From 7830268be1cecae011ef8faf67c4de78357dc6a2 Mon Sep 17 00:00:00 2001 From: Michael Peter Christen Date: Sat, 21 Oct 2023 13:00:49 +0200 Subject: [PATCH] fix https://github.com/yacy/yacy_search_server/commit/756c817b5a55b2253564083162ac946dd34deef7 must be applied to all code where a transaction token is generated. --- source/net/yacy/htroot/ConfigAccounts_p.java | 7 +++++-- source/net/yacy/htroot/ConfigPortal_p.java | 6 +++++- source/net/yacy/htroot/ConfigProperties_p.java | 7 ++++++- source/net/yacy/htroot/ConfigSearchPage_p.java | 6 +++++- source/net/yacy/htroot/IndexDeletion_p.java | 6 +++++- source/net/yacy/htroot/IndexFederated_p.java | 6 +++++- source/net/yacy/htroot/PerformanceQueues_p.java | 6 +++++- source/net/yacy/htroot/SearchAccessRate_p.java | 6 +++++- source/net/yacy/htroot/Steering.java | 6 +++++- 9 files changed, 46 insertions(+), 10 deletions(-) diff --git a/source/net/yacy/htroot/ConfigAccounts_p.java b/source/net/yacy/htroot/ConfigAccounts_p.java index 293944620..020b1aa47 100644 --- a/source/net/yacy/htroot/ConfigAccounts_p.java +++ b/source/net/yacy/htroot/ConfigAccounts_p.java @@ -54,9 +54,12 @@ public static serverObjects respond(final RequestHeader header, final serverObje final serverObjects prop = new serverObjects(); /* Acquire a transaction token for the next POST form submission */ - prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); - final Switchboard sb = (Switchboard) env; + try { + prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + } catch (IllegalArgumentException e) { + sb.log.fine("access by unauthorized or unknown user: no transaction token delivered"); + } UserDB.Entry entry = null; // admin password diff --git a/source/net/yacy/htroot/ConfigPortal_p.java b/source/net/yacy/htroot/ConfigPortal_p.java index 1cc28987f..a55cfee59 100644 --- a/source/net/yacy/htroot/ConfigPortal_p.java +++ b/source/net/yacy/htroot/ConfigPortal_p.java @@ -179,7 +179,11 @@ public static serverObjects respond(final RequestHeader header, final serverObje } /* Acquire a transaction token for the next POST form submission */ - prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + try { + prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + } catch (IllegalArgumentException e) { + sb.log.fine("access by unauthorized or unknown user: no transaction token delivered"); + } prop.putHTML(SwitchboardConstants.GREETING, sb.getConfig(SwitchboardConstants.GREETING, "")); prop.putHTML(SwitchboardConstants.GREETING_HOMEPAGE, sb.getConfig(SwitchboardConstants.GREETING_HOMEPAGE, "")); diff --git a/source/net/yacy/htroot/ConfigProperties_p.java b/source/net/yacy/htroot/ConfigProperties_p.java index b30a786b9..345751001 100644 --- a/source/net/yacy/htroot/ConfigProperties_p.java +++ b/source/net/yacy/htroot/ConfigProperties_p.java @@ -37,6 +37,7 @@ import net.yacy.cora.protocol.RequestHeader; import net.yacy.data.TransactionManager; +import net.yacy.search.Switchboard; import net.yacy.server.serverObjects; import net.yacy.server.serverSwitch; @@ -47,7 +48,11 @@ public static serverObjects respond(final RequestHeader header, final serverObje final serverObjects prop = new serverObjects(); /* Acquire a transaction token for the next POST form submission */ - prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + try { + prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + } catch (IllegalArgumentException e) { + Switchboard.getSwitchboard().log.fine("access by unauthorized or unknown user: no transaction token delivered"); + } String key = ""; String value = ""; diff --git a/source/net/yacy/htroot/ConfigSearchPage_p.java b/source/net/yacy/htroot/ConfigSearchPage_p.java index adebd8cf9..9b60ae6fb 100644 --- a/source/net/yacy/htroot/ConfigSearchPage_p.java +++ b/source/net/yacy/htroot/ConfigSearchPage_p.java @@ -207,7 +207,11 @@ public static serverObjects respond(final RequestHeader header, final serverObje } /* Acquire a transaction token for the next POST form submission */ - prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + try { + prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + } catch (IllegalArgumentException e) { + sb.log.fine("access by unauthorized or unknown user: no transaction token delivered"); + } prop.putHTML(SwitchboardConstants.GREETING, sb.getConfig(SwitchboardConstants.GREETING, "")); prop.putHTML(SwitchboardConstants.GREETING_HOMEPAGE, sb.getConfig(SwitchboardConstants.GREETING_HOMEPAGE, "")); diff --git a/source/net/yacy/htroot/IndexDeletion_p.java b/source/net/yacy/htroot/IndexDeletion_p.java index 99aed1077..af8597343 100644 --- a/source/net/yacy/htroot/IndexDeletion_p.java +++ b/source/net/yacy/htroot/IndexDeletion_p.java @@ -56,7 +56,11 @@ public static serverObjects respond(final RequestHeader header, final serverObje final serverObjects prop = new serverObjects(); /* Acquire a transaction token for the next POST form submission */ - prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + try { + prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + } catch (IllegalArgumentException e) { + sb.log.fine("access by unauthorized or unknown user: no transaction token delivered"); + } final SolrConnector defaultConnector = sb.index.fulltext().getDefaultConnector(); final SolrConnector webgraphConnector = sb.index.fulltext().getWebgraphConnector(); diff --git a/source/net/yacy/htroot/IndexFederated_p.java b/source/net/yacy/htroot/IndexFederated_p.java index fbe9de77b..ec13fd4d5 100644 --- a/source/net/yacy/htroot/IndexFederated_p.java +++ b/source/net/yacy/htroot/IndexFederated_p.java @@ -182,7 +182,11 @@ public static serverObjects respond(final RequestHeader header, final serverObje } /* Acquire a transaction token for the next POST form submission */ - prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + try { + prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + } catch (IllegalArgumentException e) { + sb.log.fine("access by unauthorized or unknown user: no transaction token delivered"); + } // show solr host table if (!sb.index.fulltext().connectedRemoteSolr()) { diff --git a/source/net/yacy/htroot/PerformanceQueues_p.java b/source/net/yacy/htroot/PerformanceQueues_p.java index 96fe5ae67..b6280fc81 100644 --- a/source/net/yacy/htroot/PerformanceQueues_p.java +++ b/source/net/yacy/htroot/PerformanceQueues_p.java @@ -60,7 +60,11 @@ public static serverObjects respond(final RequestHeader header, final serverObje File defaultSettingsFile = new File(sb.getAppPath(), "defaults/yacy.init"); /* Acquire a transaction token for the next POST form submission */ - prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + try { + prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + } catch (IllegalArgumentException e) { + sb.log.fine("access by unauthorized or unknown user: no transaction token delivered"); + } // get segment final Segment indexSegment = sb.index; diff --git a/source/net/yacy/htroot/SearchAccessRate_p.java b/source/net/yacy/htroot/SearchAccessRate_p.java index d3b60fc87..5ad5a3135 100644 --- a/source/net/yacy/htroot/SearchAccessRate_p.java +++ b/source/net/yacy/htroot/SearchAccessRate_p.java @@ -49,7 +49,11 @@ public static serverObjects respond(final RequestHeader header, final serverObje final serverObjects prop = new serverObjects(); /* Acquire a transaction token for the next POST form submission */ - prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + try { + prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + } catch (IllegalArgumentException e) { + sb.log.fine("access by unauthorized or unknown user: no transaction token delivered"); + } if (post != null) { /* diff --git a/source/net/yacy/htroot/Steering.java b/source/net/yacy/htroot/Steering.java index f59116710..1f69d403a 100644 --- a/source/net/yacy/htroot/Steering.java +++ b/source/net/yacy/htroot/Steering.java @@ -52,7 +52,11 @@ public static serverObjects respond(final RequestHeader header, final serverObje if(ss != null && ((Switchboard) ss).verifyAuthentication(header)) { /* YaCyDefaultServlet will detect it and then also fill the custom HTTP response header used by the JavaScript shutdown and restart actions * or any external API requesting tool */ - prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + try { + prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); + } catch (IllegalArgumentException e) { + ((Switchboard) ss).log.fine("access by unauthorized or unknown user: no transaction token delivered"); + } /* Also add to the Steering.html page info block for eventual display of this page without parameter */ prop.put("info_" + TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); } else {