pac4j: auth redirect doesn't work if application.path is set fix #624

Author: jknack

coverage-report/src/test/java/org/jooby/issues/Issue572.java

@@ -1,15 +1,14 @@
 package org.jooby.issues;
 
-import static org.junit.Assert.assertEquals;
-
+import com.typesafe.config.ConfigFactory;
+import com.typesafe.config.ConfigValueFactory;
 import org.jooby.pac4j.Auth;
 import org.jooby.test.ServerFeature;
 import org.jsoup.Jsoup;
 import org.jsoup.nodes.Document;
 import org.junit.Test;
 
-import com.typesafe.config.ConfigFactory;
-import com.typesafe.config.ConfigValueFactory;
+import static org.junit.Assert.*;
 
 public class Issue572 extends ServerFeature {
 
@@ -45,7 +44,7 @@ public void loginPage() throws Exception {
         .expect(rsp -> {
           Document html = Jsoup.parse(rsp);
           String action = (html.select("form").attr("action"));
-          assertEquals("/auth?client_name=FormClient", action);
+          assertEquals("/572/auth?client_name=FormClient", action);
         });
   }
 

coverage-report/src/test/java/org/jooby/issues/Issue572b.java

@@ -1,19 +1,21 @@
 package org.jooby.issues;
 
-import static org.junit.Assert.assertEquals;
-
 import org.jooby.pac4j.Auth;
 import org.jooby.test.ServerFeature;
 import org.jsoup.Jsoup;
 import org.jsoup.nodes.Document;
 import org.junit.Test;
 
+import static org.junit.Assert.*;
+
 public class Issue572b extends ServerFeature {
 
   {
     use(new Auth());
 
-    get("/", req -> req.path());
+    get("/", req -> {
+      return req.path();
+    });
   }
 
   @Test

coverage-report/src/test/java/org/jooby/issues/Issue624.java

@@ -0,0 +1,28 @@
+package org.jooby.issues;
+
+import com.typesafe.config.ConfigFactory;
+import com.typesafe.config.ConfigValueFactory;
+import org.jooby.pac4j.Auth;
+import org.jooby.test.ServerFeature;
+import org.junit.Test;
+
+public class Issue624 extends ServerFeature {
+
+  {
+    use(ConfigFactory.empty()
+        .withValue("auth.login.redirectTo", ConfigValueFactory.fromAnyRef("/afterlogin"))
+        .withValue("application.path", ConfigValueFactory.fromAnyRef("/624")));
+
+    use(new Auth());
+
+    get("/afterlogin", req -> req.path());
+  }
+
+  @Test
+  public void shouldForceARedirect() throws Exception {
+    request()
+        .get("/624/auth?username=test&password=test")
+        .expect("/afterlogin");
+  }
+
+}

coverage-report/src/test/java/org/jooby/issues/Issue624b.java

@@ -0,0 +1,27 @@
+package org.jooby.issues;
+
+import com.typesafe.config.ConfigFactory;
+import com.typesafe.config.ConfigValueFactory;
+import org.jooby.pac4j.Auth;
+import org.jooby.test.ServerFeature;
+import org.junit.Test;
+
+public class Issue624b extends ServerFeature {
+
+  {
+    use(ConfigFactory.empty()
+        .withValue("auth.login.redirectTo", ConfigValueFactory.fromAnyRef("/afterlogin")));
+
+    use(new Auth());
+
+    get("/afterlogin", req -> req.path());
+  }
+
+  @Test
+  public void shouldForceARedirect() throws Exception {
+    request()
+        .get("/auth?username=test&password=test")
+        .expect("/afterlogin");
+  }
+
+}

coverage-report/src/test/java/org/jooby/issues/Issue624c.java

@@ -0,0 +1,39 @@
+package org.jooby.issues;
+
+import com.typesafe.config.ConfigFactory;
+import com.typesafe.config.ConfigValueFactory;
+import org.jooby.pac4j.Auth;
+import org.jooby.test.ServerFeature;
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Document;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+public class Issue624c extends ServerFeature {
+
+  {
+    use(ConfigFactory.empty()
+        .withValue("application.path", ConfigValueFactory.fromAnyRef("/624")));
+
+    use(new Auth());
+
+    get("/saved-url", req -> req.path());
+  }
+
+  @Test
+  public void shouldForceARedirect() throws Exception {
+    request()
+        .get("/624/saved-url")
+        .expect(rsp -> {
+          Document html = Jsoup.parse(rsp);
+          String action = (html.select("form").attr("action"));
+          assertEquals("/624/auth?client_name=FormClient", action);
+        });
+
+    request()
+        .get("/624/auth?username=test&password=test")
+        .expect("/saved-url");
+  }
+
+}

coverage-report/src/test/java/org/jooby/issues/Issue624d.java

@@ -0,0 +1,34 @@
+package org.jooby.issues;
+
+import org.jooby.pac4j.Auth;
+import org.jooby.test.ServerFeature;
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Document;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+public class Issue624d extends ServerFeature {
+
+  {
+    use(new Auth());
+
+    get("/saved-url", req -> req.path());
+  }
+
+  @Test
+  public void shouldForceARedirect() throws Exception {
+    request()
+        .get("/saved-url")
+        .expect(rsp -> {
+          Document html = Jsoup.parse(rsp);
+          String action = (html.select("form").attr("action"));
+          assertEquals("/auth?client_name=FormClient", action);
+        });
+
+    request()
+        .get("/auth?username=test&password=test")
+        .expect("/saved-url");
+  }
+
+}

jooby-pac4j/src/main/java/org/jooby/internal/pac4j/AuthCallback.java

@@ -6,9 +6,9 @@
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -18,13 +18,7 @@
  */
 package org.jooby.internal.pac4j;
 
-import static java.util.Objects.requireNonNull;
-
-import java.util.List;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-
+import com.google.common.base.Strings;
 import org.jooby.Request;
 import org.jooby.Response;
 import org.jooby.Route;
@@ -42,24 +36,33 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.util.List;
+import java.util.Optional;
+
+import static java.util.Objects.*;
+
 @SuppressWarnings("rawtypes")
 public class AuthCallback implements Route.Filter {
 
-  /** The logging system. */
+  /**
+   * The logging system.
+   */
   private final Logger log = LoggerFactory.getLogger(getClass());
 
   private AuthStore store;
 
   private Clients clients;
 
-  private String redirectTo;
+  private Optional<String> redirectTo;
 
   @Inject
   public AuthCallback(final Clients clients, final AuthStore store,
       @Named("auth.login.redirectTo") final String redirectTo) {
     this.clients = requireNonNull(clients, "Clients are required.");
     this.store = requireNonNull(store, "Auth store is required.");
-    this.redirectTo = requireNonNull(redirectTo, "RedirectTo is required.");
+    this.redirectTo = Optional.ofNullable(Strings.emptyToNull(redirectTo));
   }
 
   @SuppressWarnings("unchecked")
@@ -90,14 +93,11 @@ public void handle(final Request req, final Response rsp, final Chain chain) thr
         store.set(profile);
       }
 
-      // where to go? if there is a local var set, it use that. If there is a session var set, it
-      // use that. Otherwise, it use the global property: "auth.login.redirectTo".
-      String requestedUrl = req.<String> ifGet(Pac4jConstants.REQUESTED_URL).orElseGet(() -> {
-        return session.unset(Pac4jConstants.REQUESTED_URL).toOptional()
-            .map(url -> url.equals("/") ? this.redirectTo : url)
-            .orElse(this.redirectTo);
+      // Where to go?
+      String requestedUrl = redirectTo.orElseGet(() -> {
+        return session.unset(Pac4jConstants.REQUESTED_URL).value("/");
       });
-      log.info("redirecting to: {}", requestedUrl);
+      log.debug("redirecting to: {}", requestedUrl);
       rsp.redirect(requestedUrl);
     } catch (final HttpAction ex) {
       new AuthResponse(rsp).handle(client, ex);

jooby-pac4j/src/main/java/org/jooby/internal/pac4j/AuthContext.java

@@ -6,9 +6,9 @@
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -18,30 +18,26 @@
  */
 package org.jooby.internal.pac4j;
 
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
-import java.util.stream.Collectors;
-
-import javax.inject.Inject;
-
+import com.google.common.collect.ImmutableMap;
 import org.jooby.Cookie.Definition;
-import org.jooby.Err;
-import org.jooby.Request;
-import org.jooby.Response;
-import org.jooby.Session;
-import org.jooby.Status;
+import org.jooby.*;
 import org.pac4j.core.context.Cookie;
 import org.pac4j.core.context.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.common.collect.ImmutableMap;
+import javax.inject.Inject;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.stream.Collectors;
 
 public class AuthContext implements WebContext {
 
-  /** The logging system. */
+  /**
+   * The logging system.
+   */
   private final Logger log = LoggerFactory.getLogger(getClass());
 
   private Request req;
@@ -131,11 +127,12 @@ public String getScheme() {
   @Override
   public String getFullRequestURL() {
     String query = req.queryString().map(it -> "?" + it).orElse("");
-    return getScheme() + "://" + getServerName() + ":" + getServerPort() + req.path() + query;
+    return getScheme() + "://" + getServerName() + ":" + getServerPort() + req.contextPath() + req
+        .path() + query;
   }
 
   private Map<String, String[]> params(final Request req) {
-    ImmutableMap.Builder<String, String[]> result = ImmutableMap.<String, String[]> builder();
+    ImmutableMap.Builder<String, String[]> result = ImmutableMap.<String, String[]>builder();
 
     req.params().toMap().forEach((name, value) -> {
       try {