From de2600c0d98e5dfe50556566927e7f27daff6a8f Mon Sep 17 00:00:00 2001 From: Dan Caseley Date: Sat, 2 Jul 2022 17:30:33 +0100 Subject: [PATCH] WIP: Simple fixes following review --- .../openfire/plugin/rest/AuthFilter.java | 28 ++++++---- .../plugin/rest/entity/GroupEntity.java | 19 +++---- .../plugin/rest/entity/MUCRoomEntity.java | 51 +++++++++---------- .../plugin/rest/utils/LoggingUtils.java | 6 ++- 4 files changed, 54 insertions(+), 50 deletions(-) diff --git a/src/java/org/jivesoftware/openfire/plugin/rest/AuthFilter.java b/src/java/org/jivesoftware/openfire/plugin/rest/AuthFilter.java index b6bd5597e..b767d0cf2 100644 --- a/src/java/org/jivesoftware/openfire/plugin/rest/AuthFilter.java +++ b/src/java/org/jivesoftware/openfire/plugin/rest/AuthFilter.java @@ -86,16 +86,7 @@ public void filter(ContainerRequestContext containerRequest) throws IOException if (!plugin.getAllowedIPs().isEmpty()) { // Get client's IP address - String ipAddress = httpRequest.getHeader("x-forwarded-for"); - if (ipAddress == null) { - ipAddress = httpRequest.getHeader("X_FORWARDED_FOR"); - if (ipAddress == null) { - ipAddress = httpRequest.getHeader("X-Forward-For"); - if (ipAddress == null) { - ipAddress = httpRequest.getRemoteAddr(); - } - } - } + String ipAddress = getClientIPAddressForRequest(httpRequest); if (!plugin.getAllowedIPs().contains(ipAddress)) { LOG.warn("REST API rejected service for IP address: " + ipAddress); throw new WebApplicationException(Status.UNAUTHORIZED); @@ -106,7 +97,8 @@ public void filter(ContainerRequestContext containerRequest) throws IOException String auth = containerRequest.getHeaderString("authorization"); if (auth == null) { - LOG.warn("REST API request with no Authorization header rejected"); + LOG.warn("REST API request with no Authorization header rejected. [Request IP: {}, Request URI: {}]", + getClientIPAddressForRequest(httpRequest), containerRequest.getUriInfo().getRequestUri()); throw new WebApplicationException(Status.UNAUTHORIZED); } @@ -153,4 +145,18 @@ private boolean isStatusEndpoint(String path){ path.equals("/plugins/restapi/v1/system/readiness") || path.startsWith("/plugins/restapi/v1/system/readiness/"); } + + private String getClientIPAddressForRequest(HttpServletRequest request) { + String ipAddress = request.getHeader("x-forwarded-for"); + if (ipAddress == null) { + ipAddress = request.getHeader("X_FORWARDED_FOR"); + if (ipAddress == null) { + ipAddress = request.getHeader("X-Forward-For"); + if (ipAddress == null) { + ipAddress = request.getRemoteAddr(); + } + } + } + return ipAddress; + } } diff --git a/src/java/org/jivesoftware/openfire/plugin/rest/entity/GroupEntity.java b/src/java/org/jivesoftware/openfire/plugin/rest/entity/GroupEntity.java index df4a52a89..b54b70981 100644 --- a/src/java/org/jivesoftware/openfire/plugin/rest/entity/GroupEntity.java +++ b/src/java/org/jivesoftware/openfire/plugin/rest/entity/GroupEntity.java @@ -19,11 +19,7 @@ import com.fasterxml.jackson.annotation.JsonProperty; import io.swagger.v3.oas.annotations.media.ArraySchema; import io.swagger.v3.oas.annotations.media.Schema; -import org.glassfish.jersey.internal.guava.MoreObjects; -import org.jivesoftware.util.StringUtils; - import java.util.List; -import java.util.Optional; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlElementWrapper; @@ -178,14 +174,13 @@ public void setMembers(List members) { @Override public String toString() { - return MoreObjects.toStringHelper(this) - .add("name", this.name) - .add("description", this.description) - .add( "admins", this.admins) - .add("members", this.members) - .add("shared", this.shared) - .toString(); - + return "GroupEntity [" + + "name='" + name + + ", description='" + description + + ", admins=" + admins + + ", members=" + members + + ", shared=" + shared + + "]"; } } diff --git a/src/java/org/jivesoftware/openfire/plugin/rest/entity/MUCRoomEntity.java b/src/java/org/jivesoftware/openfire/plugin/rest/entity/MUCRoomEntity.java index 1e90f3a4d..86e95a170 100644 --- a/src/java/org/jivesoftware/openfire/plugin/rest/entity/MUCRoomEntity.java +++ b/src/java/org/jivesoftware/openfire/plugin/rest/entity/MUCRoomEntity.java @@ -18,7 +18,6 @@ import com.fasterxml.jackson.annotation.JsonProperty; import io.swagger.v3.oas.annotations.media.Schema; -import org.glassfish.jersey.internal.guava.MoreObjects; import org.xmpp.packet.JID; import java.util.Date; @@ -366,30 +365,30 @@ public void setAdminGroups(List adminGroups) { @Override public String toString() { - return MoreObjects.toStringHelper(this) - .add("roomName", roomName) - .add("description", description) - .add("persistent", persistent) - .add("publicRoom", publicRoom) - .add("registrationEnabled", registrationEnabled) - .add("canAnyoneDiscoverJID", canAnyoneDiscoverJID) - .add("canOccupantsChangeSubject", canOccupantsChangeSubject) - .add("canOccupantsInvite", canOccupantsInvite) - .add("canChangeNickname", canChangeNickname) - .add("logEnabled", logEnabled) - .add("loginRestrictedToNickname", loginRestrictedToNickname) - .add("membersOnly", membersOnly) - .add("moderated", moderated) - .add("broadcastPresenceRoles", broadcastPresenceRoles) - .add("owners", owners) - .add("ownerGroups", ownerGroups) - .add("members", members) - .add("memberGroups", memberGroups) - .add("outcasts", outcasts) - .add("outcastGroups", outcastGroups) - .add("admins", admins) - .add("adminGroups", adminGroups) - .toString(); + return "MUCRoomEntity [" + + "roomName=" + roomName + + ", naturalName=" + naturalName + + ", description=" + description + + ", persistent=" + persistent + + ", publicRoom=" + publicRoom + + ", canAnyoneDiscoverJID=" + canAnyoneDiscoverJID + + ", canOccupantsChangeSubject=" + canOccupantsChangeSubject + + ", canOccupantsInvite=" + canOccupantsInvite + + ", canChangeNickname=" + canChangeNickname + + ", logEnabled=" + logEnabled + + ", loginRestrictedToNickname=" + loginRestrictedToNickname + + ", membersOnly=" + membersOnly + + ", moderated=" + moderated + + ", registrationEnabled=" + registrationEnabled + + ", broadcastPresenceRoles=" + broadcastPresenceRoles + + ", owners=" + owners + + ", ownerGroups=" + ownerGroups + + ", members=" + members + + ", memberGroups=" + memberGroups + + ", outcasts=" + outcasts + + ", outcastGroups=" + outcastGroups + + ", admins=" + admins + + ", adminGroups=" + adminGroups + + "]"; } - } diff --git a/src/java/org/jivesoftware/openfire/plugin/rest/utils/LoggingUtils.java b/src/java/org/jivesoftware/openfire/plugin/rest/utils/LoggingUtils.java index 4c876d9d4..aa789caf0 100644 --- a/src/java/org/jivesoftware/openfire/plugin/rest/utils/LoggingUtils.java +++ b/src/java/org/jivesoftware/openfire/plugin/rest/utils/LoggingUtils.java @@ -16,6 +16,7 @@ package org.jivesoftware.openfire.plugin.rest.utils; +import org.eclipse.jetty.util.log.Log; import org.jivesoftware.openfire.plugin.rest.RESTServicePlugin; import org.jivesoftware.util.JiveGlobals; import org.slf4j.Logger; @@ -25,6 +26,7 @@ public class LoggingUtils { private static final Logger AUDIT_LOG = LoggerFactory.getLogger("RestAPI-Plugin-Audit"); + private static final Logger LOG = LoggerFactory.getLogger(LoggingUtils.class); public enum AuditEvent { //Clustering @@ -116,7 +118,9 @@ private static String getCaller() { } return element.getClassName() + "." + element.getMethodName(); } - } catch (Exception ignored) {} + } catch (Exception e) { + LOG.error("Unable to get caller of the logger. This should be impossible.", e); + } return "unknown"; } }