From d140efeaa939a6dff3182cdfd5f4f7ca87a6b5b1 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 7 Aug 2024 09:10:57 +0200
Subject: fix(core): add authURL validation on error-page rendering too

---
 .../idp/auth/services/ProtocolAuthenticationService.java | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'eaaf_core')

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index 65041c92..4ec9f028 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -518,11 +518,9 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
       @NonNull final HttpServletResponse httpResp, @NonNull final String msg, @NonNull final String errorCode,
       @Nullable final Object[] params, String externalErrorCode, IErrorService.IHandleData errorData)
       throws EaafException {
-
     try {
-      final IGuiBuilderConfiguration config = guiConfigFactory
-          .getDefaultErrorGui(HttpUtils.extractAuthUrlStringFromRequest(httpReq));
-
+      final IGuiBuilderConfiguration config = guiConfigFactory.getDefaultErrorGui(
+          getValidatedAuthUrl(httpReq));
       
       String[] errorCodeParams = null;
       if (params == null) {
@@ -628,4 +626,14 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 
   }
 
+  private String getValidatedAuthUrl(HttpServletRequest httpReq) {
+    try {
+      return authConfig.validateIdpUrl(HttpUtils.extractAuthUrlFromRequest(httpReq));
+
+    } catch (EaafException e) {
+      log.warn("Request URL validation failed. Does not use it", e);
+      return "not://defined";
+
+    }
+  }
 }
-- 
cgit v1.2.3