Skip to content

Commit

Permalink
FINERACT-1873: Template request fix for 1.7.x
Browse files Browse the repository at this point in the history
  • Loading branch information
vidakovic committed Feb 21, 2023
1 parent 71b73db commit 983066b
Show file tree
Hide file tree
Showing 5 changed files with 78 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

package org.apache.fineract.infrastructure.core.config;

import java.util.List;
import lombok.Getter;
import lombok.Setter;
import org.springframework.boot.context.properties.ConfigurationProperties;
Expand All @@ -34,6 +35,8 @@ public class FineractProperties {

private FineractModeProperties mode;

private FineractTemplateProperties template;

@Getter
@Setter
public static class FineractTenantProperties {
Expand Down Expand Up @@ -61,4 +64,12 @@ public boolean isReadOnlyMode() {
return readEnabled && !writeEnabled && !batchEnabled;
}
}

@Getter
@Setter
public static class FineractTemplateProperties {

private boolean regexWhitelistEnabled;
private List<String> regexWhitelist;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.fineract.template.exception;

import org.apache.fineract.infrastructure.core.exception.AbstractPlatformResourceNotFoundException;

public class TemplateForbiddenException extends AbstractPlatformResourceNotFoundException {

public TemplateForbiddenException(final String url) {
super("error.msg.template.url.forbidden", "Template with url " + url + " not allowed");
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -38,19 +38,23 @@
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.apache.fineract.infrastructure.core.config.FineractProperties;
import org.apache.fineract.template.domain.Template;
import org.apache.fineract.template.domain.TemplateFunctions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.fineract.template.exception.TemplateForbiddenException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;

@Slf4j
@RequiredArgsConstructor
@Service
public class TemplateMergeService {

private static final Logger LOG = LoggerFactory.getLogger(TemplateMergeService.class);

// private final FromJsonHelper fromApiJsonHelper;
private final FineractProperties fineractProperties;
private Map<String, Object> scopes;
private String authToken;

Expand Down Expand Up @@ -92,7 +96,7 @@ private Map<String, Object> getCompiledMapFromMappers(final Map<String, String>
try {
this.scopes.put(entry.getKey(), getMapFromUrl(url));
} catch (final IOException e) {
LOG.error("getCompiledMapFromMappers() failed", e);
log.error("getCompiledMapFromMappers() failed", e);
}
}
}
Expand All @@ -114,6 +118,26 @@ private Map<String, Object> getMapFromUrl(final String url) throws IOException {
}

private HttpURLConnection getConnection(final String url) {
if (fineractProperties.getTemplate() != null && fineractProperties.getTemplate().isRegexWhitelistEnabled()) {
boolean whitelisted = false;

if (fineractProperties.getTemplate().getRegexWhitelist() != null
&& !fineractProperties.getTemplate().getRegexWhitelist().isEmpty()) {
for (String urlPattern : fineractProperties.getTemplate().getRegexWhitelist()) {
Pattern pattern = Pattern.compile(urlPattern);
Matcher matcher = pattern.matcher(url);
if (matcher.matches()) {
whitelisted = true;
break;
}
}
}

if (!whitelisted) {
throw new TemplateForbiddenException(url);
}
}

if (this.authToken == null) {
final String name = SecurityContextHolder.getContext().getAuthentication().getName();
final String password = SecurityContextHolder.getContext().getAuthentication().getCredentials().toString();
Expand All @@ -138,7 +162,7 @@ protected PasswordAuthentication getPasswordAuthentication() {
connection.setDoInput(true);

} catch (IOException | KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
LOG.error("getConnection() failed, return null", e);
log.error("getConnection() failed, return null", e);
}

return connection;
Expand All @@ -158,13 +182,13 @@ private static String getStringFromInputStream(final InputStream is) {
}

} catch (final IOException e) {
LOG.error("getStringFromInputStream() failed", e);
log.error("getStringFromInputStream() failed", e);
} finally {
if (br != null) {
try {
br.close();
} catch (final IOException e) {
LOG.error("Problem occurred in getStringFromInputStream function", e);
log.error("Problem occurred in getStringFromInputStream function", e);
}
}
}
Expand Down
3 changes: 3 additions & 0 deletions fineract-provider/src/main/resources/application.properties
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@ fineract.content.regex-whitelist=${FINERACT_CONTENT_REGEX_WHITELIST:.*\\.pdf$,.*
fineract.content.mime-whitelist-enabled=${FINERACT_CONTENT_MIME_WHITELIST_ENABLED:true}
fineract.content.mime-whitelist=${FINERACT_CONTENT_MIME_WHITELIST:application/pdf,application/msword,application/vnd.openxmlformats-officedocument.wordprocessingml.document,application/vnd.ms-excel,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet,image/jpeg,image/png}

fineract.template.regex-whitelist-enabled=${FINERACT_TEMPLATE_REGEX_WHITELIST_ENABLED:true}
fineract.template.regex-whitelist=${FINERACT_TEMPLATE_REGEX_WHITELIST:}

management.health.jms.enabled=false

# FINERACT 1296
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,12 @@
import org.apache.commons.io.IOUtils;
import org.apache.fineract.template.domain.Template;
import org.apache.fineract.template.domain.TemplateMapper;
import org.springframework.beans.factory.annotation.Autowired;

public class TemplateServiceStepDefinitions implements En {

private TemplateMergeService tms = new TemplateMergeService();

@Autowired
private TemplateMergeService tms;
private String template;

private Map<String, Object> data;
Expand Down

0 comments on commit 983066b

Please sign in to comment.