}
- public static final int CURRENT_SCHEMA_VERSION = 35;
+ public static final int CURRENT_SCHEMA_VERSION = 36;
public static final int CONNECTION_TIMEOUT = 24 * 60 * 60;
);
-DROP TABLE IF EXISTS "alerts";
-CREATE TABLE "alerts" (
- "memid" int NOT NULL DEFAULT '0',
- "general" boolean NOT NULL DEFAULT 'false',
- "country" boolean NOT NULL DEFAULT 'false',
- "regional" boolean NOT NULL DEFAULT 'false',
- "radius" boolean NOT NULL DEFAULT 'false',
- PRIMARY KEY ("memid")
-);
-
DROP TABLE IF EXISTS "user_agreements";
CREATE TABLE "user_agreements" (
"id" serial NOT NULL,
"version" smallint NOT NULL,
PRIMARY KEY ("version")
);
-INSERT INTO "schemeVersion" (version) VALUES(35);
+INSERT INTO "schemeVersion" (version) VALUES(36);
DROP TABLE IF EXISTS `passwordResetTickets`;
CREATE TABLE `passwordResetTickets` (
--- /dev/null
+DROP TABLE IF EXISTS "alerts";
this.id = id;
}
- protected CertificateOwner() {
+ /**
+ * This constructor has a dummy parameter to allow callers to do checks
+ * before invoking the super constructor.
+ *
+ * @param dummy
+ * a parameter that is not used to allow callers to do checks
+ * before super constructor invocation.
+ */
+ protected CertificateOwner(Void dummy) {
try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `certOwners` DEFAULT VALUES")) {
ps.execute();
id = ps.lastInsertId();
private String postalAddress;
public Organisation(String name, Country country, String province, String city, String email, String optionalName, String postalAddress, User creator) throws GigiApiException {
- if ( !creator.isInGroup(Group.ORG_AGENT)) {
- throw new GigiApiException("Only Organisation RA Agents may create organisations.");
- }
- if (country == null) {
- throw new GigiApiException("Got country code of illegal type.");
- }
+ super(validate(creator, country));
this.name = name;
this.country = country;
this.province = province;
}
}
+ private static Void validate(User creator, Country country) throws GigiApiException {
+ if ( !creator.isInGroup(Group.ORG_AGENT)) {
+ throw new GigiApiException("Only Organisation RA Agents may create organisations.");
+ }
+ if (country == null) {
+ throw new GigiApiException("Got country code of illegal type.");
+ }
+ return null;
+ }
+
protected Organisation(GigiResultSet rs) throws GigiApiException {
super(rs.getInt("id"));
name = rs.getString("name");
}
public User(String email, String password, DayDate dob, Locale locale, Country residenceCountry, NamePart... preferred) throws GigiApiException {
- // Avoid storing information that obviously won't get through
- if ( !EmailProvider.isValidMailAddress(email)) {
- throw new IllegalArgumentException("Invalid email.");
- }
+ super(validate(email));
this.email = email;
this.dob = dob;
new EmailAddress(this, email, locale);
}
+ private static Void validate(String email) {
+ // Avoid storing information that obviously won't get through
+ if ( !EmailProvider.isValidMailAddress(email)) {
+ throw new IllegalArgumentException("Invalid email.");
+ }
+ return null;
+ }
+
public Name[] getNames() {
try (GigiPreparedStatement gps = new GigiPreparedStatement("SELECT `id` FROM `names` WHERE `uid`=? AND `deleted` IS NULL", true)) {
gps.setInt(1, getId());
import club.wpia.gigi.output.template.Template;
import club.wpia.gigi.pages.LoginPage;
import club.wpia.gigi.util.AuthorizationContext;
+import club.wpia.gigi.util.CalendarUtil;
public class SupportEnterTicketForm extends Form {
private static final Template t = new Template(SupportEnterTicketForm.class.getResource("SupportEnterTicketForm.templ"));
+ public static final String TICKET_PREFIX = "acdhi";
+
public SupportEnterTicketForm(HttpServletRequest hsr) {
super(hsr);
}
@Override
public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
if (req.getParameter("setTicket") != null) {
- // [asdmASDM]\d{8}\.\d+
- String ticket = req.getParameter("ticketno");
- if (ticket.matches("[asdmASDM]\\d{8}\\.\\d+")) {
+ // [acdhi]\d{8}\.\d+ according to numbering scheme
+ String ticket = req.getParameter("ticketno").toLowerCase();
+ if (ticket.matches("[" + TICKET_PREFIX + "]\\d{8}\\.\\d+") && CalendarUtil.isDateValid(ticket.substring(1, 9))) {
AuthorizationContext ac = LoginPage.getAuthorizationContext(req);
req.getSession().setAttribute(Gigi.AUTH_CONTEXT, new AuthorizationContext(ac.getActor(), ticket));
return new RedirectResult(SupportEnterTicketPage.PATH);
private static final Template t = new Template(Signup.class.getResource("Signup.templ"));
- private boolean general = true, country = true, regional = true, radius = true;
-
private CountrySelector cs;
public Signup(HttpServletRequest hsr) {
vars.put("name", ni);
vars.put("dob", myDoB);
vars.put("email", HTMLEncoder.encodeHTML(email));
- vars.put("general", general ? " checked=\"checked\"" : "");
- vars.put("country", country ? " checked=\"checked\"" : "");
- vars.put("regional", regional ? " checked=\"checked\"" : "");
- vars.put("radius", radius ? " checked=\"checked\"" : "");
vars.put("helpOnNames", new SprintfCommand("Help on Names {0}in the wiki{1}", Arrays.asList("!(/wiki/names", "!'</a>")));
vars.put("csrf", getCSRFToken());
vars.put("dobmin", User.MINIMUM_AGE + "");
if (r.getParameter("email") != null) {
email = r.getParameter("email");
}
- general = "1".equals(r.getParameter("general"));
- country = "1".equals(r.getParameter("country"));
- regional = "1".equals(r.getParameter("regional"));
- radius = "1".equals(r.getParameter("radius"));
GigiApiException problems = new GigiApiException();
try {
ni.update(r);
private void run(HttpServletRequest req, String password) throws GigiApiException {
User u = new User(email, password, myDoB.getDate(), Page.getLanguage(req).getLocale(), cs.getCountry(), ni.getNameParts());
-
- try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `alerts` SET `memid`=?," + " `general`=?, `country`=?, `regional`=?, `radius`=?")) {
- ps.setInt(1, u.getId());
- ps.setBoolean(2, general);
- ps.setBoolean(3, country);
- ps.setBoolean(4, regional);
- ps.setBoolean(5, radius);
- ps.execute();
- }
Notary.writeUserAgreement(u, "ToS", "account creation", "", true, 0);
}
<tr>
<td colspan="3"><font color="red">*</font><?=_Your password is one of many factors to protect your account from unauthorised access. A good password is hard to guess, long, and contains a diverse set of characters. For the current requirements and to learn more, visit our !(/wiki/goodPassword)FAQ!'</a>'.?></td>
</tr>
- <tr>
- <td colspan="3"><?=_It's possible to get notifications of up and coming events and even just general announcements, untick any notifications you don't wish to receive. For country, regional and radius notifications to work you must choose your location once you've verified your account and logged in.?></td>
- </tr>
<tr>
- <td valign="top"><?=_Alert me if?>: </td>
- <td align="left">
- <input type="checkbox" name="general" value="1"<?=$!general?>><?=_General Announcements?><br>
- <input type="checkbox" name="country" value="1"<?=$!country?>><?=_Country Announcements?><br>
- <input type="checkbox" name="regional" value="1"<?=$!regional?>><?=_Regional Announcements?><br>
- <input type="checkbox" name="radius" value="1"<?=$!radius?>><?=_Within 200km Announcements?></td>
- <td> </td>
+ <td colspan="3"><input type="checkbox" name="tos_agree" value="1"><?=_I agree to the Terms of Service (!(/policy/ToS)ToS!'</a>').?></td>
</tr>
<tr>
<td colspan="3"><?=_When you click on next, we will send a confirmation email to the email address you have entered above.?></td>
</tr>
- <tr>
- <td colspan="3"><input type="checkbox" name="tos_agree" value="1"><?=_I agree to the Terms of Service (!(/policy/ToS)ToS!'</a>').?></td>
- </tr>
<tr>
<td colspan="3"><input class="btn btn-primary" type="submit" name="process" value="<?=_Next?>"></td>
}
+ /**
+ * @param date
+ * YYYYMMDD
+ */
+ public static boolean isDateValid(String date) {
+ int year = Integer.parseInt(date.substring(0, 4));
+ int month = Integer.parseInt(date.substring(4, 6));
+ int day = Integer.parseInt(date.substring(6, 8));
+ return isDateValid(year, month, day);
+ }
+
public static boolean isOfAge(DayDate dob, int age) {
return isYearsInFuture(dob.start(), age);
}
package club.wpia.gigi.pages.admin;
+import static org.hamcrest.CoreMatchers.*;
+import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.Assert.*;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
+import java.util.Random;
import org.junit.Test;
import club.wpia.gigi.dbObjects.Group;
import club.wpia.gigi.pages.admin.support.FindUserByDomainPage;
import club.wpia.gigi.pages.admin.support.FindUserByEmailPage;
+import club.wpia.gigi.pages.admin.support.SupportEnterTicketForm;
import club.wpia.gigi.pages.admin.support.SupportEnterTicketPage;
import club.wpia.gigi.testUtils.ClientTest;
+import club.wpia.gigi.testUtils.IOUtils;
public class TestSEAdminTicketSetting extends ClientTest {
assertEquals(403, get(FindUserByEmailPage.PATH).getResponseCode());
}
+ @Test
+ public void testSetTicketNumberCharacter() throws MalformedURLException, UnsupportedEncodingException, IOException {
+ String ticket;
+ String alphabet = "abcdefghijklmnopqrstuvwxyz";
+
+ // test allowed character
+ for (char ch : SupportEnterTicketForm.TICKET_PREFIX.toCharArray()) {
+ ticket = ch + "20171212.1";
+ assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action", 0).getResponseCode());
+ ticket = Character.toUpperCase(ch) + "20171212.1";
+ assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action", 0).getResponseCode());
+ alphabet = alphabet.replaceAll(Character.toString(ch), "");
+ }
+
+ // test not allowed character
+ Random rnd = new Random();
+ char ch = alphabet.charAt(rnd.nextInt(alphabet.length()));
+ assertWrongTicketNumber(ch + "20171212.1");
+ }
+
+ @Test
+ public void testSetTicketNumberDatepart() throws MalformedURLException, UnsupportedEncodingException, IOException {
+ char ch = getValidCharacter();
+
+ assertWrongTicketNumber(ch + "220171212.1");
+
+ assertWrongTicketNumber(ch + "0171212.1");
+
+ assertWrongTicketNumber(ch + "20171512.1");
+
+ assertWrongTicketNumber(ch + "20170229.1");
+
+ assertWrongTicketNumber(ch + ch + "20171212.1");
+
+ assertWrongTicketNumber("20171212.1");
+
+ assertWrongTicketNumber(ch + "20171212" + ch + ".1");
+
+ assertWrongTicketNumber(ch + "201721" + ch + "21.1");
+ }
+
+ @Test
+ public void testSetTicketNumberNumberpart() throws MalformedURLException, UnsupportedEncodingException, IOException {
+ char ch = getValidCharacter();
+
+ assertWrongTicketNumber(ch + "20171212.");
+
+ assertWrongTicketNumber(ch + "20171212");
+
+ assertWrongTicketNumber(ch + "20171212.1" + ch);
+
+ }
+
+ private char getValidCharacter() {
+ Random rnd = new Random();
+ return SupportEnterTicketForm.TICKET_PREFIX.charAt(rnd.nextInt(SupportEnterTicketForm.TICKET_PREFIX.length()));
+ }
+
+ private void assertWrongTicketNumber(String ticket) throws IOException {
+ String res = IOUtils.readURL(post(SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action"));
+ assertThat(res, containsString("Ticket format malformed"));
+ }
}
String defaultSignup = "fname=" + URLEncoder.encode("ab", "UTF-8") + "&lname=" + URLEncoder.encode("b", "UTF-8") + "&pword1=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") + "&pword2=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") + "&day=1&month=1&year=1910&tos_agree=1&mname=mn&suffix=sf&email=";
- String query = defaultSignup + URLEncoder.encode("correct3_" + uniq + "@email.de", "UTF-8") + "&general=1&country=1®ional=1&radius=1&name-type=western";
+ String query = defaultSignup + URLEncoder.encode("correct3_" + uniq + "@email.de", "UTF-8") + "&name-type=western";
String data = fetchStartErrorMessage(runRegister(query));
assertNull(data);
assertSuccessfullRegMail("correct3_" + uniq + "@email.de");
getMailReceiver().setEmailCheckError("400 Greylisted");
getMailReceiver().setApproveRegex(Pattern.compile("a"));
- query = defaultSignup + URLEncoder.encode("correct4_" + uniq + "@email.de", "UTF-8") + "&general=1&country=1®ional=1&radius=1";
+ query = defaultSignup + URLEncoder.encode("correct4_" + uniq + "@email.de", "UTF-8");
data = fetchStartErrorMessage(runRegister(query));
assertNotNull(data);
assertThat(run, containsString("<option selected=\"selected\">28</option>"));
}
- @Test
- public void testCheckboxesStay() throws IOException {
- String run2 = runRegister("general=1&country=a®ional=1&radius=0");
- assertThat(run2, containsString("name=\"general\" value=\"1\" checked=\"checked\">"));
- assertThat(run2, containsString("name=\"country\" value=\"1\">"));
- assertThat(run2, containsString("name=\"regional\" value=\"1\" checked=\"checked\">"));
- assertThat(run2, containsString("name=\"radius\" value=\"1\">"));
- run2 = runRegister("general=0&country=1&radius=1");
- assertThat(run2, containsString("name=\"general\" value=\"1\">"));
- assertThat(run2, containsString("name=\"country\" value=\"1\" checked=\"checked\">"));
- assertThat(run2, containsString("name=\"regional\" value=\"1\">"));
- assertThat(run2, containsString("name=\"radius\" value=\"1\" checked=\"checked\">"));
- }
-
@Test
public void testDoubleMail() throws IOException {
long uniq = System.currentTimeMillis();
String defaultSignup = "fname=" + URLEncoder.encode("ab", "UTF-8") + "&lname=" + URLEncoder.encode("b", "UTF-8") + "&pword1=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") + "&pword2=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") + "&day=1&month=1&year=1910&tos_agree=1&mname=mn&suffix=sf&email=";
- String query = defaultSignup + URLEncoder.encode(email, "UTF-8") + "&general=1&country=1®ional=1&radius=1&name-type=western&residenceCountry=DE";
+ String query = defaultSignup + URLEncoder.encode(email, "UTF-8") + "&name-type=western&residenceCountry=DE";
String data = fetchStartErrorMessage(runRegister(query));
assertNull(data);
User u = User.getByEmail(email);
String defaultSignup = "fname=" + URLEncoder.encode("ab", "UTF-8") + "&lname=" + URLEncoder.encode("b", "UTF-8") + "&pword1=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") + "&pword2=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") + "&day=1&month=1&year=1910&tos_agree=1&mname=mn&suffix=sf&email=";
- String query = defaultSignup + URLEncoder.encode(email, "UTF-8") + "&general=1&country=1®ional=1&radius=1&name-type=western&residenceCountry=invalid";
+ String query = defaultSignup + URLEncoder.encode(email, "UTF-8") + "&name-type=western&residenceCountry=invalid";
String data = fetchStartErrorMessage(runRegister(query));
assertNull(data);
User u = User.getByEmail(email);