From 9ccbb61cf24d35196d1cf1334fb350afd4d01c8d Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 28 Feb 2023 09:01:48 +0100 Subject: fix(matching): remove HTML escapetion from address-search Reason: special characters are requiered in plain text --- .../ReceiveAustrianResidenceGuiResponseTask.java | 6 +++-- ...eceiveAustrianResidenceGuiResponseTaskTest.java | 27 ++++++++++++++++++++++ 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java index 09b90a1d..b6b03d40 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java @@ -28,13 +28,14 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.CONTEXT import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK; import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK; +import java.net.URLDecoder; +import java.nio.charset.StandardCharsets; import java.util.Enumeration; import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; import org.jetbrains.annotations.NotNull; import org.springframework.stereotype.Component; @@ -222,7 +223,8 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractLocaleAuthS AdresssucheOutputBuilder resultBuilder = AdresssucheOutput.builder(); while (reqParamNames.hasMoreElements()) { final String paramName = reqParamNames.nextElement(); - String escaped = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); + + String escaped = URLDecoder.decode(request.getParameter(paramName), StandardCharsets.UTF_8); if (AdresssucheController.PARAM_MUNIPICALITY.equalsIgnoreCase(paramName)) { resultBuilder.municipality(escaped); diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAustrianResidenceGuiResponseTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAustrianResidenceGuiResponseTaskTest.java index 581dee0d..64fbf44b 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAustrianResidenceGuiResponseTaskTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAustrianResidenceGuiResponseTaskTest.java @@ -176,6 +176,33 @@ public class ReceiveAustrianResidenceGuiResponseTaskTest { } + @Test + public void exactlyOneRegisterResult_SpecialCharacters() throws Exception { + + AdresssucheOutput userInput = new AdresssucheOutput( + RandomStringUtils.randomAlphabetic(8), + "Peilstein im Mühlviertel", + "äöüÄÖÜß", + RandomStringUtils.randomAlphabetic(8), + RandomStringUtils.randomAlphabetic(8)); + setHttpParameters(userInput); + + SimpleEidasData eidasData = setupEidasData(); + RegisterStatusResults registerSearchResult = buildResultWithOneMatch(buildMatchingRegisterResult( + eidasData)); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, registerSearchResult); + mockRegisterSearch(userInput, registerSearchResult, eidasData); + + task.execute(pendingReq, executionContext); + + // validate state + assertNull("Transition To S9", executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK)); + MatchedPersonResult matchingResult = MatchingTaskUtils.getFinalMatchingResult(pendingReq); + assertNotNull("no final matching result", matchingResult); + validateMatchedPerson(matchingResult, registerSearchResult); + + } + @Test public void exactlyOneRegisterResult_UpdateRequired() throws Exception { AdresssucheOutput userInput = setupUserInput(); -- cgit v1.2.3