fix 756c817b5a

must be applied to all code where a transaction token is generated.
2024-09-19 00:01:41 +02:00 · 2023-10-21 13:00:49 +02:00 · 2023-10-21 13:00:49 +02:00 · 7830268be1
commit 7830268be1
parent dc6f218520
9 changed files with 46 additions and 10 deletions
--- a/source/net/yacy/htroot/ConfigAccounts_p.java
+++ b/source/net/yacy/htroot/ConfigAccounts_p.java
@ -54,9 +54,12 @@ public class ConfigAccounts_p {
        final serverObjects prop = new serverObjects();

        /* Acquire a transaction token for the next POST form submission */
-        prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
-
        final Switchboard sb = (Switchboard) env;
+        try {
+            prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        } catch (IllegalArgumentException e) {
+            sb.log.fine("access by unauthorized or unknown user: no transaction token delivered");
+        }
        UserDB.Entry entry = null;

        // admin password
--- a/source/net/yacy/htroot/ConfigPortal_p.java
+++ b/source/net/yacy/htroot/ConfigPortal_p.java
@ -179,7 +179,11 @@ public class ConfigPortal_p {
        }

        /* Acquire a transaction token for the next POST form submission */
-        prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        try {
+            prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        } catch (IllegalArgumentException e) {
+            sb.log.fine("access by unauthorized or unknown user: no transaction token delivered");
+        }

        prop.putHTML(SwitchboardConstants.GREETING, sb.getConfig(SwitchboardConstants.GREETING, ""));
        prop.putHTML(SwitchboardConstants.GREETING_HOMEPAGE, sb.getConfig(SwitchboardConstants.GREETING_HOMEPAGE, ""));
--- a/source/net/yacy/htroot/ConfigProperties_p.java
+++ b/source/net/yacy/htroot/ConfigProperties_p.java
@ -37,6 +37,7 @@ import java.util.List;

 import net.yacy.cora.protocol.RequestHeader;
 import net.yacy.data.TransactionManager;
+import net.yacy.search.Switchboard;
 import net.yacy.server.serverObjects;
 import net.yacy.server.serverSwitch;

@ -47,7 +48,11 @@ public class ConfigProperties_p {
        final serverObjects prop = new serverObjects();

        /* Acquire a transaction token for the next POST form submission */
-        prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        try {
+            prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        } catch (IllegalArgumentException e) {
+            Switchboard.getSwitchboard().log.fine("access by unauthorized or unknown user: no transaction token delivered");
+        }

        String key = "";
        String value = "";
--- a/source/net/yacy/htroot/ConfigSearchPage_p.java
+++ b/source/net/yacy/htroot/ConfigSearchPage_p.java
@ -207,7 +207,11 @@ public class ConfigSearchPage_p {
        }

        /* Acquire a transaction token for the next POST form submission */
-        prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        try {
+            prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        } catch (IllegalArgumentException e) {
+            sb.log.fine("access by unauthorized or unknown user: no transaction token delivered");
+        }

        prop.putHTML(SwitchboardConstants.GREETING, sb.getConfig(SwitchboardConstants.GREETING, ""));
        prop.putHTML(SwitchboardConstants.GREETING_HOMEPAGE, sb.getConfig(SwitchboardConstants.GREETING_HOMEPAGE, ""));
--- a/source/net/yacy/htroot/IndexDeletion_p.java
+++ b/source/net/yacy/htroot/IndexDeletion_p.java
@ -56,7 +56,11 @@ public class IndexDeletion_p {
        final serverObjects prop = new serverObjects();

        /* Acquire a transaction token for the next POST form submission */
-        prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        try {
+            prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        } catch (IllegalArgumentException e) {
+            sb.log.fine("access by unauthorized or unknown user: no transaction token delivered");
+        }

        final SolrConnector defaultConnector = sb.index.fulltext().getDefaultConnector();
        final SolrConnector webgraphConnector = sb.index.fulltext().getWebgraphConnector();
--- a/source/net/yacy/htroot/IndexFederated_p.java
+++ b/source/net/yacy/htroot/IndexFederated_p.java
@ -182,7 +182,11 @@ public class IndexFederated_p {
        }

        /* Acquire a transaction token for the next POST form submission */
-        prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        try {
+            prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        } catch (IllegalArgumentException e) {
+            sb.log.fine("access by unauthorized or unknown user: no transaction token delivered");
+        }

        // show solr host table
        if (!sb.index.fulltext().connectedRemoteSolr()) {
--- a/source/net/yacy/htroot/PerformanceQueues_p.java
+++ b/source/net/yacy/htroot/PerformanceQueues_p.java
@ -60,7 +60,11 @@ public class PerformanceQueues_p {
        File defaultSettingsFile = new File(sb.getAppPath(), "defaults/yacy.init");

        /* Acquire a transaction token for the next POST form submission */
-        prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        try {
+            prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        } catch (IllegalArgumentException e) {
+            sb.log.fine("access by unauthorized or unknown user: no transaction token delivered");
+        }

        // get segment
        final Segment indexSegment = sb.index;
--- a/source/net/yacy/htroot/SearchAccessRate_p.java
+++ b/source/net/yacy/htroot/SearchAccessRate_p.java
@ -49,7 +49,11 @@ public class SearchAccessRate_p {
 		final serverObjects prop = new serverObjects();

 		/* Acquire a transaction token for the next POST form submission */
-		prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        try {
+            prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+        } catch (IllegalArgumentException e) {
+            sb.log.fine("access by unauthorized or unknown user: no transaction token delivered");
+        }

 		if (post != null) {
 			/*
--- a/source/net/yacy/htroot/Steering.java
+++ b/source/net/yacy/htroot/Steering.java
@ -52,7 +52,11 @@ public class Steering {
 			if(ss != null && ((Switchboard) ss).verifyAuthentication(header)) {
 				/* YaCyDefaultServlet will detect it and then also fill the custom HTTP response header used by the JavaScript shutdown and restart actions
 				 * or any external API requesting tool */
-				prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+		        try {
+		            prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
+		        } catch (IllegalArgumentException e) {
+		            ((Switchboard) ss).log.fine("access by unauthorized or unknown user: no transaction token delivered");
+		        }
 				/* Also add to the Steering.html page info block for eventual display of this page without parameter */
 				prop.put("info_" + TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
 			} else {