demus/openhab-addons
1
0
Fork 0
mirror of https://github.com/openhab/openhab-addons.git synced 2025-01-10 23:22:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

[http] fix missing escaping of URLs (#9618)

Browse Source 
Signed-off-by: Jan N. Klug <jan.n.klug@rub.de>
This commit is contained in:
J-N-K 2020-12-31 16:55:03 +01:00 committed by GitHub
parent ede94354f3
commit 27afb1f9f0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 42 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
bundles/org.openhab.binding.http/src/main/java/org/openhab/binding/http/internal/HttpThingHandler.java
View File

@ -12,6 +12,7 @@
*/
package org.openhab.binding.http.internal;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.*;
@ -302,10 +303,10 @@ public class HttpThingHandler extends BaseThingHandler {
private void sendHttpValue(String commandUrl, String command, boolean isRetry) {
try {
// format URL
URI finalUrl = new URI(String.format(commandUrl, new Date(), command));
URI uri = Util.uriFromString(String.format(commandUrl, new Date(), command));
// build request
Request request = httpClient.newRequest(finalUrl).timeout(config.timeout, TimeUnit.MILLISECONDS)
Request request = httpClient.newRequest(uri).timeout(config.timeout, TimeUnit.MILLISECONDS)
.method(config.commandMethod);
if (config.commandMethod != HttpMethod.GET) {
final String contentType = config.contentType;
@ -326,30 +327,30 @@ public class HttpThingHandler extends BaseThingHandler {
});
if (logger.isTraceEnabled()) {
logger.trace("Sending to '{}': {}", finalUrl, Util.requestToLogString(request));
logger.trace("Sending to '{}': {}", uri, Util.requestToLogString(request));
}
CompletableFuture<@Nullable Content> f = new CompletableFuture<>();
f.exceptionally(e -> {
if (e instanceof HttpAuthException) {
if (isRetry) {
logger.warn("Retry after authentication failure failed again for '{}', failing here", finalUrl);
logger.warn("Retry after authentication failure failed again for '{}', failing here", uri);
} else {
AuthenticationStore authStore = httpClient.getAuthenticationStore();
Authentication.Result authResult = authStore.findAuthenticationResult(finalUrl);
Authentication.Result authResult = authStore.findAuthenticationResult(uri);
if (authResult != null) {
authStore.removeAuthenticationResult(authResult);
logger.debug("Cleared authentication result for '{}', retrying immediately", finalUrl);
logger.debug("Cleared authentication result for '{}', retrying immediately", uri);
sendHttpValue(commandUrl, command, true);
} else {
logger.warn("Could not find authentication result for '{}', failing here", finalUrl);
logger.warn("Could not find authentication result for '{}', failing here", uri);
}
}
}
return null;
});
request.send(new HttpResponseListener(f, null, config.bufferSize));
} catch (IllegalArgumentException | URISyntaxException e) {
} catch (IllegalArgumentException | URISyntaxException | MalformedURLException e) {
logger.warn("Creating request for '{}' failed: {}", commandUrl, e.getMessage());
}
}

22
bundles/org.openhab.binding.http/src/main/java/org/openhab/binding/http/internal/Util.java
View File

@ -12,6 +12,7 @@
*/
package org.openhab.binding.http.internal;
import java.net.*;
import java.nio.charset.StandardCharsets;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
@ -23,13 +24,18 @@ import org.eclipse.jetty.http.HttpField;
/**
* The {@link Util} is a utility class
* channels
*
* @author Jan N. Klug - Initial contribution
*/
@NonNullByDefault
public class Util {
/**
* create a log string from a {@link org.eclipse.jetty.client.api.Request}
*
* @param request the request to log
* @return the string representing the request
*/
public static String requestToLogString(Request request) {
ContentProvider contentProvider = request.getContent();
String contentString = contentProvider == null ? "null"
@ -41,4 +47,18 @@ public class Util {
return logString;
}
/**
* create an URI from a string, escaping all necessary characters
*
* @param s the URI as unescaped string
* @return URI correspondign to the input string
* @throws MalformedURLException
* @throws URISyntaxException
*/
public static URI uriFromString(String s) throws MalformedURLException, URISyntaxException {
URL url = new URL(s);
return new URI(url.getProtocol(), url.getUserInfo(), IDN.toASCII(url.getHost()), url.getPort(), url.getPath(),
url.getQuery(), url.getRef());
}
}

27
bundles/org.openhab.binding.http/src/main/java/org/openhab/binding/http/internal/http/RefreshingUrlCache.java
View File

@ -12,8 +12,7 @@
*/
package org.openhab.binding.http.internal.http;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.*;
import java.util.Date;
import java.util.List;
import java.util.Optional;
@ -76,11 +75,10 @@ public class RefreshingUrlCache {
// format URL
try {
URI finalUrl = new URI(String.format(this.url, new Date()));
URI uri = Util.uriFromString(String.format(this.url, new Date()));
logger.trace("Requesting refresh (retry={}) from '{}' with timeout {}ms", isRetry, uri, timeout);
logger.trace("Requesting refresh (retry={}) from '{}' with timeout {}ms", isRetry, finalUrl, timeout);
httpClient.newRequest(finalUrl).thenAccept(request -> {
httpClient.newRequest(uri).thenAccept(request -> {
request.timeout(timeout, TimeUnit.MILLISECONDS);
headers.forEach(header -> {
@ -96,17 +94,16 @@ public class RefreshingUrlCache {
response.exceptionally(e -> {
if (e instanceof HttpAuthException) {
if (isRetry) {
logger.warn("Retry after authentication failure failed again for '{}', failing here",
finalUrl);
logger.warn("Retry after authentication failure failed again for '{}', failing here", uri);
} else {
AuthenticationStore authStore = httpClient.getAuthenticationStore();
Authentication.Result authResult = authStore.findAuthenticationResult(finalUrl);
Authentication.Result authResult = authStore.findAuthenticationResult(uri);
if (authResult != null) {
authStore.removeAuthenticationResult(authResult);
logger.debug("Cleared authentication result for '{}', retrying immediately", finalUrl);
logger.debug("Cleared authentication result for '{}', retrying immediately", uri);
refresh(true);
} else {
logger.warn("Could not find authentication result for '{}', failing here", finalUrl);
logger.warn("Could not find authentication result for '{}', failing here", uri);
}
}
}
@ -114,19 +111,19 @@ public class RefreshingUrlCache {
}).thenAccept(this::processResult);
if (logger.isTraceEnabled()) {
logger.trace("Sending to '{}': {}", finalUrl, Util.requestToLogString(request));
logger.trace("Sending to '{}': {}", uri, Util.requestToLogString(request));
}
request.send(new HttpResponseListener(response, fallbackEncoding, bufferSize));
}).exceptionally(e -> {
if (e instanceof CancellationException) {
logger.debug("Request to URL {} was cancelled by thing handler.", finalUrl);
logger.debug("Request to URL {} was cancelled by thing handler.", uri);
} else {
logger.warn("Request to URL {} failed: {}", finalUrl, e.getMessage());
logger.warn("Request to URL {} failed: {}", uri, e.getMessage());
}
return null;
});
} catch (IllegalArgumentException | URISyntaxException e) {
} catch (IllegalArgumentException | URISyntaxException | MalformedURLException e) {
logger.warn("Creating request for '{}' failed: {}", url, e.getMessage());
}
}