From eeec908713dcf9da15e5c8b8a279e7fbb590c147 Mon Sep 17 00:00:00 2001 From: Stephen Starkey Date: Sat, 13 Aug 2022 07:37:20 -0500 Subject: [PATCH 1/8] Fork of patreon client with security fixes --- .java-version | 1 + README.md | 4 +- pom.xml | 48 +++++++++---------- src/main/java/com/patreon/PatreonAPI.java | 3 +- .../com/patreon/resources/RequestUtil.java | 2 +- src/test/java/com/patreon/PatreonAPITest.java | 6 +-- 6 files changed, 33 insertions(+), 31 deletions(-) create mode 100644 .java-version diff --git a/.java-version b/.java-version new file mode 100644 index 0000000..6259340 --- /dev/null +++ b/.java-version @@ -0,0 +1 @@ +1.8 diff --git a/README.md b/README.md index 7053837..c747979 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,9 @@ Interact with the Patreon API via OAuth. Get the artifact from [Maven](http://search.maven.org/#search|ga|1|g%3A%22com.patreon%22%20AND%20a%3A%22patreon%22) ```xml -    com.patreon +    me.calmabiding     patreon -    0.4.2 +    0.5.0 ``` diff --git a/pom.xml b/pom.xml index ad4df3c..9c848ed 100644 --- a/pom.xml +++ b/pom.xml @@ -8,11 +8,11 @@ src/main/config - src/main/resources - - version.properties - - true + src/main/resources + + version.properties + + true @@ -76,9 +76,9 @@ and https://issues.apache.org/jira/browse/SUREFIRE-1588 --> - com.patreon + me.calmabiding patreon - 0.4.2 + 0.5.0 ${project.groupId}:${project.artifactId} Interact with the Patreon API via OAuth @@ -113,14 +113,14 @@ and https://issues.apache.org/jira/browse/SUREFIRE-1588 --> - 1.7.3 + 2.0.2 com.github.jasminb jsonapi-converter - 0.8 + 0.11 org.json @@ -130,17 +130,17 @@ and https://issues.apache.org/jira/browse/SUREFIRE-1588 --> org.jsoup jsoup - 1.10.3 + 1.15.2 com.google.code.gson gson - 2.8.2 + 2.9.1 org.apache.httpcomponents httpclient - 4.2.3 + 4.5.13 org.slf4j @@ -161,7 +161,7 @@ and https://issues.apache.org/jira/browse/SUREFIRE-1588 --> org.powermock - powermock-api-mockito + powermock-api-mockito2 ${powermock.version} test @@ -235,16 +235,16 @@ and https://issues.apache.org/jira/browse/SUREFIRE-1588 --> - - - - org.apache.maven.plugins - maven-javadoc-plugin - 3.0.0 - - - - - + + + + org.apache.maven.plugins + maven-javadoc-plugin + 3.0.0 + + + + + diff --git a/src/main/java/com/patreon/PatreonAPI.java b/src/main/java/com/patreon/PatreonAPI.java index 4ca62aa..4764a2c 100644 --- a/src/main/java/com/patreon/PatreonAPI.java +++ b/src/main/java/com/patreon/PatreonAPI.java @@ -91,8 +91,9 @@ public JSONAPIDocument fetchUser(Collection optionalFields addFieldsParam(pathBuilder, User.class, optionalAndDefaultFields); } + final String suffix = pathBuilder.toString(); return converter.readDocument( - getDataStream(pathBuilder.toString()), + getDataStream(suffix), User.class ); } diff --git a/src/main/java/com/patreon/resources/RequestUtil.java b/src/main/java/com/patreon/resources/RequestUtil.java index cabb20e..773dac5 100644 --- a/src/main/java/com/patreon/resources/RequestUtil.java +++ b/src/main/java/com/patreon/resources/RequestUtil.java @@ -13,7 +13,7 @@ public class RequestUtil { public InputStream request(String pathSuffix, String accessToken) throws IOException { - String prefix = BASE_URI + "/api/oauth2/api/"; + String prefix = BASE_URI + "/api/oauth2/api"; URL url = new URL(prefix.concat(pathSuffix)); HttpURLConnection connection = (HttpURLConnection) url.openConnection(); connection.setRequestProperty("Authorization", "Bearer ".concat(accessToken)); diff --git a/src/test/java/com/patreon/PatreonAPITest.java b/src/test/java/com/patreon/PatreonAPITest.java index 34876f6..ff42caa 100644 --- a/src/test/java/com/patreon/PatreonAPITest.java +++ b/src/test/java/com/patreon/PatreonAPITest.java @@ -89,7 +89,7 @@ public void testFetchUser() throws Exception { JSONAPIDocument user = api.fetchUser(); - verify(requestUtil).request(eq("current_user?include=pledges"), eq(MOCK_TOKEN)); + verify(requestUtil).request(eq("/current_user?include=pledges"), eq(MOCK_TOKEN)); assertEquals("https://www.patreon.com/api/user/32187", user.getLinks().getSelf().toString()); assertEquals(5, user.get().getPledges().size()); assertEquals("corgi", user.get().getVanity()); @@ -109,7 +109,7 @@ public void testFetchUserOptionalFields() throws Exception { verify(requestUtil).request(captor.capture(), eq(MOCK_TOKEN)); String arg = captor.getValue(); - assertTrue(arg.startsWith("current_user?")); + assertTrue("should start with '/current_user?'", arg.startsWith("/current_user?")); //Extract and decode the query params from the URL List parsed = URLEncodedUtils.parse(arg.substring(arg.indexOf('?') + 1), Charset.forName("UTF-8")); @@ -161,7 +161,7 @@ public void testFetchUserUnknownProperties() throws Exception { ); JSONAPIDocument user = api.fetchUser(); - verify(requestUtil).request(eq("current_user?include=pledges"), eq(MOCK_TOKEN)); + verify(requestUtil).request(eq("/current_user?include=pledges"), eq(MOCK_TOKEN)); assertEquals("https://www.patreon.com/api/user/32187", user.getLinks().getSelf().toString()); } } From 850bbe441a190b34f02420db49ae9a04a71ce131 Mon Sep 17 00:00:00 2001 From: Stephen Starkey Date: Sat, 13 Aug 2022 07:42:53 -0500 Subject: [PATCH 2/8] Reverted groupId --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c747979..92a46c1 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Interact with the Patreon API via OAuth. Get the artifact from [Maven](http://search.maven.org/#search|ga|1|g%3A%22com.patreon%22%20AND%20a%3A%22patreon%22) ```xml -    me.calmabiding +    com.patreon     patreon     0.5.0 From 56fbf269ff1eb4a41e7a1300d122775193ad1c82 Mon Sep 17 00:00:00 2001 From: Stephen Starkey Date: Sat, 13 Aug 2022 07:43:32 -0500 Subject: [PATCH 3/8] Reverted groupId --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9c848ed..ad20a53 100644 --- a/pom.xml +++ b/pom.xml @@ -76,7 +76,7 @@ and https://issues.apache.org/jira/browse/SUREFIRE-1588 --> - me.calmabiding + com.patreon patreon 0.5.0 From db89d7e53e9f7b6779c7d564ebe90b6631b5d8b7 Mon Sep 17 00:00:00 2001 From: Stephen Starkey Date: Sat, 13 Aug 2022 09:30:04 -0500 Subject: [PATCH 4/8] Don't need to increment so far --- README.md | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 92a46c1..51e1c8b 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Get the artifact from [Maven](http://search.maven.org/#search|ga|1|g%3A%22com.pa     com.patreon     patreon -    0.5.0 +    0.4.3 ``` diff --git a/pom.xml b/pom.xml index ad20a53..7bd0340 100644 --- a/pom.xml +++ b/pom.xml @@ -78,7 +78,7 @@ and https://issues.apache.org/jira/browse/SUREFIRE-1588 --> com.patreon patreon - 0.5.0 + 0.4.3 ${project.groupId}:${project.artifactId} Interact with the Patreon API via OAuth From 0d24d2fccca4f7489157838bd2893aedf121ecba Mon Sep 17 00:00:00 2001 From: Stephen Starkey Date: Sat, 13 Aug 2022 09:34:30 -0500 Subject: [PATCH 5/8] Removed unnecessary extraction --- src/main/java/com/patreon/PatreonAPI.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/java/com/patreon/PatreonAPI.java b/src/main/java/com/patreon/PatreonAPI.java index 4764a2c..4ca62aa 100644 --- a/src/main/java/com/patreon/PatreonAPI.java +++ b/src/main/java/com/patreon/PatreonAPI.java @@ -91,9 +91,8 @@ public JSONAPIDocument fetchUser(Collection optionalFields addFieldsParam(pathBuilder, User.class, optionalAndDefaultFields); } - final String suffix = pathBuilder.toString(); return converter.readDocument( - getDataStream(suffix), + getDataStream(pathBuilder.toString()), User.class ); } From 755e308a82f89f88f361f1b6249baf35cbf7b48c Mon Sep 17 00:00:00 2001 From: Stephen Starkey Date: Tue, 20 Sep 2022 15:17:09 -0400 Subject: [PATCH 6/8] Force to snapshot --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7bd0340..65cd5ea 100644 --- a/pom.xml +++ b/pom.xml @@ -78,7 +78,7 @@ and https://issues.apache.org/jira/browse/SUREFIRE-1588 --> com.patreon patreon - 0.4.3 + 0.4.3-SNAPSHOT ${project.groupId}:${project.artifactId} Interact with the Patreon API via OAuth From 6d05b1420bd9dbbdb730a85208aed556935f7b4d Mon Sep 17 00:00:00 2001 From: Stephen Starkey Date: Tue, 20 Sep 2022 15:26:07 -0400 Subject: [PATCH 7/8] Fixed version number --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 51e1c8b..081778f 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Get the artifact from [Maven](http://search.maven.org/#search|ga|1|g%3A%22com.pa     com.patreon     patreon -    0.4.3 +    0.4.3-SNAPSHOT ``` From 70daea955ceda116c4fd3aa883b38c8da6a2f1d3 Mon Sep 17 00:00:00 2001 From: Stephen Starkey Date: Tue, 20 Sep 2022 15:29:17 -0400 Subject: [PATCH 8/8] Latest jsoup --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 65cd5ea..c9bb0c3 100644 --- a/pom.xml +++ b/pom.xml @@ -130,7 +130,7 @@ and https://issues.apache.org/jira/browse/SUREFIRE-1588 --> org.jsoup jsoup - 1.15.2 + 1.15.3 com.google.code.gson