From 46c4dc5e47f00a80dccf8b0f4194080202715368 Mon Sep 17 00:00:00 2001
From: hongwei <hongwei@tesobe.com>
Date: Wed, 22 Nov 2023 11:27:41 +0100
Subject: [PATCH 1/7] bugfix/seperate the web.xml for production and develop
 mode

---
 obp-api/pom.xml                         | 15 +++++-
 obp-api/src/main/webapp/WEB-INF/web.xml | 72 ++++++++++++-------------
 2 files changed, 50 insertions(+), 37 deletions(-)

diff --git a/obp-api/pom.xml b/obp-api/pom.xml
index 2ac5abb1ad..714d8986c2 100644
--- a/obp-api/pom.xml
+++ b/obp-api/pom.xml
@@ -13,7 +13,17 @@
   <artifactId>obp-api</artifactId>
   <packaging>war</packaging>
   <name>Open Bank Project API</name>
-
+  <properties>
+    <webXmlPath>src/main/webapp/WEB-INF/web.xml</webXmlPath>
+  </properties>
+  <profiles>
+    <profile>
+      <id>prod</id>
+      <properties>
+        <webXmlPath>src/main/resources/web.xml</webXmlPath>
+      </properties>
+    </profile>
+  </profiles>
   <pluginRepositories>
     <pluginRepository>
       <id>org.sonatype.oss.groups.public</id>
@@ -563,6 +573,9 @@
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-war-plugin</artifactId>
           <version>2.6</version>
+          <configuration>
+            <webXml>${webXmlPath}</webXml>
+          </configuration>
         </plugin>
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
diff --git a/obp-api/src/main/webapp/WEB-INF/web.xml b/obp-api/src/main/webapp/WEB-INF/web.xml
index cfb85e0874..16bd7588d3 100644
--- a/obp-api/src/main/webapp/WEB-INF/web.xml
+++ b/obp-api/src/main/webapp/WEB-INF/web.xml
@@ -1,42 +1,42 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
 
 <!DOCTYPE web-app
-PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
-"web-app_2_3.dtd">
+        PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+        "web-app_2_3.dtd">
 
 <web-app>
-<filter>
-  <filter-name>LiftFilter</filter-name>
-  <display-name>Lift Filter</display-name>
-  <description>The Filter that intercepts lift calls</description>
-  <filter-class>net.liftweb.http.LiftFilter</filter-class>
-</filter>
-  	
-
-<filter-mapping>
-  <filter-name>LiftFilter</filter-name>
-  <url-pattern>/*</url-pattern>
-</filter-mapping>
-
-<!--set  the status of HttpOnly and Secure cookie flags-->
-<session-config>
-  <cookie-config>
-    <secure>true</secure>
-    <http-only>true</http-only>
-  </cookie-config>
-</session-config>
-
-  
-<!-- H2 web console 
-<servlet>
-  <servlet-name>H2Console</servlet-name>
-  <servlet-class>org.h2.server.web.WebServlet</servlet-class>
-  <load-on-startup>0</load-on-startup>
-</servlet>
-<servlet-mapping>
-  <servlet-name>H2Console</servlet-name>
-  <url-pattern>/console/*</url-pattern>
-</servlet-mapping>
--->
-  
+    <filter>
+        <filter-name>LiftFilter</filter-name>
+        <display-name>Lift Filter</display-name>
+        <description>The Filter that intercepts lift calls</description>
+        <filter-class>net.liftweb.http.LiftFilter</filter-class>
+    </filter>
+
+
+    <filter-mapping>
+        <filter-name>LiftFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <!--set  the status of HttpOnly and Secure cookie flags-->
+    <!--<session-config>-->
+    <!--  <cookie-config>-->
+    <!--    <secure>true</secure>-->
+    <!--    <http-only>true</http-only>-->
+    <!--  </cookie-config>-->
+    <!--</session-config>-->
+
+
+    <!-- H2 web console 
+    <servlet>
+      <servlet-name>H2Console</servlet-name>
+      <servlet-class>org.h2.server.web.WebServlet</servlet-class>
+      <load-on-startup>0</load-on-startup>
+    </servlet>
+    <servlet-mapping>
+      <servlet-name>H2Console</servlet-name>
+      <url-pattern>/console/*</url-pattern>
+    </servlet-mapping>
+    -->
+
 </web-app>

From beef3806632046e566eaa88a816f8f6cd39ff107 Mon Sep 17 00:00:00 2001
From: hongwei <hongwei@tesobe.com>
Date: Wed, 22 Nov 2023 15:01:33 +0100
Subject: [PATCH 2/7] bugfix/separate the web.xml for production and develop
 mode-added the missing file

---
 .gitignore                         |  1 -
 obp-api/src/main/resources/web.xml | 42 ++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 obp-api/src/main/resources/web.xml

diff --git a/.gitignore b/.gitignore
index eeb1c2624d..85cb4bc55d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,7 +10,6 @@
 .project
 .cache
 target
-obp-api/src/main/resources/
 obp-api/src/test/resources/**
 !obp-api/src/test/resources/frozen_type_meta_data
 *.iml
diff --git a/obp-api/src/main/resources/web.xml b/obp-api/src/main/resources/web.xml
new file mode 100644
index 0000000000..5cc8b066d4
--- /dev/null
+++ b/obp-api/src/main/resources/web.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<!DOCTYPE web-app
+        PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+        "web-app_2_3.dtd">
+
+<web-app>
+    <filter>
+        <filter-name>LiftFilter</filter-name>
+        <display-name>Lift Filter</display-name>
+        <description>The Filter that intercepts lift calls</description>
+        <filter-class>net.liftweb.http.LiftFilter</filter-class>
+    </filter>
+
+
+    <filter-mapping>
+        <filter-name>LiftFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <!--set  the status of HttpOnly and Secure cookie flags-->
+    <session-config>
+        <cookie-config>
+            <secure>true</secure>
+            <http-only>true</http-only>
+        </cookie-config>
+    </session-config>
+
+
+    <!-- H2 web console 
+    <servlet>
+      <servlet-name>H2Console</servlet-name>
+      <servlet-class>org.h2.server.web.WebServlet</servlet-class>
+      <load-on-startup>0</load-on-startup>
+    </servlet>
+    <servlet-mapping>
+      <servlet-name>H2Console</servlet-name>
+      <url-pattern>/console/*</url-pattern>
+    </servlet-mapping>
+    -->
+
+</web-app>

From 15821d58c6476c6d221cdc2bfdc4edab6cd04683 Mon Sep 17 00:00:00 2001
From: hongwei <hongwei@tesobe.com>
Date: Wed, 22 Nov 2023 15:01:52 +0100
Subject: [PATCH 3/7] bugfix/separate the web.xml for production and develop
 mode-reverted the .gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 85cb4bc55d..eeb1c2624d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@
 .project
 .cache
 target
+obp-api/src/main/resources/
 obp-api/src/test/resources/**
 !obp-api/src/test/resources/frozen_type_meta_data
 *.iml

From fd1ac5b9f41074a4369a1fdda8671a67c59690ed Mon Sep 17 00:00:00 2001
From: hongwei <hongwei@tesobe.com>
Date: Wed, 22 Nov 2023 15:52:22 +0100
Subject: [PATCH 4/7] bugfix/separate the web.xml for production and develop -
 fixed the build_package.yml

---
 .github/workflows/build_package.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build_package.yml b/.github/workflows/build_package.yml
index 61c47c9603..36d2e4951e 100644
--- a/.github/workflows/build_package.yml
+++ b/.github/workflows/build_package.yml
@@ -72,7 +72,7 @@ jobs:
           echo ResetPasswordUrlEnabled=true >> obp-api/src/main/resources/props/test.default.props
 
           echo consents.allowed=true >> obp-api/src/main/resources/props/test.default.props
-          MAVEN_OPTS="-Xmx3G -Xss2m" mvn package
+          MAVEN_OPTS="-Xmx3G -Xss2m" mvn clean package -Pprod
       - name: Build the Docker image
         run: |
           echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io

From 92e12f12d4bb6006e2265da0b4daaa1a3f302cb2 Mon Sep 17 00:00:00 2001
From: Simon Redfern <simon@tesobe.com>
Date: Thu, 23 Nov 2023 12:29:44 +0100
Subject: [PATCH 5/7] Tweaking debug messages for ObpS param validation

---
 obp-api/src/main/scala/code/util/Helper.scala | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/obp-api/src/main/scala/code/util/Helper.scala b/obp-api/src/main/scala/code/util/Helper.scala
index 55f359d4a1..cb09e79c7a 100644
--- a/obp-api/src/main/scala/code/util/Helper.scala
+++ b/obp-api/src/main/scala/code/util/Helper.scala
@@ -485,7 +485,7 @@ object Helper extends Loggable {
             result.asInstanceOf[Box[String]].filter(APIUtil.checkMediumString(_)==SILENCE_IS_GOLDEN)
           }
         if(resultAfterChecked.isEmpty) { 
-          logger.debug(s"ObpS.${methodName} validation failed. The input key is: ${if (args.length>0)args.apply(0) else ""}, value is:$result")
+          logger.debug(s"ObpS.${methodName} validation failed. (resultAfterChecked.isEmpty A) The input key is: ${if (args.length>0)args.apply(0) else ""}, value is:$result")
         }
         resultAfterChecked
       } else if (methodName.equals("uri") && result.isInstanceOf[String]){
@@ -493,14 +493,14 @@ object Helper extends Loggable {
         if(resultAfterChecked.isDefined) {
           resultAfterChecked.head
         }else{
-          logger.debug(s"ObpS.${methodName} validation failed. The value is:$result")
+          logger.debug(s"ObpS.${methodName} validation failed (NOT resultAfterChecked.isDefined). The value is:$result")
           resultAfterChecked.getOrElse("")
         }
       } else if (methodName.equals("uriAndQueryString") && result.isInstanceOf[Box[String]] && result.asInstanceOf[Box[String]].isDefined ||
         methodName.equals("queryString") && result.isInstanceOf[Box[String]]&&result.asInstanceOf[Box[String]].isDefined){
         val resultAfterChecked = result.asInstanceOf[Box[String]].filter(APIUtil.basicUriAndQueryStringValidation(_))
         if(resultAfterChecked.isEmpty) { 
-          logger.debug(s"ObpS.${methodName} validation failed. The value is:$result")
+          logger.debug(s"ObpS.${methodName} validation failed. (resultAfterChecked.isEmpty B) The value is:$result")
         }
         resultAfterChecked
       } else {

From 1ba8024b97f93973c7ba05de6f129532c807c25a Mon Sep 17 00:00:00 2001
From: hongwei <hongwei@tesobe.com>
Date: Thu, 23 Nov 2023 12:41:16 +0100
Subject: [PATCH 6/7] bugfix/fixed the regex for UrlValidation

---
 obp-api/src/main/scala/code/api/util/APIUtil.scala | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala
index f952728491..4bf30c6810 100644
--- a/obp-api/src/main/scala/code/api/util/APIUtil.scala
+++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala
@@ -782,7 +782,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
     // redirectUrl = http%3A%2F%2Flocalhost%3A8016%3Foauth_token%3DEBRZBMOPDXEUGGJP421FPFGK01IY2DGM5O3TLVSK%26oauth_verifier%3D63461
     // URLDecoder.decode(urlString,"UTF-8")-->http://localhost:8016?oauth_token=EBRZBMOPDXEUGGJP421FPFGK01IY2DGM5O3TLVSK&oauth_verifier=63461
     val regex =
-      """((([A-Za-z]{3,9}:(?:\/\/)?)(?:[-;:&=\+\$,\w]+@)?[A-Za-z0-9.-]+(:[0-9]+)?|(?:www.|[-;:&=\+\$,\w]+@)[A-Za-z0-9.-]+)((?:\/[\+~%\/.\w-_]*)?\??(?:[-\+=&;%@.\w_]*)#?(?:[\w]*))?)""".r
+      """((([A-Za-z]{3,9}:(?:\/\/)?)(?:[-;:&=\+\$,\w]+@)?[A-Za-z0-9.-]+(:[0-9]+)?|(?:www.|[-;:&=\+\$,\w]+@)[A-Za-z0-9.-]+)((?:\/[\+~%\/.\w-_]*)?\??(?:[-\+=&;%@.\w_\/]*)#?(?:[\w]*))?)""".r
     val decodeUrlValue = URLDecoder.decode(urlString, "UTF-8").trim()
     decodeUrlValue match {
       case regex(_*) if (decodeUrlValue.length <= 2048) => true

From 7be52e423ad0979042304b1278217f80c6dfdf39 Mon Sep 17 00:00:00 2001
From: hongwei <hongwei@tesobe.com>
Date: Thu, 23 Nov 2023 12:52:46 +0100
Subject: [PATCH 7/7] bugfix/fixed the regex for UrlValidation- add test

---
 obp-api/src/test/scala/code/util/APIUtilTest.scala | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/obp-api/src/test/scala/code/util/APIUtilTest.scala b/obp-api/src/test/scala/code/util/APIUtilTest.scala
index 76b037409a..44b3544956 100644
--- a/obp-api/src/test/scala/code/util/APIUtilTest.scala
+++ b/obp-api/src/test/scala/code/util/APIUtilTest.scala
@@ -697,6 +697,15 @@ class APIUtilTest extends FeatureSpec with Matchers with GivenWhenThen with Prop
     APIUtil.getObpFormatOperationId("OBPv3.0.0-getCoreAccountById") should be ("OBPv3.0.0-getCoreAccountById")
     APIUtil.getObpFormatOperationId("xxx") should be ("xxx")
   }
+  
+  feature("test APIUtil.basicUrlValidation method") {
+    val testString1 = "https%3A%2F%2Fapisandbox.openbankproject.com%2Foauth%2Fauthorize%3Fnext%3D%2Fen%2Fusers%2Fmyuser%26oauth_token%3DWTOBT2YRCTMI1BCCF4XAIKRXPLLZDZPFAIL5K03Z%26oauth_verifier%3D45381"
+    val testString2 = "http%3A%2F%2Flocalhost%3A8016%3Foauth_token%3DEBRZBMOPDXEUGGJP421FPFGK01IY2DGM5O3TLVSK%26oauth_verifier%3D63461"
+    
+    APIUtil.basicUrlValidation(testString1) should be (true)
+    APIUtil.basicUrlValidation(testString2) should be (true)
+    
+  }
 
   feature("test APIUtil.getBankIdAccountIdPairsFromUserAuthContexts method") {