import club.wpia.gigi.output.template.Template;
import club.wpia.gigi.pages.LoginPage;
import club.wpia.gigi.util.AuthorizationContext;
+import club.wpia.gigi.util.CalendarUtil;
public class SupportEnterTicketForm extends Form {
private static final Template t = new Template(SupportEnterTicketForm.class.getResource("SupportEnterTicketForm.templ"));
+ public static final String TICKET_PREFIX = "acdhi";
+
public SupportEnterTicketForm(HttpServletRequest hsr) {
super(hsr);
}
@Override
public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
if (req.getParameter("setTicket") != null) {
- // [asdmASDM]\d{8}\.\d+
- String ticket = req.getParameter("ticketno");
- if (ticket.matches("[asdmASDM]\\d{8}\\.\\d+")) {
+ // [acdhi]\d{8}\.\d+ according to numbering scheme
+ String ticket = req.getParameter("ticketno").toLowerCase();
+ if (ticket.matches("[" + TICKET_PREFIX + "]\\d{8}\\.\\d+") && CalendarUtil.isDateValid(ticket.substring(1, 9))) {
AuthorizationContext ac = LoginPage.getAuthorizationContext(req);
req.getSession().setAttribute(Gigi.AUTH_CONTEXT, new AuthorizationContext(ac.getActor(), ticket));
return new RedirectResult(SupportEnterTicketPage.PATH);
package club.wpia.gigi.pages.admin;
+import static org.hamcrest.CoreMatchers.*;
+import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.Assert.*;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
+import java.util.Random;
import org.junit.Test;
import club.wpia.gigi.dbObjects.Group;
import club.wpia.gigi.pages.admin.support.FindUserByDomainPage;
import club.wpia.gigi.pages.admin.support.FindUserByEmailPage;
+import club.wpia.gigi.pages.admin.support.SupportEnterTicketForm;
import club.wpia.gigi.pages.admin.support.SupportEnterTicketPage;
import club.wpia.gigi.testUtils.ClientTest;
+import club.wpia.gigi.testUtils.IOUtils;
public class TestSEAdminTicketSetting extends ClientTest {
assertEquals(403, get(FindUserByEmailPage.PATH).getResponseCode());
}
+ @Test
+ public void testSetTicketNumberCharacter() throws MalformedURLException, UnsupportedEncodingException, IOException {
+ String ticket;
+ String alphabet = "abcdefghijklmnopqrstuvwxyz";
+
+ // test allowed character
+ for (char ch : SupportEnterTicketForm.TICKET_PREFIX.toCharArray()) {
+ ticket = ch + "20171212.1";
+ assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action", 0).getResponseCode());
+ ticket = Character.toUpperCase(ch) + "20171212.1";
+ assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action", 0).getResponseCode());
+ alphabet = alphabet.replaceAll(Character.toString(ch), "");
+ }
+
+ // test not allowed character
+ Random rnd = new Random();
+ char ch = alphabet.charAt(rnd.nextInt(alphabet.length()));
+ assertWrongTicketNumber(ch + "20171212.1");
+ }
+
+ @Test
+ public void testSetTicketNumberDatepart() throws MalformedURLException, UnsupportedEncodingException, IOException {
+ char ch = getValidCharacter();
+
+ assertWrongTicketNumber(ch + "220171212.1");
+
+ assertWrongTicketNumber(ch + "0171212.1");
+
+ assertWrongTicketNumber(ch + "20171512.1");
+
+ assertWrongTicketNumber(ch + "20170229.1");
+
+ assertWrongTicketNumber(ch + ch + "20171212.1");
+
+ assertWrongTicketNumber("20171212.1");
+
+ assertWrongTicketNumber(ch + "20171212" + ch + ".1");
+
+ assertWrongTicketNumber(ch + "201721" + ch + "21.1");
+ }
+
+ @Test
+ public void testSetTicketNumberNumberpart() throws MalformedURLException, UnsupportedEncodingException, IOException {
+ char ch = getValidCharacter();
+
+ assertWrongTicketNumber(ch + "20171212.");
+
+ assertWrongTicketNumber(ch + "20171212");
+
+ assertWrongTicketNumber(ch + "20171212.1" + ch);
+
+ }
+
+ private char getValidCharacter() {
+ Random rnd = new Random();
+ return SupportEnterTicketForm.TICKET_PREFIX.charAt(rnd.nextInt(SupportEnterTicketForm.TICKET_PREFIX.length()));
+ }
+
+ private void assertWrongTicketNumber(String ticket) throws IOException {
+ String res = IOUtils.readURL(post(SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action"));
+ assertThat(res, containsString("Ticket format malformed"));
+ }
}