fix: prevent assuring no names when submitting verification form
authorFelix Dörre <felix@dogcraft.de>
Thu, 28 Jul 2016 20:58:30 +0000 (22:58 +0200)
committerFelix Dörre <felix@dogcraft.de>
Fri, 29 Jul 2016 14:36:28 +0000 (16:36 +0200)
Change-Id: I258ad3fd7e508f0d81282ee79fe79cd1a3f54174

src/org/cacert/gigi/pages/wot/AssuranceForm.java
src/org/cacert/gigi/util/Notary.java
tests/org/cacert/gigi/pages/wot/TestAssurance.java

index 6084c321f694dafa7c814fabf040dacc97713914..aca82b917b68fbf6c2433712af1186b930b6ef72 100644 (file)
@@ -168,7 +168,7 @@ public class AssuranceForm extends Form {
             }
         }
         String[] parameterValues = req.getParameterValues("assuredName");
-        HashSet<String> data = new HashSet<>(Arrays.asList(parameterValues==null?new String[0]:parameterValues));
+        HashSet<String> data = new HashSet<>(Arrays.asList(parameterValues == null ? new String[0] : parameterValues));
         for (int i = 0; i < assureeNames.length; i++) {
             selected[i] = data.contains(Integer.toString(assureeNames[i].getId()));
         }
@@ -183,6 +183,9 @@ public class AssuranceForm extends Form {
                 toAssure.add(assureeNames[i]);
             }
         }
+        if (toAssure.size() == 0) {
+            throw new GigiApiException("You must confirm at least one name to verify an account.");
+        }
 
         Notary.assureAll(assurer, assuree, dob, pointsI, location, req.getParameter("date"), type, toAssure.toArray(new Name[toAssure.size()]));
 
index cba93aba8ee78f92a6b40b00252d8bc7c55eaf6b..280bce39d4b45b50a9fea16a1f66405cf60ce349 100644 (file)
@@ -239,6 +239,9 @@ public class Notary {
     }
 
     public synchronized static void assureAll(User assurer, User assuree, DayDate dob, int awarded, String location, String date, AssuranceType type, Name[] toAssure) throws GigiApiException {
+        if (toAssure.length == 0) {
+            throw new GigiApiException("You must confirm at least one name to verify an account.");
+        }
         boolean[] hadLessThan50Points = new boolean[toAssure.length];
         boolean hadTotalLessThan100 = assuree.getAssurancePoints() < 100;
         for (int i = 0; i < toAssure.length; i++) {
index eb488e5df8e83965008de5c5d7b585498d0556ce..915ede7f75ceaff11b6c7dcd935e54f896095383 100644 (file)
@@ -96,6 +96,15 @@ public class TestAssurance extends ManagedTest {
         executeSuccess("date=" + validVerificationDateString() + "&location=testcase&certify=1&rules=1&assertion=1&points=10");
     }
 
+    @Test
+    public void testAssureFormEmpty() throws IOException {
+        URLConnection uc = buildupAssureFormConnection(true);
+        uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&rules=1&assertion=1&points=10").getBytes("UTF-8"));
+        uc.getOutputStream().flush();
+        String data = IOUtils.readURL(uc);
+        assertThat(data, hasError());
+    }
+
     @Test
     public void testAssureFormContanisData() throws IOException {
         URLConnection uc = buildupAssureFormConnection(true);