From 98fe237eeea024563817546d5cc96011a78eb516 Mon Sep 17 00:00:00 2001
From: Josip Bilandzija <josip.bilandzija@novatec-gmbh.de>
Date: Mon, 3 Jul 2023 09:45:26 +0200
Subject: [PATCH] Handle verify user requests with HEAD method

---
 .../uaa/account/AccountsController.java         |  6 ++++++
 .../uaa/login/AccountsControllerTest.java       | 17 +++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/account/AccountsController.java b/server/src/main/java/org/cloudfoundry/identity/uaa/account/AccountsController.java
index 5587c90f268..7ac473a5e91 100644
--- a/server/src/main/java/org/cloudfoundry/identity/uaa/account/AccountsController.java
+++ b/server/src/main/java/org/cloudfoundry/identity/uaa/account/AccountsController.java
@@ -101,6 +101,12 @@ public String emailSent() {
         return "accounts/email_sent";
     }
 
+    @RequestMapping(value = "/verify_user", method = RequestMethod.HEAD)
+    public String verifyUser() {
+        // Some mail providers initially send a HEAD request to check the validity of the link before redirecting users.
+        return "redirect:/login";
+    }
+
     @RequestMapping(value = "/verify_user", method = GET)
     public String verifyUser(Model model,
                              @RequestParam("code") String code,
diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java
index f995eb778d3..f6cc42e82dd 100644
--- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java
+++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java
@@ -45,6 +45,7 @@
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.when;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.head;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.model;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
@@ -216,6 +217,22 @@ void verifyUser() throws Exception {
         assertNull(SecurityContextHolder.getContext().getAuthentication());
     }
 
+    @Test
+    void verifyUserWithPriorHeadRequest() throws Exception {
+        when(accountCreationService.completeActivation("the_secret_code"))
+                .thenReturn(new AccountCreationService.AccountCreationResponse("newly-created-user-id", "username", "user@example.com", "//example.com/callback"));
+
+        mockMvc.perform(head("/verify_user").param("code", "the_secret_code"))
+                .andExpect(status().isFound())
+                .andExpect(redirectedUrl("/login"));
+        mockMvc.perform(get("/verify_user").param("code", "the_secret_code"))
+                .andExpect(status().isFound())
+                .andExpect(redirectedUrl("/login?success=verify_success&form_redirect_uri=//example.com/callback"));
+
+        assertNull(SecurityContextHolder.getContext().getAuthentication());
+        Mockito.verify(accountCreationService, times(1)).completeActivation("the_secret_code");
+    }
+
     @EnableWebMvc
     @Import(ThymeleafConfig.class)
     static class ContextConfiguration implements WebMvcConfigurer {