From c51016a548716d755a8ed5e8b0de9dbbf8dbb83a Mon Sep 17 00:00:00 2001
From: anhefti <andreas.hefti@let.ethz.ch>
Date: Tue, 12 Mar 2019 11:34:01 +0100
Subject: [PATCH] SEBSERV-35 fixed by add UTF-8 encoding where needed

---
 .../ch/ethz/seb/sebserver/WebSecurityConfig.java     | 12 ++++++++++++
 .../auth/OAuth2AuthorizationContextHolder.java       |  5 +++++
 .../resources/config/application-dev-ws.properties   |  2 +-
 src/main/resources/config/application.properties     |  4 ++++
 4 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/src/main/java/ch/ethz/seb/sebserver/WebSecurityConfig.java b/src/main/java/ch/ethz/seb/sebserver/WebSecurityConfig.java
index ac981677..32dd818e 100644
--- a/src/main/java/ch/ethz/seb/sebserver/WebSecurityConfig.java
+++ b/src/main/java/ch/ethz/seb/sebserver/WebSecurityConfig.java
@@ -26,6 +26,7 @@ import org.apache.http.ssl.SSLContextBuilder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.boot.web.servlet.error.ErrorController;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -42,6 +43,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.util.ResourceUtils;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.filter.CharacterEncodingFilter;
 
 import ch.ethz.seb.sebserver.gbl.api.API;
 import ch.ethz.seb.sebserver.gbl.profile.DevGuiProfile;
@@ -72,6 +74,16 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements E
     /** Spring bean name of client (application) password encoder */
     public static final String CLIENT_PASSWORD_ENCODER_BEAN_NAME = "clientPasswordEncoder";
 
+    @Bean
+    public FilterRegistrationBean<CharacterEncodingFilter> filterRegistrationBean() {
+        final FilterRegistrationBean<CharacterEncodingFilter> registrationBean = new FilterRegistrationBean<>();
+        final CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
+        characterEncodingFilter.setForceEncoding(true);
+        characterEncodingFilter.setEncoding("UTF-8");
+        registrationBean.setFilter(characterEncodingFilter);
+        return registrationBean;
+    }
+
     /** Password encoder used for user passwords (stronger protection) */
     @Bean(USER_PASSWORD_ENCODER_BEAN_NAME)
     public PasswordEncoder userPasswordEncoder() {
diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java b/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java
index 7a5fbc06..cd292f2d 100644
--- a/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java
@@ -10,6 +10,7 @@ package ch.ethz.seb.sebserver.gui.service.remote.webservice.auth;
 
 import java.io.IOException;
 import java.net.URI;
+import java.nio.charset.Charset;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
@@ -27,6 +28,7 @@ import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.client.ClientHttpRequestFactory;
 import org.springframework.http.client.ClientHttpResponse;
+import org.springframework.http.converter.StringHttpMessageConverter;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
 import org.springframework.security.oauth2.client.OAuth2RestTemplate;
@@ -172,6 +174,9 @@ public class OAuth2AuthorizationContextHolder implements AuthorizationContextHol
             this.restTemplate = new DisposableOAuth2RestTemplate(this.resource);
             this.restTemplate.setRequestFactory(clientHttpRequestFactory);
             this.restTemplate.setErrorHandler(new ErrorHandler(this.resource));
+            this.restTemplate
+                    .getMessageConverters()
+                    .add(0, new StringHttpMessageConverter(Charset.forName("UTF-8")));
 
             this.revokeTokenURI = webserviceURIService.getOAuthRevokeTokenURI();
             this.currentUserURI = webserviceURIService.getCurrentUserRequestURI();
diff --git a/src/main/resources/config/application-dev-ws.properties b/src/main/resources/config/application-dev-ws.properties
index a1984536..5c0a42a8 100644
--- a/src/main/resources/config/application-dev-ws.properties
+++ b/src/main/resources/config/application-dev-ws.properties
@@ -4,7 +4,7 @@ server.servlet.context-path=/
 
 spring.datasource.initialize=true
 spring.datasource.initialization-mode=always
-spring.datasource.url=jdbc:mariadb://localhost:6603/SEBServer?useSSL=false&createDatabaseIfNotExist=true
+spring.datasource.url=jdbc:mariadb://localhost:6603/SEBServer?useSSL=false&createDatabaseIfNotExist=true&default-character-set=utf8mb4
 spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
 spring.datasource.platform=dev
 spring.datasource.hikari.max-lifetime=600000
diff --git a/src/main/resources/config/application.properties b/src/main/resources/config/application.properties
index c6f72541..870957d9 100644
--- a/src/main/resources/config/application.properties
+++ b/src/main/resources/config/application.properties
@@ -1,6 +1,10 @@
 spring.application.name=SEB Server
 spring.profiles.active=dev
 
+spring.mandatory-file-encoding=UTF-8
+spring.http.encoding.charset=UTF-8
+spring.http.encoding.enabled=true
+
 sebserver.version=0.1 pre-beta
 sebserver.supported.languages=en,de