Handle verify user requests with HEAD method

cloudfoundry · Jul 3, 2023 · 98fe237 · 98fe237
1 parent 862eb92
commit 98fe237
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/account/AccountsController.java b/server/src/main/java/org/cloudfoundry/identity/uaa/account/AccountsController.java
@@ -101,6 +101,12 @@ public String emailSent() {
         return "accounts/email_sent";
     }
 
+    @RequestMapping(value = "/verify_user", method = RequestMethod.HEAD)
+    public String verifyUser() {
+        // Some mail providers initially send a HEAD request to check the validity of the link before redirecting users.
+        return "redirect:/login";
+    }
+
     @RequestMapping(value = "/verify_user", method = GET)
     public String verifyUser(Model model,
                              @RequestParam("code") String code,

diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java
@@ -45,6 +45,7 @@
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.when;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.head;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.model;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
@@ -216,6 +217,22 @@ void verifyUser() throws Exception {
         assertNull(SecurityContextHolder.getContext().getAuthentication());
     }
 
+    @Test
+    void verifyUserWithPriorHeadRequest() throws Exception {
+        when(accountCreationService.completeActivation("the_secret_code"))
+                .thenReturn(new AccountCreationService.AccountCreationResponse("newly-created-user-id", "username", "[email protected]", "//example.com/callback"));
+
+        mockMvc.perform(head("/verify_user").param("code", "the_secret_code"))
+                .andExpect(status().isFound())
+                .andExpect(redirectedUrl("/login"));
+        mockMvc.perform(get("/verify_user").param("code", "the_secret_code"))
+                .andExpect(status().isFound())
+                .andExpect(redirectedUrl("/login?success=verify_success&form_redirect_uri=//example.com/callback"));
+
+        assertNull(SecurityContextHolder.getContext().getAuthentication());
+        Mockito.verify(accountCreationService, times(1)).completeActivation("the_secret_code");
+    }
+
     @EnableWebMvc
     @Import(ThymeleafConfig.class)
     static class ContextConfiguration implements WebMvcConfigurer {