl.CSP_REPORTS_HANDLER};
+			h2ConsolePath == null ? new String[]{SiteUrl.CSP_REPORTS_HANDLER}
+			                      : new String[]{h2ConsolePath + "/**", SiteUrl.CSP_REPORTS_HANDLER};
 		
 		ContentSecurityPolicyHeaderWriter cspWriter =
-			new ContentSecurityPolicyHeaderWriter(useCdn, useSingleHost, hasH2Console, hostname, h2ConsolePath);
+			new ContentSecurityPolicyHeaderWriter(useCdn, useSingleHost, hostname, h2ConsolePath);
 		
 		http
 			.authorizeRequests()
diff --git a/src/test/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriterTest.java b/src/test/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriterTest.java
index c850060016..a0bfe4a8b1 100644
--- a/src/test/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriterTest.java
+++ b/src/test/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriterTest.java
@@ -31,6 +31,7 @@
 import javax.servlet.http.HttpServletResponse;
 
 import static io.qala.datagen.RandomShortApi.bool;
+import static io.qala.datagen.RandomShortApi.nullOr;
 
 public class ContentSecurityPolicyHeaderWriterTest implements WithAssertions {
 	
@@ -51,11 +52,10 @@ public class ContentSecurityPolicyHeaderWriterTest implements WithAssertions {
 	public void writeContentSecurityPolicyHeader() {
 		// given
 		ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
-				bool(),
 				bool(),
 				bool(),
 				Random.host(),
-				H2_CONSOLE_PATH
+				nullOr(H2_CONSOLE_PATH)
 			);
 		HttpServletRequest request = new MockHttpServletRequest();
 		HttpServletResponse response = new MockHttpServletResponse();
@@ -85,9 +85,8 @@ public void onIndexPageWithLocalResources() {
 		ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
 				false,
 				true,
-				bool(),
 				SiteUrl.SITE,
-			    H2_CONSOLE_PATH
+				nullOr(H2_CONSOLE_PATH)
 			);
 		String[] directives = writer.constructDirectives("/").split(";");
 		
@@ -108,9 +107,8 @@ public void onIndexPageWithResourcesFromCdn() {
 		ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
 			true,
 			false,
-			bool(),
 			SiteUrl.PUBLIC_URL,
-			H2_CONSOLE_PATH
+			nullOr(H2_CONSOLE_PATH)
 		);
 		String[] directives = writer.constructDirectives("/").split(";");
 		
@@ -144,9 +142,8 @@ public void onCollectionInfoPageWithLocalResources() {
 		ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
 				false,
 				true,
-				bool(),
 				Random.host(),
-				H2_CONSOLE_PATH
+				nullOr(H2_CONSOLE_PATH)
 			);
 		String[] directives = writer.constructDirectives("/collection/user").split(";");
 		
@@ -176,9 +173,8 @@ public void onCollectionInfoPageWithResourcesFromCdn() {
 		ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
 				true,
 				false,
-				bool(),
 				Random.host(),
-				H2_CONSOLE_PATH
+				nullOr(H2_CONSOLE_PATH)
 			);
 		String[] directives = writer.constructDirectives("/collection/user").split(";");
 		
@@ -211,9 +207,8 @@ public void onSeriesAddImagePageWithLocalResources() {
 		ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
 				false,
 				true,
-				bool(),
 				Random.host(),
-				H2_CONSOLE_PATH
+				nullOr(H2_CONSOLE_PATH)
 			);
 		
 		for (String page : new String[]{"/series/11", "/series/12/ask", "/series/13/image"}) {
@@ -239,9 +234,8 @@ public void onSeriesAddImagePageWithResourcesFromCdn() {
 		ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
 				true,
 				false,
-				bool(),
 				Random.host(),
-				H2_CONSOLE_PATH
+				nullOr(H2_CONSOLE_PATH)
 			);
 		
 		for (String page : new String[]{"/series/11", "/series/12/ask", "/series/13/image"}) {
@@ -277,9 +271,8 @@ public void onSeriesAddPageWithLocalResources() {
 		ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
 				false,
 				true,
-				bool(),
 				Random.host(),
-				H2_CONSOLE_PATH
+				nullOr(H2_CONSOLE_PATH)
 			);
 		String[] directives = writer.constructDirectives("/series/add").split(";");
 		
@@ -310,9 +303,8 @@ public void onSeriesAddPageWithResourcesFromCdn() {
 		ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
 				true,
 				false,
-				bool(),
 				Random.host(),
-				H2_CONSOLE_PATH
+				nullOr(H2_CONSOLE_PATH)
 			);
 		String[] directives = writer.constructDirectives("/series/add").split(";");
 		
@@ -346,7 +338,6 @@ public void onH2ConsoleWithLocalResources() {
 		ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
 				false,
 				true,
-				true,
 				Random.host(),
 				H2_CONSOLE_PATH
 			);
@@ -379,9 +370,8 @@ public void onH2ConsoleWithResourcesFromCdn() {
 		ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
 				true,
 				false,
-				false,
 				Random.host(),
-				H2_CONSOLE_PATH
+				null
 			);
 		String[] directives = writer.constructDirectives("/console/").split(";");