Skip to content

refactor: Refactored to remove hasH2Console boolean flag and replace … #1309

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 2, 2020
Merged

refactor: Refactored to remove hasH2Console boolean flag and replace … #1309

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions src/main/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,6 @@ class ContentSecurityPolicyHeaderWriter implements HeaderWriter {

private final boolean useCdn;
private final boolean useSingleHost;
private final boolean hasH2Console;
private final String host;
private final String h2ConsolePath;

Expand All @@ -167,7 +166,7 @@ public void writeHeaders(HttpServletRequest request, HttpServletResponse respons
protected String constructDirectives(String uri) {
boolean onCollectionInfoPage = uri.startsWith(COLLECTION_INFO_PAGE_PATTERN);
boolean onAddSeriesPage = uri.equals(SeriesUrl.ADD_SERIES_PAGE);
boolean onH2ConsolePage = hasH2Console && uri.startsWith(h2ConsolePath);
boolean onH2ConsolePage = h2ConsolePath != null && uri.startsWith(h2ConsolePath);

StringBuilder sb = new StringBuilder();

Expand Down
9 changes: 4 additions & 5 deletions src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,22 +87,21 @@ public void configure(WebSecurity web) throws Exception {
protected void configure(HttpSecurity http) throws Exception {
boolean useSingleHost = !environment.acceptsProfiles("prod");
boolean useCdn = environment.getProperty("app.use-cdn", Boolean.class, Boolean.TRUE);
boolean hasH2Console = environment.acceptsProfiles("test");

// @todo #226 Introduce app.use-public-hostname property
boolean usePublicHostname = environment.acceptsProfiles("prod");
String hostname = usePublicHostname ? SiteUrl.PUBLIC_URL : SiteUrl.SITE;

String h2ConsolePath = hasH2Console ? h2ConsoleProperties.getPath() : null;
String h2ConsolePath = h2ConsoleProperties == null ? null : h2ConsoleProperties.getPath();

// Allow unsecured requests to H2 consoles if available.
// See also spring.h2.console.path in application-test.properties
String[] pathsToIgnore =
hasH2Console ? new String[]{h2ConsolePath + "/**", SiteUrl.CSP_REPORTS_HANDLER}
: new String[]{SiteUrl.CSP_REPORTS_HANDLER};
h2ConsolePath == null ? new String[]{SiteUrl.CSP_REPORTS_HANDLER}
: new String[]{h2ConsolePath + "/**", SiteUrl.CSP_REPORTS_HANDLER};

ContentSecurityPolicyHeaderWriter cspWriter =
new ContentSecurityPolicyHeaderWriter(useCdn, useSingleHost, hasH2Console, hostname, h2ConsolePath);
new ContentSecurityPolicyHeaderWriter(useCdn, useSingleHost, hostname, h2ConsolePath);

http
.authorizeRequests()
Expand Down
32 changes: 11 additions & 21 deletions ...t/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriterTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
import javax.servlet.http.HttpServletResponse;

import static io.qala.datagen.RandomShortApi.bool;
import static io.qala.datagen.RandomShortApi.nullOr;

public class ContentSecurityPolicyHeaderWriterTest implements WithAssertions {

Expand All @@ -51,11 +52,10 @@ public class ContentSecurityPolicyHeaderWriterTest implements WithAssertions {
public void writeContentSecurityPolicyHeader() {
// given
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
bool(),
bool(),
bool(),
Random.host(),
H2_CONSOLE_PATH
nullOr(H2_CONSOLE_PATH)
);
HttpServletRequest request = new MockHttpServletRequest();
HttpServletResponse response = new MockHttpServletResponse();
Expand Down Expand Up @@ -85,9 +85,8 @@ public void onIndexPageWithLocalResources() {
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
false,
true,
bool(),
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everywhere where we used bool(), I suggest to use nullOr(H2_CONSOLE_PATH) to have the similar behavior as before.

SiteUrl.SITE,
H2_CONSOLE_PATH
nullOr(H2_CONSOLE_PATH)
);
String[] directives = writer.constructDirectives("/").split(";");

Expand All @@ -108,9 +107,8 @@ public void onIndexPageWithResourcesFromCdn() {
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
true,
false,
bool(),
SiteUrl.PUBLIC_URL,
H2_CONSOLE_PATH
nullOr(H2_CONSOLE_PATH)
);
String[] directives = writer.constructDirectives("/").split(";");

Expand Down Expand Up @@ -144,9 +142,8 @@ public void onCollectionInfoPageWithLocalResources() {
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
false,
true,
bool(),
Random.host(),
H2_CONSOLE_PATH
nullOr(H2_CONSOLE_PATH)
);
String[] directives = writer.constructDirectives("/collection/user").split(";");

Expand Down Expand Up @@ -176,9 +173,8 @@ public void onCollectionInfoPageWithResourcesFromCdn() {
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
true,
false,
bool(),
Random.host(),
H2_CONSOLE_PATH
nullOr(H2_CONSOLE_PATH)
);
String[] directives = writer.constructDirectives("/collection/user").split(";");

Expand Down Expand Up @@ -211,9 +207,8 @@ public void onSeriesAddImagePageWithLocalResources() {
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
false,
true,
bool(),
Random.host(),
H2_CONSOLE_PATH
nullOr(H2_CONSOLE_PATH)
);

for (String page : new String[]{"/series/11", "/series/12/ask", "/series/13/image"}) {
Expand All @@ -239,9 +234,8 @@ public void onSeriesAddImagePageWithResourcesFromCdn() {
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
true,
false,
bool(),
Random.host(),
H2_CONSOLE_PATH
nullOr(H2_CONSOLE_PATH)
);

for (String page : new String[]{"/series/11", "/series/12/ask", "/series/13/image"}) {
Expand Down Expand Up @@ -277,9 +271,8 @@ public void onSeriesAddPageWithLocalResources() {
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
false,
true,
bool(),
Random.host(),
H2_CONSOLE_PATH
nullOr(H2_CONSOLE_PATH)
);
String[] directives = writer.constructDirectives("/series/add").split(";");

Expand Down Expand Up @@ -310,9 +303,8 @@ public void onSeriesAddPageWithResourcesFromCdn() {
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
true,
false,
bool(),
Random.host(),
H2_CONSOLE_PATH
nullOr(H2_CONSOLE_PATH)
);
String[] directives = writer.constructDirectives("/series/add").split(";");

Expand Down Expand Up @@ -346,7 +338,6 @@ public void onH2ConsoleWithLocalResources() {
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
false,
true,
true,
Random.host(),
H2_CONSOLE_PATH
);
Expand Down Expand Up @@ -379,9 +370,8 @@ public void onH2ConsoleWithResourcesFromCdn() {
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
true,
false,
false,
Random.host(),
H2_CONSOLE_PATH
null
);
String[] directives = writer.constructDirectives("/console/").split(";");

Expand Down