Fix #200

dewmini · dewmini · commit 51540486dc8f · 2024-07-24T11:32:18.000+10:00
diff --git a/userdetails-cognito/src/main/groovy/au/org/ala/userdetails/CognitoApplicationService.groovy b/userdetails-cognito/src/main/groovy/au/org/ala/userdetails/CognitoApplicationService.groovy
@@ -14,7 +14,9 @@ import com.amazonaws.services.dynamodbv2.model.AttributeValue
 import com.amazonaws.services.dynamodbv2.model.DeleteItemRequest
 import com.amazonaws.services.dynamodbv2.model.PutItemRequest
 import com.amazonaws.services.dynamodbv2.model.QueryRequest
+import groovy.util.logging.Slf4j
 
+@Slf4j
 class CognitoApplicationService implements IApplicationService {
 
     IUserService userService
@@ -153,14 +155,20 @@ class CognitoApplicationService implements IApplicationService {
             request.callbackURLs.addAll(tokensCallbackURLs)
         }
 
-        CreateUserPoolClientResult response = cognitoIdp.createUserPoolClient(request)
+        try {
+            CreateUserPoolClientResult response = cognitoIdp.createUserPoolClient(request)
 
-        if (isSuccessful(response)) {
-            def clientId = response.userPoolClient.clientId
-            addClientIdForUser(userId, clientId)
-            return userPoolClientToApplication(response.userPoolClient)
-        } else {
-            throw new RuntimeException("Could not generate client")
+            if (isSuccessful(response)) {
+                def clientId = response.userPoolClient.clientId
+                addClientIdForUser(userId, clientId)
+                return userPoolClientToApplication(response.userPoolClient)
+            } else {
+                throw new RuntimeException("Could not generate client")
+            }
+        }
+        catch (Exception e) {
+            log.error(e.getMessage(), e)
+            throw new RuntimeException("Could not create client")
         }
     }
 
@@ -200,9 +208,15 @@ class CognitoApplicationService implements IApplicationService {
             request.callbackURLs.addAll(tokensCallbackURLs)
         }
 
-        def response = cognitoIdp.updateUserPoolClient(request)
-        if (!isSuccessful(response)) {
-            throw new RuntimeException("Could not update client $applicationRecord.clientId")
+        try {
+            def response = cognitoIdp.updateUserPoolClient(request)
+            if (!isSuccessful(response)) {
+                throw new RuntimeException("Could not update client $applicationRecord.clientId")
+            }
+        }
+        catch (Exception e) {
+            log.error(e.getMessage(), e)
+            throw new RuntimeException("Could not update client")
         }
     }
 
diff --git a/userdetails-plugin/grails-app/views/profile/_applicationForm.gsp b/userdetails-plugin/grails-app/views/profile/_applicationForm.gsp
@@ -118,24 +118,38 @@
     function addCallback() {
         let $callback = $('#callbacks');
 
-        if (!$callback[0].checkValidity()) {
-            alert('not a valid url');
+        if (isValidUrl($callback[0].value)) {
+            let value = $callback.val();
+            $callback.val('');
+
+            let $callbacks = $('#callback-list');
+            let length = $callbacks.children('input').length;
+
+            let span = $('<span></span>', {class: 'tag label label-default', 'data-index': length});
+            let innerSpan = $('<span></span>', {text: value});
+            let button = $('<a></a>', {'data-index': length, role: 'button', class: 'btn btn-danger delete'}).append('<i class="fa fa-trash"></i>');
+            let input = $('<input></input>', {value: value, 'data-index': length, type: 'hidden', name: 'callbacks'});
+
+            span.append(innerSpan);
+            span.append(button);
+            $callbacks.append(span);
+            $callbacks.append(input);
         }
-        let value = $callback.val();
-        $callback.val('');
-
-        let $callbacks = $('#callback-list');
-        let length = $callbacks.children('input').length;
-
-        let span = $('<span></span>', {class: 'tag label label-default', 'data-index': length});
-        let innerSpan = $('<span></span>', {text: value});
-        let button = $('<a></a>', {'data-index': length, role: 'button', class: 'btn btn-danger delete'}).append('<i class="fa fa-trash"></i>');
-        let input = $('<input></input>', {value: value, 'data-index': length, type: 'hidden', name: 'callbacks'});
+    }
 
-        span.append(innerSpan);
-        span.append(button);
-        $callbacks.append(span);
-        $callbacks.append(input);
+    function isValidUrl(string) {
+      try {
+        const newUrl = new URL(string);
+        let ifCognito = "${grailsApplication.config.getProperty('userdetails.cognito.auth', boolean, false)}"
+        if (ifCognito && newUrl.protocol === 'http:' && newUrl.hostname !== 'localhost') {
+          alert('Not a valid http url. HTTPS is required over HTTP, except for http://localhost. Additionally, app callback URLs like myapp://example are supported.');
+          return false;
+        }
+        return true;
+      } catch (err) {
+         alert('Not a valid url.');
+         return false;
+      }
     }
 
     function removeCallback(i) {
diff --git a/userdetails-plugin/grails-app/views/profile/applications.gsp b/userdetails-plugin/grails-app/views/profile/applications.gsp
@@ -247,7 +247,7 @@
             addCallbackToForm($callbacks, callbacks, i, true);
         }
 
-        $('input.callbacks').val('');
+        $('#callbacks').val('');
 
         let url = '<g:createLink controller="profile" action="updateClient" id="clientId"/>'.replace('clientId', data.clientId);
         $('#modal-save-form').validationEngine('attach', { scroll: false });
@@ -260,13 +260,16 @@
                 let $saveButtonContent = $saveButton.content;
                 $saveButton.html('<i class="fa fa-spinner"></i>');
                 setModalButtonsDisabled(true);
+                $('#callbacks').val('');
                 $.post(
                     url,
                     $(this).serialize()
                 ).done(function(data) {
                     refreshAppTable();
                     $('#client-modal').modal('hide');
-                }).always(function() {
+                }).fail(function(data) {
+                    alert( "Error when updating the application ");
+                  }).always(function() {
                     $saveButton.html($saveButtonContent);
                     setModalButtonsDisabled(false);
                 });
@@ -292,6 +295,8 @@
         $callbacks.children().remove();
         addCallbackToForm($callbacks, ["http://localhost:8080/callback"], 0, false);
 
+        $('#callbacks').val('');
+
         let url = '<g:createLink controller="profile" action="generateClient" />';
         $('#modal-save-form').validationEngine('attach', { scroll: false });
         $("#modal-save-form").off('submit').on('submit', function (e) {
@@ -303,6 +308,7 @@
                 let $saveButtonContent = $saveButton.content;
                 $saveButton.html('<i class="fa fa-spinner"></i>');
                 setModalButtonsDisabled(true);
+                $('#callbacks').val('');
                 $.post(
                     url,
                     $(this).serialize()
@@ -314,7 +320,9 @@
                         showEditModal(data);
                         refreshAppTable();
                     }
-                }).always(function() {
+                }).fail(function(data) {
+                    alert( "Error when creating the application");
+                  }).always(function() {
                     $saveButton.html($saveButtonContent);
                     setModalButtonsDisabled(false);
                 });
