fix wrong OutOfScopeException detection

2025-11-13 00:45:44 +01:00 · 2019-10-22 11:23:34 +02:00
parent 52f471b5dd
commit 10fbf50263
2 changed files with 23 additions and 3 deletions
--- a/scm-webapp/src/main/java/sonia/scm/security/XsrfAccessTokenEnricher.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/XsrfAccessTokenEnricher.java
@@ -37,6 +37,7 @@ import javax.inject.Provider;
 import javax.servlet.http.HttpServletRequest;

 import com.google.inject.OutOfScopeException;
+import com.google.inject.ProvisionException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import sonia.scm.config.ScmConfiguration;
@@ -98,8 +99,12 @@ public class XsrfAccessTokenEnricher implements AccessTokenEnricher {
      } else {
        LOG.trace("skip xsrf enrichment, because jwt session is started from a non wui client");
      }
-    } catch (OutOfScopeException ex) {
+    } catch (ProvisionException ex) {
+      if (ex.getCause() instanceof OutOfScopeException) {
        LOG.trace("skip xsrf enrichment, because no request scope is available");
+      } else {
+        throw ex;
+      }
    }
    return false;
  }
--- a/scm-webapp/src/test/java/sonia/scm/security/XsrfAccessTokenEnricherTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/XsrfAccessTokenEnricherTest.java
@@ -31,6 +31,7 @@
 package sonia.scm.security;

 import com.google.inject.OutOfScopeException;
+import com.google.inject.ProvisionException;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
@@ -43,6 +44,7 @@ import sonia.scm.util.HttpUtil;
 import javax.inject.Provider;
 import javax.servlet.http.HttpServletRequest;

+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.Mockito.*;

 /**
@@ -73,7 +75,7 @@ class XsrfAccessTokenEnricherTest {
  void testWithoutRequestScope() {
    // prepare
    Provider<HttpServletRequest> requestProvider = mock(Provider.class);
-    when(requestProvider.get()).thenThrow(new OutOfScopeException("request scope is not available"));
+    when(requestProvider.get()).thenThrow(new ProvisionException("failed to provision", new OutOfScopeException("no request scope is available")));
    configuration.setEnabledXsrfProtection(true);
    XsrfAccessTokenEnricher enricher = createEnricher(requestProvider);

@@ -84,6 +86,19 @@ class XsrfAccessTokenEnricherTest {
    verify(builder, never()).custom(Xsrf.TOKEN_KEY, "42");
  }

+  @Test
+  @SuppressWarnings("unchecked")
+  void testWithProvisionException() {
+    // prepare
+    Provider<HttpServletRequest> requestProvider = mock(Provider.class);
+    when(requestProvider.get()).thenThrow(new ProvisionException("failed to provision"));
+    configuration.setEnabledXsrfProtection(true);
+    XsrfAccessTokenEnricher enricher = createEnricher(requestProvider);
+
+    // execute
+    assertThrows(ProvisionException.class, () -> enricher.enrich(builder));
+  }
+
  private XsrfAccessTokenEnricher createEnricher(Provider<HttpServletRequest> requestProvider) {
    return new XsrfAccessTokenEnricher(configuration, requestProvider) {
      @Override