chore: include hotfix-SD-1391 (#26135)

dotCMS · Sep 15, 2023 · f68fa30 · f68fa30
1 parent dcd24f3
commit f68fa30
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 2 deletions.
diff --git a/dotCMS/src/main/java/com/dotcms/rest/WebResource.java b/dotCMS/src/main/java/com/dotcms/rest/WebResource.java
@@ -258,8 +258,10 @@ public User authenticate(HttpServletRequest request, Map<String, String> params,
             user = getFrontEndUserFromRequest(request, userWebAPI);
         }
 
-        if(user == null && (Config.getBooleanProperty("REST_API_REJECT_WITH_NO_USER", false) || rejectWhenNoUser) ) {
-
+        if((user == null || user.equals(this.getAnonymousUser()))
+                && (Config.getBooleanProperty("REST_API_REJECT_WITH_NO_USER", false) || rejectWhenNoUser)) {
+            Logger.info(this, "No authenticated user, and anonymous user rejected, returning Invalid User error"
+                    + ", request URL: " + request.getRequestURI());
             throw new SecurityException("Invalid User", Response.Status.UNAUTHORIZED);
         } else if(user == null) {
             user = this.getAnonymousUser();

diff --git a/dotCMS/src/main/java/com/dotcms/rest/api/v1/user/UserResource.java b/dotCMS/src/main/java/com/dotcms/rest/api/v1/user/UserResource.java
@@ -233,7 +233,20 @@ public final Response update(@Context final HttpServletRequest request,
 	@NoCache
 	@Produces({ MediaType.APPLICATION_JSON, "application/javascript" })
 	public Response filter(@Context final HttpServletRequest request, @PathParam("params") final String params) {
+		Logger.info(this, "Request to retrieve list of dotCMS users");
 		final InitDataObject initData = webResource.init(params, true, request, true, null);
+
+		final User user = initData.getUser();
+		User anonymousUser = null;
+		try {
+			anonymousUser = APILocator.getUserAPI().getAnonymousUser();
+		} catch (DotDataException e) {
+			Logger.error(this, "Error trying to get anonymous user", e);
+		}
+		Logger.info(this, "Logged-in user retrieving list of dotCMS users: "
+				+ (user == null ? "(no-user)" : user.getUserId() + " - "
+				+ (user.equals(anonymousUser) ? "this is anonymous user" : "not anonymous user")));
+
 		final Map<String, String> urlParams = initData.getParamsMap();
 		Map<String, Object> userList = null;
 		try {
@@ -249,6 +262,9 @@ public Response filter(@Context final HttpServletRequest request, @PathParam("pa
 			Logger.error(this, "An error occurred when processing the request.", e);
 			return ExceptionMapperUtil.createResponse(e, Response.Status.INTERNAL_SERVER_ERROR);
 		}
+
+		Logger.info(this, "Retrieved list of dotCMS users requested by: "
+				+ (user == null ? "(no-user)" : user.getUserId()));
 		return Response.ok(new ResponseEntityView(userList)).build();
 	}