fix file sharing bug (#6161)

# Description of Changes

Fixes share-link navigation for SSO users. Reported on v2.9.2 with
`SSOAutoLogin: true`: clicking a `/share/<token>` link in an email
redirected the user to the home page after SSO instead of the shared
file.

## Root cause

Three compounding issues had to be fixed together; the first was the
initial symptom but the other two only surfaced during live
verification.

1. **Spring Security blocked `/share/<token>` for unauthenticated
users.** The route wasn't in `RequestUriUtils.isPublicAuthEndpoint`, so
the server 302'd straight to `/login` before React could load
`ShareLinkPage`. The share URL was lost because `NullRequestCache` is
configured and never persisted the original destination.

2. **`httpErrorHandler` full-page-redirected to `/login?from=<path>` on
any unhandled 401** (fired by `LicenseContext`, `AppConfig`, etc. during
normal ShareLinkPage mount). That *did* preserve the return path — but
**Spring Security strips query strings from `/login`** (302 to bare
`/login`), so `?from=` never reached React. Confirmed via `curl -i
http://localhost:8080/login?from=xyz` → `Location: /login`.

3. **`AuthCallback.tsx` unconditionally `navigate("/")`** after the
SAML/OAuth round-trip, discarding any intended destination.

## Fix

**Backend** — make `/share/<token>` a public SPA bootstrap, data APIs
stay protected:
- `RequestUriUtils.isPublicAuthEndpoint` — permits `^/share/[^/]+/?$`
(tight regex, single token segment only; `/share/<token>/anything` stays
protected).
- `ReactRoutingController` — dedicated `@GetMapping("/share/{token}")`
mirroring `/auth/callback`.
- `/api/v1/storage/share-links/**` remains behind Spring Security with
its existing `canAccessShareLink` check.

**Frontend** — persist the return path across full-page redirects via
`sessionStorage` (same-origin, survives the SSO round-trip):
- `httpErrorHandler.ts` — stashes current pathname to
`stirling_post_login_path` before the 401 → `/login` redirect.
- `springAuthClient.ts` — new `isSafePostLoginRedirect` /
`setPostLoginRedirectPath` / `consumePostLoginRedirectPath` helpers
(rejects protocol-relative URLs and auth-plumbing paths to guard against
open-redirect abuse).
- `Login.tsx` — on explicit user sign-in, read path from
`location.state` or `?from=` query and stash it; don't clobber an
already-stashed value.
- `AuthCallback.tsx` — consume the stashed path (single-use) and
`navigate(target)` instead of always `/`.


---

## Checklist

### General

- [ ] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [ ] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [ ] I have performed a self-review of my own code
- [ ] My changes generate no new warnings

### Documentation

- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

### Translations (if applicable)

- [ ] I ran
[`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md)

### UI Changes (if applicable)

- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)

### Testing (if applicable)

- [ ] I have run `task check` to verify linters, typechecks, and tests
pass
- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#7-testing)
for more details.

---------

Co-authored-by: EthanHealy01 <[email protected]>
This commit is contained in:
Anthony Stirling
2026-04-23 14:52:25 +01:00
committed by GitHub
co-authored by EthanHealy01
parent 3e94157137
commit c294e9b2cb
14 changed files with 522 additions and 33 deletions
@@ -66,6 +66,7 @@ services:
- ../../../stirling/keycloak-saml-test/data:/usr/share/tessdata:rw
- ../../../stirling/keycloak-saml-test/config:/configs:rw
- ../../../stirling/keycloak-saml-test/logs:/logs:rw
- ../../../stirling/keycloak-saml-test/storage:/storage:rw
- ./keycloak-saml-cert.pem:/app/keycloak-saml-cert.pem:ro
- ./saml-private-key.key:/app/saml-private-key.key:ro
- ./saml-public-cert.crt:/app/saml-public-cert.crt:ro
@@ -82,6 +83,18 @@ services:
PREMIUM_ENABLED: "true"
PREMIUM_PROFEATURES_SSOAUTOLOGIN: "${PREMIUM_PROFEATURES_SSOAUTOLOGIN:-false}"
# Storage + sharing (opt-in via start-saml-test.sh --with-storage)
STORAGE_ENABLED: "${STORAGE_ENABLED:-false}"
STORAGE_PROVIDER: "${STORAGE_PROVIDER:-local}"
STORAGE_LOCAL_BASEPATH: "${STORAGE_LOCAL_BASEPATH:-/storage}"
STORAGE_SHARING_ENABLED: "${STORAGE_SHARING_ENABLED:-false}"
STORAGE_SHARING_LINKENABLED: "${STORAGE_SHARING_LINKENABLED:-false}"
STORAGE_SHARING_EMAILENABLED: "${STORAGE_SHARING_EMAILENABLED:-false}"
STORAGE_SHARING_LINKEXPIRATIONDAYS: "${STORAGE_SHARING_LINKEXPIRATIONDAYS:-3}"
STORAGE_SIGNING_ENABLED: "${STORAGE_SIGNING_ENABLED:-false}"
# Required for share-link creation (FileStorageService.isShareLinksEnabled)
SYSTEM_FRONTENDURL: "${SYSTEM_FRONTENDURL:-}"
# Debug Logging
LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_SECURITY_SAML2: DEBUG
LOGGING_LEVEL_ORG_OPENSAML: DEBUG
+44 -4
View File
@@ -1,6 +1,11 @@
#!/bin/bash
set -e
# Stop Git Bash / MSYS from mangling Unix-style paths (e.g. /storage) passed
# to docker-compose.exe. No-op on native Linux/macOS.
export MSYS_NO_PATHCONV=1
export MSYS2_ARG_CONV_EXCL="*"
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
@@ -13,6 +18,7 @@ echo -e "${BLUE}╚════════════════════
echo ""
AUTO_LOGIN=false
WITH_STORAGE=false
DEFAULT_LANGUAGE="en-US"
COMPOSE_UP_ARGS=(-d --build)
while [[ $# -gt 0 ]]; do
@@ -21,6 +27,10 @@ while [[ $# -gt 0 ]]; do
AUTO_LOGIN=true
shift
;;
--with-storage)
WITH_STORAGE=true
shift
;;
--nobuild)
COMPOSE_UP_ARGS=(-d)
shift
@@ -46,11 +56,13 @@ while [[ $# -gt 0 ]]; do
shift 2
;;
-h|--help)
echo "Usage: $0 [--auto] [--nobuild] [--language <locale>]"
echo "Usage: $0 [--auto] [--with-storage] [--nobuild] [--language <locale>]"
echo ""
echo " --auto Enable SSO auto-login and force SAML-only login method"
echo " --nobuild Skip building images (use existing images)"
echo " --language Set system default locale (e.g. de-DE, sv-SE)"
echo " --auto Enable SSO auto-login and force SAML-only login method"
echo " --with-storage Enable the file storage + link-sharing feature"
echo " (required to test /share/<token> flows)"
echo " --nobuild Skip building images (use existing images)"
echo " --language Set system default locale (e.g. de-DE, sv-SE)"
exit 0
;;
*)
@@ -89,6 +101,26 @@ if [ "$AUTO_LOGIN" = true ]; then
echo ""
fi
if [ "$WITH_STORAGE" = true ]; then
export STORAGE_ENABLED=true
export STORAGE_PROVIDER=local
export STORAGE_LOCAL_BASEPATH=/storage
export STORAGE_SHARING_ENABLED=true
export STORAGE_SHARING_LINKENABLED=true
export STORAGE_SHARING_EMAILENABLED=true
export STORAGE_SHARING_LINKEXPIRATIONDAYS=3
# storage.signing is a sibling of storage.sharing, not nested under it
export STORAGE_SIGNING_ENABLED=true
# Required for share-link creation (FileStorageService.isShareLinksEnabled)
export SYSTEM_FRONTENDURL="http://localhost:8080"
# Force recreate so env changes apply even with --nobuild
if [[ ! " ${COMPOSE_UP_ARGS[*]} " =~ " --force-recreate " ]]; then
COMPOSE_UP_ARGS+=(--force-recreate)
fi
echo -e "${GREEN}✓ Storage + link sharing enabled${NC}"
echo ""
fi
export SYSTEM_DEFAULTLOCALE="$DEFAULT_LANGUAGE"
echo -e "${GREEN}✓ Default locale set to: ${SYSTEM_DEFAULTLOCALE}${NC}"
echo ""
@@ -199,6 +231,14 @@ echo -e " 1. Go to ${GREEN}http://localhost:8080${NC}"
echo -e " 2. Click 'Login' and select SAML"
echo -e " 3. Login with test credentials"
echo ""
if [ "$WITH_STORAGE" = true ]; then
echo -e "${BLUE}🔗 Test share links:${NC}"
echo -e " 1. Log in as ${GREEN}[email protected]${NC}, upload a PDF"
echo -e " 2. Create a share link from the file manager"
echo -e " 3. Open the share URL in an incognito/private window"
echo -e " 4. Verify you land on the share page (not the home page) after SSO"
echo ""
fi
echo -e "${BLUE}📊 View logs:${NC}"
echo -e " docker-compose -f docker-compose-keycloak-saml.yml logs -f"
echo ""