From 1ba8024b97f93973c7ba05de6f129532c807c25a Mon Sep 17 00:00:00 2001
From: hongwei <hongwei@tesobe.com>
Date: Thu, 23 Nov 2023 12:41:16 +0100
Subject: [PATCH 1/2] bugfix/fixed the regex for UrlValidation

---
 obp-api/src/main/scala/code/api/util/APIUtil.scala | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala
index f952728491..4bf30c6810 100644
--- a/obp-api/src/main/scala/code/api/util/APIUtil.scala
+++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala
@@ -782,7 +782,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
     // redirectUrl = http%3A%2F%2Flocalhost%3A8016%3Foauth_token%3DEBRZBMOPDXEUGGJP421FPFGK01IY2DGM5O3TLVSK%26oauth_verifier%3D63461
     // URLDecoder.decode(urlString,"UTF-8")-->http://localhost:8016?oauth_token=EBRZBMOPDXEUGGJP421FPFGK01IY2DGM5O3TLVSK&oauth_verifier=63461
     val regex =
-      """((([A-Za-z]{3,9}:(?:\/\/)?)(?:[-;:&=\+\$,\w]+@)?[A-Za-z0-9.-]+(:[0-9]+)?|(?:www.|[-;:&=\+\$,\w]+@)[A-Za-z0-9.-]+)((?:\/[\+~%\/.\w-_]*)?\??(?:[-\+=&;%@.\w_]*)#?(?:[\w]*))?)""".r
+      """((([A-Za-z]{3,9}:(?:\/\/)?)(?:[-;:&=\+\$,\w]+@)?[A-Za-z0-9.-]+(:[0-9]+)?|(?:www.|[-;:&=\+\$,\w]+@)[A-Za-z0-9.-]+)((?:\/[\+~%\/.\w-_]*)?\??(?:[-\+=&;%@.\w_\/]*)#?(?:[\w]*))?)""".r
     val decodeUrlValue = URLDecoder.decode(urlString, "UTF-8").trim()
     decodeUrlValue match {
       case regex(_*) if (decodeUrlValue.length <= 2048) => true

From 7be52e423ad0979042304b1278217f80c6dfdf39 Mon Sep 17 00:00:00 2001
From: hongwei <hongwei@tesobe.com>
Date: Thu, 23 Nov 2023 12:52:46 +0100
Subject: [PATCH 2/2] bugfix/fixed the regex for UrlValidation- add test

---
 obp-api/src/test/scala/code/util/APIUtilTest.scala | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/obp-api/src/test/scala/code/util/APIUtilTest.scala b/obp-api/src/test/scala/code/util/APIUtilTest.scala
index 76b037409a..44b3544956 100644
--- a/obp-api/src/test/scala/code/util/APIUtilTest.scala
+++ b/obp-api/src/test/scala/code/util/APIUtilTest.scala
@@ -697,6 +697,15 @@ class APIUtilTest extends FeatureSpec with Matchers with GivenWhenThen with Prop
     APIUtil.getObpFormatOperationId("OBPv3.0.0-getCoreAccountById") should be ("OBPv3.0.0-getCoreAccountById")
     APIUtil.getObpFormatOperationId("xxx") should be ("xxx")
   }
+  
+  feature("test APIUtil.basicUrlValidation method") {
+    val testString1 = "https%3A%2F%2Fapisandbox.openbankproject.com%2Foauth%2Fauthorize%3Fnext%3D%2Fen%2Fusers%2Fmyuser%26oauth_token%3DWTOBT2YRCTMI1BCCF4XAIKRXPLLZDZPFAIL5K03Z%26oauth_verifier%3D45381"
+    val testString2 = "http%3A%2F%2Flocalhost%3A8016%3Foauth_token%3DEBRZBMOPDXEUGGJP421FPFGK01IY2DGM5O3TLVSK%26oauth_verifier%3D63461"
+    
+    APIUtil.basicUrlValidation(testString1) should be (true)
+    APIUtil.basicUrlValidation(testString2) should be (true)
+    
+  }
 
   feature("test APIUtil.getBankIdAccountIdPairsFromUserAuthContexts method") {