From c9cf93a19cec8318fb31c7da3b0a7f0cf5235d79 Mon Sep 17 00:00:00 2001
From: Malte Meister <malte@labs.ws>
Date: Fri, 9 Apr 2021 15:35:45 +0200
Subject: [PATCH] fix NEW_USER_AUTHENTICITY_TOKEN_REGEX, handle profile URL
 redirects

---
 .../gitlab4j/api/utils/AccessTokenUtils.java  | 47 +++++++++++++++++--
 1 file changed, 43 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/gitlab4j/api/utils/AccessTokenUtils.java b/src/main/java/org/gitlab4j/api/utils/AccessTokenUtils.java
index 8f726aed1..a2933c867 100644
--- a/src/main/java/org/gitlab4j/api/utils/AccessTokenUtils.java
+++ b/src/main/java/org/gitlab4j/api/utils/AccessTokenUtils.java
@@ -89,7 +89,7 @@ public String toString() {
     protected static final String USER_AGENT = "GitLab4J Client";
     protected static final String COOKIES_HEADER = "Set-Cookie";
 
-    protected static final String NEW_USER_AUTHENTICITY_TOKEN_REGEX = "\"new_user\".*name=\\\"authenticity_token\\\"\\svalue=\\\"([^\\\"]*)\\\".*new_new_user";
+    protected static final String NEW_USER_AUTHENTICITY_TOKEN_REGEX = "\"new_user\".*name=\\\"authenticity_token\\\"\\svalue=\\\"([^\\\"]*)\\\"";
     protected static final Pattern NEW_USER_AUTHENTICITY_TOKEN_PATTERN = Pattern.compile(NEW_USER_AUTHENTICITY_TOKEN_REGEX);
 
     protected static final String AUTHENTICITY_TOKEN_REGEX = "name=\\\"authenticity_token\\\"\\svalue=\\\"([^\\\"]*)\\\"";
@@ -170,8 +170,21 @@ public static final String createPersonalAccessToken(final String baseUrl, final
             connection.setReadTimeout(10000);
             connection.setConnectTimeout(10000);
 
-            // Make sure the response code is 200, otherwise there is a failure
+            // Check if a redirect was provided, follow it if so (profile URLs are prefixed with -/ now)
             int responseCode = connection.getResponseCode();
+            if (responseCode == 301) {
+                // Follow the redirect with the provided session cookie
+                String profileRedirectUrl = connection.getHeaderField("Location");
+                url = new URL(profileRedirectUrl);
+                connection = (HttpURLConnection) url.openConnection();
+                connection.setRequestProperty("User-Agent", USER_AGENT);
+                connection.setRequestProperty("Cookie", cookies);
+                connection.setReadTimeout(10000);
+                connection.setConnectTimeout(10000);
+            }
+
+            // Make sure the response code is 200, otherwise there is a failure
+            responseCode = connection.getResponseCode();
             if (responseCode != 200) {
                 throw new GitLabApiException("Failure loading Access Tokens page, aborting!");
             }
@@ -322,8 +335,21 @@ public static final void revokePersonalAccessToken(final String baseUrl, final S
             connection.setReadTimeout(10000);
             connection.setConnectTimeout(10000);
 
-            // Make sure the response code is 200, otherwise there is a failure
+            // Check if a redirect was provided, follow it if so (profile URLs are prefixed with -/ now)
             int responseCode = connection.getResponseCode();
+            if (responseCode == 301) {
+                // Follow the redirect with the provided session cookie
+                String profileRedirectUrl = connection.getHeaderField("Location");
+                url = new URL(profileRedirectUrl);
+                connection = (HttpURLConnection) url.openConnection();
+                connection.setRequestProperty("User-Agent", USER_AGENT);
+                connection.setRequestProperty("Cookie", cookies);
+                connection.setReadTimeout(10000);
+                connection.setConnectTimeout(10000);
+            }
+
+            // Make sure the response code is 200, otherwise there is a failure
+            responseCode = connection.getResponseCode();
             if (responseCode != 200) {
                 throw new GitLabApiException("Failure loading Access Tokens page, aborting!");
             }
@@ -465,8 +491,21 @@ public static final String getFeedToken(final String baseUrl, final String usern
             connection.setReadTimeout(10000);
             connection.setConnectTimeout(10000);
 
-            // Make sure the response code is 200, otherwise there is a failure
+            // Check if a redirect was provided, follow it if so (profile URLs are prefixed with -/ now)
             int responseCode = connection.getResponseCode();
+            if (responseCode == 301) {
+                // Follow the redirect with the provided session cookie
+                String profileRedirectUrl = connection.getHeaderField("Location");
+                url = new URL(profileRedirectUrl);
+                connection = (HttpURLConnection) url.openConnection();
+                connection.setRequestProperty("User-Agent", USER_AGENT);
+                connection.setRequestProperty("Cookie", cookies);
+                connection.setReadTimeout(10000);
+                connection.setConnectTimeout(10000);
+            }
+
+            // Make sure the response code is 200, otherwise there is a failure
+            responseCode = connection.getResponseCode();
             if (responseCode != 200) {
                 throw new GitLabApiException("Failure loading Access Tokens page, aborting!");
             }