WS-2229 - User name is escaped in the request context to be sent correctly through proxy headers

ddragosd · ddragosd · commit 21b209a18141 · 2015-06-10T01:56:55.000-04:00
diff --git a/src/lua/api-gateway/validation/oauth2/userProfileValidator.lua b/src/lua/api-gateway/validation/oauth2/userProfileValidator.lua
@@ -78,6 +78,17 @@ function _M:getExpiresIn(expire_at)
     return expires_in_s
 end
 
+function _M:getContextPropertiesObject(obj)
+    local props = {}
+    for k, v in pairs(obj) do
+        props[k] = v
+        if k == "user_name" or k == "user_first_name" or k == "user_last_name" then
+            props[k] = ngx.escape_uri(v)
+        end
+    end
+    return props
+end
+
 function _M:getProfileFromCache(cacheLookupKey)
     local localCacheValue = self:getKeyFromLocalCache(cacheLookupKey, "cachedUserProfiles")
     if ( localCacheValue ~= nil ) then
@@ -148,7 +159,8 @@ function _M:extractContextVars(profile)
     cachingObj.user_country_code    = profile.countryCode
     cachingObj.user_name            = profile.displayName
     cachingObj.user_region          = self:getUserRegion(profile.countryCode)
-
+    cachingObj.user_first_name      = profile.first_name
+    cachingObj.user_last_name       = profile.last_name
     return cachingObj
 end
 
@@ -169,7 +181,7 @@ function _M:validateRequest()
         if (type(cachedUserProfile) == 'string') then
             cachedUserProfile = cjson.decode(cachedUserProfile)
         end
-        self:setContextProperties(cachedUserProfile)
+        self:setContextProperties(self:getContextPropertiesObject(cachedUserProfile))
         if ( self:isProfileValid(cachedUserProfile) == true ) then
             return self:exitFn(ngx.HTTP_OK)
         else
@@ -185,7 +197,7 @@ function _M:validateRequest()
 
             local cachingObj = self:extractContextVars(json)
 
-            self:setContextProperties(cachingObj)
+            self:setContextProperties(self:getContextPropertiesObject(cachingObj))
             self:storeProfileInCache(cacheLookupKey, cachingObj)
 
             if ( self:isProfileValid(cachingObj) == true ) then
diff --git a/test/perl/api-gateway/validation/oauth2/userProfileValidator.t b/test/perl/api-gateway/validation/oauth2/userProfileValidator.t
@@ -107,7 +107,7 @@ Authorization: Bearer SOME_OAUTH_PROFILE_TEST_1
 "GET /redis-cache"
 ]
 --- response_body_like eval
-['^user_email=johndoe_ĂÂă\@domain.com,user_country_code=AT,user_region=EU,user_name=display_name—大－女.*',
+['^user_email=johndoe_ĂÂă\@domain.com,user_country_code=AT,user_region=EU,user_name=display_name%E2%80%94%E5%A4%A7%EF%BC%8D%E5%A5%B3.*',
 '^Local: {"user_region":"EU","user_country_code":"AT","user_email":"johndoe_ĂÂă@domain.com","user_name":"display_name—大－女"}.*',
 '^Redis: {"user_region":"EU","user_country_code":"AT","user_email":"johndoe_ĂÂă@domain.com","user_name":"display_name—大－女"}.*']
 --- no_error_log
@@ -206,12 +206,12 @@ Authorization: Bearer SOME_OAUTH_TOKEN_TEST_THREE
 --- request
 GET /test-validate-user
 --- response_body_like eval
-"^user_email=noreply-ăâ\@domain.com,user_country_code=CA,user_region=US,user_name=display_name-工－女－长.*"
+"^user_email=noreply-ăâ\@domain.com,user_country_code=CA,user_region=US,user_name=display_name-%E5%B7%A5%EF%BC%8D%E5%A5%B3%EF%BC%8D%E9%95%BF.*"
 --- response_headers_like
 X-User-Id: noreply-ăâ@domain.com
 X-User-Country-Code: CA
 X-User-Region: US
-X-User-Name: display_name-工－女－长
+X-User-Name: display_name-%E5%B7%A5%EF%BC%8D%E5%A5%B3%EF%BC%8D%E9%95%BF
 --- error_code: 200
 --- no_error_log
 [error]
