mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2026-05-01 23:16:31 +02:00
c294e9b2cb
# Description of Changes Fixes share-link navigation for SSO users. Reported on v2.9.2 with `SSOAutoLogin: true`: clicking a `/share/<token>` link in an email redirected the user to the home page after SSO instead of the shared file. ## Root cause Three compounding issues had to be fixed together; the first was the initial symptom but the other two only surfaced during live verification. 1. **Spring Security blocked `/share/<token>` for unauthenticated users.** The route wasn't in `RequestUriUtils.isPublicAuthEndpoint`, so the server 302'd straight to `/login` before React could load `ShareLinkPage`. The share URL was lost because `NullRequestCache` is configured and never persisted the original destination. 2. **`httpErrorHandler` full-page-redirected to `/login?from=<path>` on any unhandled 401** (fired by `LicenseContext`, `AppConfig`, etc. during normal ShareLinkPage mount). That *did* preserve the return path — but **Spring Security strips query strings from `/login`** (302 to bare `/login`), so `?from=` never reached React. Confirmed via `curl -i http://localhost:8080/login?from=xyz` → `Location: /login`. 3. **`AuthCallback.tsx` unconditionally `navigate("/")`** after the SAML/OAuth round-trip, discarding any intended destination. ## Fix **Backend** — make `/share/<token>` a public SPA bootstrap, data APIs stay protected: - `RequestUriUtils.isPublicAuthEndpoint` — permits `^/share/[^/]+/?$` (tight regex, single token segment only; `/share/<token>/anything` stays protected). - `ReactRoutingController` — dedicated `@GetMapping("/share/{token}")` mirroring `/auth/callback`. - `/api/v1/storage/share-links/**` remains behind Spring Security with its existing `canAccessShareLink` check. **Frontend** — persist the return path across full-page redirects via `sessionStorage` (same-origin, survives the SSO round-trip): - `httpErrorHandler.ts` — stashes current pathname to `stirling_post_login_path` before the 401 → `/login` redirect. - `springAuthClient.ts` — new `isSafePostLoginRedirect` / `setPostLoginRedirectPath` / `consumePostLoginRedirectPath` helpers (rejects protocol-relative URLs and auth-plumbing paths to guard against open-redirect abuse). - `Login.tsx` — on explicit user sign-in, read path from `location.state` or `?from=` query and stash it; don't clobber an already-stashed value. - `AuthCallback.tsx` — consume the stashed path (single-use) and `navigate(target)` instead of always `/`. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have run `task check` to verify linters, typechecks, and tests pass - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#7-testing) for more details. --------- Co-authored-by: EthanHealy01 <80844253+EthanHealy01@users.noreply.github.com>
111 lines
1.3 KiB
Plaintext
111 lines
1.3 KiB
Plaintext
# Version control
|
|
.git/
|
|
.gitignore
|
|
.git-blame-ignore-revs
|
|
.gitattributes
|
|
|
|
# Build outputs
|
|
build/
|
|
*/build/
|
|
**/build/
|
|
out/
|
|
target/
|
|
**/target/
|
|
bin/
|
|
version_builds/
|
|
|
|
# Gradle caches (local, not what's in the container)
|
|
.gradle/
|
|
**/.gradle/
|
|
.gradle-home/
|
|
|
|
# Task (go-task) cache
|
|
.task/
|
|
|
|
# Node / frontend
|
|
node_modules/
|
|
**/node_modules/
|
|
frontend/node_modules/
|
|
frontend/dist/
|
|
frontend/playwright-report/
|
|
.npm/
|
|
.yarn/
|
|
|
|
# Tauri/desktop builds
|
|
src-tauri/target/
|
|
src-tauri/dist/
|
|
frontend/src-tauri/target/
|
|
frontend/src-tauri/dist/
|
|
|
|
# IDE and editor
|
|
.idea/
|
|
.vscode/
|
|
.settings/
|
|
.settings.zip
|
|
.classpath
|
|
.project
|
|
.devcontainer/
|
|
*.iml
|
|
*.ipr
|
|
*.iws
|
|
|
|
# Logs and temp files
|
|
*.log
|
|
*.tmp
|
|
*.pid
|
|
.DS_Store
|
|
Thumbs.db
|
|
logs/
|
|
|
|
# Docker itself
|
|
Dockerfile*
|
|
.dockerignore
|
|
|
|
# CI / CD configs (not needed in build context)
|
|
.github/
|
|
.circleci/
|
|
.gitlab-ci.yml
|
|
|
|
# Test reports
|
|
**/test-results/
|
|
**/jacoco/
|
|
test_*.pdf
|
|
|
|
# Testing and documentation (not needed in build)
|
|
testing/
|
|
docs/
|
|
devGuide/
|
|
devTools/
|
|
*.md
|
|
README*
|
|
|
|
# Separate projects not consumed by the Java/frontend build
|
|
commonforms-onnx/
|
|
|
|
# Runtime mount points used by docker-compose volumes, not build input
|
|
stirling/
|
|
customFiles/
|
|
configs/
|
|
|
|
# Claude Code workspace
|
|
.claude/
|
|
|
|
# Python caches
|
|
.pytest_cache/
|
|
.ruff_cache/
|
|
__pycache__/
|
|
**/__pycache__/
|
|
|
|
# Local env
|
|
.env
|
|
.env.*
|
|
!.env.example
|
|
!engine/.env
|
|
|
|
# Misc
|
|
*.swp
|
|
*.swo
|
|
*~
|
|
.DS_Store
|
|
.cache/
|