Commit graph

10 commits

Author SHA1 Message Date
Andras Timar
0002fdfd6c fix license headers
Change-Id: I8623770b32d278a45357dc7f757fabfadd2b4af7
2020-10-01 11:56:43 +02:00
Gülşah Köse
845554a6a3 Revert "wsd: parse headers with Poco::MessageHeader"
This reverts commit dbc562d9ab.

tst-05694-05694 2020-08-26 12:59:14.343136 [ unittest ]
ERR Invalid HTTP header [def]: Malformed message:
Field name too long/no colon found| ../common/Util.cpp:980

Following part of the code tests a request with corrupted http header:
    Authorization auth2(Authorization::Type::Header, "def");
    Poco::Net::HTTPRequest req2;
    auth2.authorizeRequest(req2);
    LOK_ASSERT(!req2.has("Authorization"));

Poco library throws exception.

Change-Id: Ic31a80c0e1e325de27c23059e2bcb3f00d39ad16
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/101887
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Gülşah Köse <gulsah.kose@collabora.com>
2020-09-01 23:17:03 +02:00
Ashod Nakashian
dbc562d9ab wsd: parse headers with Poco::MessageHeader
Our header parses was overly simplistic and
didn't support a number of corner cases that
rfc2616 specifies (folding, for example). The
new approach is to simply normalize the headers by
removing invalid line-breaks and then let the
MessageHeader parser take care of parsing the
headers individually, which we then set on the request.

The new utility setHttpHeaders should be used
whenever we need to set a header in an request
to make sure it are sanitized and valid.

Change-Id: Ifa16fa9364f42183316749276c5d0a4c556cb740
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/96371
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ash@collabora.com>
2020-08-11 20:04:20 +02:00
Ashod Nakashian
fa96934861 wsd: Authorization parsing and creation improvements
Authorization class now handles the parsing and creation
of its instances, which makes it centralized.

We also avoid repeatedly constructing Authorization objects
in ClientSession and instead do it once at construction
and cache it.

A bunch of new unit-tests added.

Change-Id: I9b5939be51a5957214d07ed8f1096efd179686c6
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/96825
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
2020-07-01 07:33:57 +02:00
Jan Holesovsky
2c246eed85 Sanitize the access_header.
The access_header can contain a lot of nonsense, like whitespace around
or additional \n's or \r's.  We used to sanitize that, but then
regressed in e95413d151 where the
"tokenize by any of \n\r" was by mistake replaced with "tokenize by
string '\n\r'".

Unfortunately the unit test didn't uncover that, and the further
refactorings of the related code have hidden that even more.

Change-Id: Ie2bf950d0426292770b599e40ee2401101162ff2
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/96638
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
2020-06-19 11:48:44 +02:00
Ashod Nakashian
d2d0492245 wsd: move LOOLProtocol::tokenize to Util::tokenize
The tokenizer(s) are more generic than the protocol
logic, and are used from contexts that don't involve
the protocol as such.

Change-Id: Ie8c256bf11a91e466bff794021f41603c9596a7f
2020-06-02 18:03:36 +01:00
Pranam Lashkari
8aa9b37b86 removed tokenize method with regex
Added new tokenize method with const char* delimiter

Change-Id: Id1c4e89e5418d66aaf348ff4d8c3855f80fb4656
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/83574
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-05-04 15:11:26 +02:00
Pranam Lashkari
a019c93d90 Resolved: Server crash when link opened in new tab
When trying to open a link normally from help->Online help
nothing happens but the popup is closed.

When trying to open a like forcefully in new tab
from help->online help it crashes the server.

Change-Id: I7e0944ebe521002625a84e155e379ed7e25d2309
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/85466
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-01-22 23:23:51 +01:00
Pranam Lashkari
e95413d151 killpoco: removed StringTokenizer from common directory
removed use of Poco::StringTokenizer from the common directory
used LOOLProtocol::tokenize and std::vecor<std::string>

regex is used in Authorization.cpp due to limitation of toeknize mathod
regular expression helps to keep the original intention of the code

Change-Id: Ic87597d8b30cb385000f983389a57dc5d2533d98
Reviewed-on: https://gerrit.libreoffice.org/82575
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2019-11-15 14:54:29 +01:00
Tomaž Vajngerl
73c8fa9d09 Extract Authorization out of Auth and put it into common
This is needed so we can use this inside ChildSession.

Change-Id: I88f2cc767412fd52dbb242938f0f9897d4277639
Reviewed-on: https://gerrit.libreoffice.org/63836
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
Tested-by: Tomaž Vajngerl <quikee@gmail.com>
2018-11-29 21:47:13 +01:00