fixed URI and paths normalization

src/main/java/com/erudika/scoold/controllers/PeopleController.java

@@ -82,7 +82,7 @@ public String get(@PathVariable(required = false) String tag,
 		if (!utils.isDefaultSpacePublic() && !utils.isAuthenticated(req)) {
 			return "redirect:" + SIGNINLINK + "?returnto=" + PEOPLELINK;
 		}
-		if (req.getRequestURI().endsWith("/bulk-edit")) {
+		if (req.getServletPath().endsWith("/bulk-edit")) {
 			return "redirect:" + PEOPLELINK + "?bulkedit=true";
 		}
 		Profile authUser = utils.getAuthUser(req);

src/main/java/com/erudika/scoold/controllers/QuestionController.java

@@ -102,7 +102,7 @@ public String get(@PathVariable String id, @PathVariable(required = false) Strin
 		Profile authUser = utils.getAuthUser(req);
 		if (!utils.canAccessSpace(authUser, showPost.getSpace())) {
 			return "redirect:" + (utils.isDefaultSpacePublic() || utils.isAuthenticated(req) ?
-					QUESTIONSLINK : SIGNINLINK + "?returnto=" + req.getRequestURI());
+					QUESTIONSLINK : SIGNINLINK + "?returnto=" + req.getServletPath());
 		} else if (!utils.isDefaultSpace(showPost.getSpace()) && pc.read(utils.getSpaceId(showPost.getSpace())) == null) {
 			showPost.setSpace(Post.DEFAULT_SPACE);
 			pc.update(showPost);
@@ -159,7 +159,7 @@ public String edit(@PathVariable String id, @RequestParam(required = false) Stri
 				res.setStatus(400);
 				return "blank";
 			} else {
-				return "redirect:" + req.getRequestURI(); // + "/edit-post-12345" ?
+				return "redirect:" + req.getServletPath(); // + "/edit-post-12345" ?
 			}
 		}
 		boolean isQuestion = !showPost.isReply();
@@ -298,7 +298,7 @@ public String approve(@PathVariable String id, @PathVariable String answerid, Ht
 		Post showPost = pc.read(id);
 		Profile authUser = utils.getAuthUser(req);
 		if (!utils.canEdit(showPost, authUser) || showPost == null) {
-			return "redirect:" + req.getRequestURI();
+			return "redirect:" + req.getServletPath();
 		}
 		if (answerid != null && utils.canApproveReply(showPost, authUser)) {
 			Reply answer = (Reply) pc.read(answerid);
@@ -343,7 +343,7 @@ public String close(@PathVariable String id, HttpServletRequest req) {
 		Post showPost = pc.read(id);
 		Profile authUser = utils.getAuthUser(req);
 		if (showPost == null) {
-			return "redirect:" + req.getRequestURI();
+			return "redirect:" + req.getServletPath();
 		}
 		if (utils.isMod(authUser) && !showPost.isReply()) {
 			if (showPost.isClosed()) {
@@ -363,7 +363,7 @@ public String makeComment(@PathVariable String id, @PathVariable String answerid
 		Post answer = pc.read(answerid);
 		Profile authUser = utils.getAuthUser(req);
 		if (question == null || answer == null) {
-			return "redirect:" + req.getRequestURI();
+			return "redirect:" + req.getServletPath();
 		}
 		if (utils.isMod(authUser) && answer.isReply()) {
 			Profile author = pc.read(answer.getCreatorid());
@@ -389,7 +389,7 @@ public String restore(@PathVariable String id, @PathVariable String revisionid,
 		Post showPost = pc.read(id);
 		Profile authUser = utils.getAuthUser(req);
 		if (!utils.canEdit(showPost, authUser) || showPost == null) {
-			return "redirect:" + req.getRequestURI();
+			return "redirect:" + req.getServletPath();
 		}
 		if (utils.canEdit(showPost, authUser)) {
 			utils.addBadgeAndUpdate(authUser, Badge.BACKINTIME, true);
@@ -404,7 +404,7 @@ public String delete(@PathVariable String id, HttpServletRequest req, Model mode
 		Profile authUser = utils.getAuthUser(req);
 		if (!utils.canEdit(showPost, authUser) || showPost == null) {
 			model.addAttribute("post", showPost);
-			return "redirect:" + req.getRequestURI();
+			return "redirect:" + req.getServletPath();
 		}
 		if (!showPost.isReply()) {
 			if ((utils.isMine(showPost, authUser) && utils.canDelete(showPost, authUser)) || utils.isMod(authUser)) {
@@ -433,7 +433,7 @@ public String deprecate(@PathVariable String id, HttpServletRequest req) {
 		Post showPost = pc.read(id);
 		Profile authUser = utils.getAuthUser(req);
 		if (!utils.canEdit(showPost, authUser) || showPost == null) {
-			return "redirect:" + req.getRequestURI();
+			return "redirect:" + req.getServletPath();
 		}
 		if (utils.canEdit(showPost, authUser)) {
 			showPost.setDeprecated(!showPost.getDeprecated());
@@ -449,7 +449,7 @@ public String merge(@PathVariable String id, @RequestParam String id2, HttpServl
 		Profile authUser = utils.getAuthUser(req);
 		if (!(utils.canEdit(showPost, authUser) && utils.canEdit(targetPost, authUser)) || showPost == null ||
 				targetPost == null || showPost.isReply() || targetPost.isReply() || showPost.equals(targetPost)) {
-			return "redirect:" + req.getRequestURI();
+			return "redirect:" + req.getServletPath();
 		}
 		if (utils.canEdit(showPost, authUser) && utils.canEdit(targetPost, authUser)) {
 			if (CONF.mergeQuestionBodies()) {

src/main/java/com/erudika/scoold/controllers/QuestionsController.java

@@ -102,7 +102,7 @@ public String getAlias(@PathVariable String id, @PathVariable(required = false)
 	@GetMapping("/questions/tag/{tag}")
 	public String getTagged(@PathVariable String tag, HttpServletRequest req, Model model) {
 		if (!utils.isDefaultSpacePublic() && !utils.isAuthenticated(req)) {
-			return "redirect:" + SIGNINLINK + "?returnto=" + req.getRequestURI();
+			return "redirect:" + SIGNINLINK + "?returnto=" + req.getServletPath();
 		}
 		Pager itemcount = utils.getPager("page", req);
 		List<Question> questionslist = Collections.emptyList();
@@ -162,7 +162,7 @@ public void getSimilarAjax(@PathVariable String like, HttpServletRequest req, Ht
 	@GetMapping({"/questions/favtags", "/questions/local"})
 	public String getSorted(@RequestParam(required = false) String sortby, HttpServletRequest req, Model model) {
 		if (!utils.isDefaultSpacePublic() && !utils.isAuthenticated(req)) {
-			return "redirect:" + SIGNINLINK + "?returnto=" + req.getRequestURI();
+			return "redirect:" + SIGNINLINK + "?returnto=" + req.getServletPath();
 		}
 		getQuestions(sortby, req.getServletPath().endsWith("/favtags") ? "favtags" : "local", req, model);
 		model.addAttribute("path", "questions.vm");

src/main/java/com/erudika/scoold/utils/ScooldRequestInterceptor.java

@@ -108,7 +108,7 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response,
 		modelAndView.addObject("includeHighlightJS", CONF.codeHighlightingEnabled());
 		modelAndView.addObject("isAjaxRequest", utils.isAjaxRequest(request));
 		modelAndView.addObject("reportTypes", ReportType.values());
-		modelAndView.addObject("returnto", StringUtils.removeStart(request.getRequestURI(), CONF.serverContextPath()));
+		modelAndView.addObject("returnto", StringUtils.removeStart(request.getServletPath(), CONF.serverContextPath()));
 		modelAndView.addObject("rev", StringUtils.substring(Utils.md5(Version.getVersion() + CONF.paraSecretKey()), 0, 12));
 		// Configurable constants
 		modelAndView.addObject("MAX_PAGES", CONF.maxPages());

src/main/java/com/erudika/scoold/utils/ScooldUtils.java

@@ -283,7 +283,7 @@ public ParaObject checkAuth(HttpServletRequest req, HttpServletResponse res) thr
 		String jwt = HttpUtils.getStateParam(CONF.authCookie(), req);
 		if (isApiRequest(req)) {
 			return checkApiAuth(req);
-		} else if (jwt != null && !StringUtils.endsWithAny(req.getRequestURI(),
+		} else if (jwt != null && !StringUtils.endsWithAny(req.getServletPath(),
 				".js", ".css", ".svg", ".png", ".jpg", ".ico", ".gif", ".woff2", ".woff", "people/avatar", "/two-factor")) {
 			User u = pc.me(jwt);
 			if (u != null && isEmailDomainApproved(u.getEmail())) {
@@ -311,15 +311,15 @@ public ParaObject checkAuth(HttpServletRequest req, HttpServletResponse res) thr
 	}
 
 	private ParaObject checkApiAuth(HttpServletRequest req) {
-		if (req.getRequestURI().equals(CONF.serverContextPath() + "/api")) {
+		if (req.getServletPath().equals(CONF.serverContextPath() + "/api")) {
 			return null;
 		}
 		String apiKeyJWT = StringUtils.removeStart(req.getHeader(HttpHeaders.AUTHORIZATION), "Bearer ");
-		if (req.getRequestURI().equals(CONF.serverContextPath() + "/api/ping")) {
+		if (req.getServletPath().equals(CONF.serverContextPath() + "/api/ping")) {
 			return API_USER;
-		} else if (req.getRequestURI().equals(CONF.serverContextPath() + "/api/stats") && isValidJWToken(apiKeyJWT)) {
+		} else if (req.getServletPath().equals(CONF.serverContextPath() + "/api/stats") && isValidJWToken(apiKeyJWT)) {
 			return API_USER;
-		} else if (req.getRequestURI().startsWith(CONF.serverContextPath() + "/api/config") && isValidJWToken(apiKeyJWT)) {
+		} else if (req.getServletPath().startsWith(CONF.serverContextPath() + "/api/config") && isValidJWToken(apiKeyJWT)) {
 			return API_USER;
 		} else if (!isApiEnabled() || StringUtils.isBlank(apiKeyJWT) || !isValidJWToken(apiKeyJWT)) {
 			throw new UnauthorizedException();
@@ -1288,7 +1288,7 @@ public boolean isAjaxRequest(HttpServletRequest req) {
 	}
 
 	public boolean isApiRequest(HttpServletRequest req) {
-		return req.getRequestURI().startsWith(CONF.serverContextPath() + "/api/") || req.getRequestURI().equals(CONF.serverContextPath() + "/api");
+		return req.getServletPath().startsWith(CONF.serverContextPath() + "/api/") || req.getServletPath().equals(CONF.serverContextPath() + "/api");
 	}
 
 	public boolean isAdmin(Profile authUser) {
@@ -1352,7 +1352,7 @@ public String getWelcomeMessageOnLogin(Profile authUser) {
 	}
 
 	public String getWelcomeMessagePreLogin(Profile authUser, HttpServletRequest req) {
-		if (StringUtils.startsWithIgnoreCase(req.getRequestURI(), CONF.serverContextPath() + SIGNINLINK)) {
+		if (StringUtils.startsWithIgnoreCase(req.getServletPath(), CONF.serverContextPath() + SIGNINLINK)) {
 			return authUser == null ? CONF.welcomeMessagePreLogin().replaceAll("'", "'") : "";
 		}
 		return "";