this.id = id;
}
- protected CertificateOwner() {
+ /**
+ * This constructor has a dummy parameter to allow callers to do checks
+ * before invoking the super constructor.
+ *
+ * @param dummy
+ * a parameter that is not used to allow callers to do checks
+ * before super constructor invocation.
+ */
+ protected CertificateOwner(Void dummy) {
try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `certOwners` DEFAULT VALUES")) {
ps.execute();
id = ps.lastInsertId();
private String postalAddress;
public Organisation(String name, Country country, String province, String city, String email, String optionalName, String postalAddress, User creator) throws GigiApiException {
- if ( !creator.isInGroup(Group.ORG_AGENT)) {
- throw new GigiApiException("Only Organisation RA Agents may create organisations.");
- }
- if (country == null) {
- throw new GigiApiException("Got country code of illegal type.");
- }
+ super(validate(creator, country));
this.name = name;
this.country = country;
this.province = province;
}
}
+ private static Void validate(User creator, Country country) throws GigiApiException {
+ if ( !creator.isInGroup(Group.ORG_AGENT)) {
+ throw new GigiApiException("Only Organisation RA Agents may create organisations.");
+ }
+ if (country == null) {
+ throw new GigiApiException("Got country code of illegal type.");
+ }
+ return null;
+ }
+
protected Organisation(GigiResultSet rs) throws GigiApiException {
super(rs.getInt("id"));
name = rs.getString("name");
}
public User(String email, String password, DayDate dob, Locale locale, Country residenceCountry, NamePart... preferred) throws GigiApiException {
- // Avoid storing information that obviously won't get through
- if ( !EmailProvider.isValidMailAddress(email)) {
- throw new IllegalArgumentException("Invalid email.");
- }
+ super(validate(email));
this.email = email;
this.dob = dob;
new EmailAddress(this, email, locale);
}
+ private static Void validate(String email) {
+ // Avoid storing information that obviously won't get through
+ if ( !EmailProvider.isValidMailAddress(email)) {
+ throw new IllegalArgumentException("Invalid email.");
+ }
+ return null;
+ }
+
public Name[] getNames() {
try (GigiPreparedStatement gps = new GigiPreparedStatement("SELECT `id` FROM `names` WHERE `uid`=? AND `deleted` IS NULL", true)) {
gps.setInt(1, getId());
import club.wpia.gigi.output.template.Template;
import club.wpia.gigi.pages.LoginPage;
import club.wpia.gigi.util.AuthorizationContext;
+import club.wpia.gigi.util.CalendarUtil;
public class SupportEnterTicketForm extends Form {
private static final Template t = new Template(SupportEnterTicketForm.class.getResource("SupportEnterTicketForm.templ"));
+ public static final String TICKET_PREFIX = "acdhi";
+
public SupportEnterTicketForm(HttpServletRequest hsr) {
super(hsr);
}
@Override
public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
if (req.getParameter("setTicket") != null) {
- // [asdmASDM]\d{8}\.\d+
- String ticket = req.getParameter("ticketno");
- if (ticket.matches("[asdmASDM]\\d{8}\\.\\d+")) {
+ // [acdhi]\d{8}\.\d+ according to numbering scheme
+ String ticket = req.getParameter("ticketno").toLowerCase();
+ if (ticket.matches("[" + TICKET_PREFIX + "]\\d{8}\\.\\d+") && CalendarUtil.isDateValid(ticket.substring(1, 9))) {
AuthorizationContext ac = LoginPage.getAuthorizationContext(req);
req.getSession().setAttribute(Gigi.AUTH_CONTEXT, new AuthorizationContext(ac.getActor(), ticket));
return new RedirectResult(SupportEnterTicketPage.PATH);
}
+ /**
+ * @param date
+ * YYYYMMDD
+ */
+ public static boolean isDateValid(String date) {
+ int year = Integer.parseInt(date.substring(0, 4));
+ int month = Integer.parseInt(date.substring(4, 6));
+ int day = Integer.parseInt(date.substring(6, 8));
+ return isDateValid(year, month, day);
+ }
+
public static boolean isOfAge(DayDate dob, int age) {
return isYearsInFuture(dob.start(), age);
}
package club.wpia.gigi.pages.admin;
+import static org.hamcrest.CoreMatchers.*;
+import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.Assert.*;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
+import java.util.Random;
import org.junit.Test;
import club.wpia.gigi.dbObjects.Group;
import club.wpia.gigi.pages.admin.support.FindUserByDomainPage;
import club.wpia.gigi.pages.admin.support.FindUserByEmailPage;
+import club.wpia.gigi.pages.admin.support.SupportEnterTicketForm;
import club.wpia.gigi.pages.admin.support.SupportEnterTicketPage;
import club.wpia.gigi.testUtils.ClientTest;
+import club.wpia.gigi.testUtils.IOUtils;
public class TestSEAdminTicketSetting extends ClientTest {
assertEquals(403, get(FindUserByEmailPage.PATH).getResponseCode());
}
+ @Test
+ public void testSetTicketNumberCharacter() throws MalformedURLException, UnsupportedEncodingException, IOException {
+ String ticket;
+ String alphabet = "abcdefghijklmnopqrstuvwxyz";
+
+ // test allowed character
+ for (char ch : SupportEnterTicketForm.TICKET_PREFIX.toCharArray()) {
+ ticket = ch + "20171212.1";
+ assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action", 0).getResponseCode());
+ ticket = Character.toUpperCase(ch) + "20171212.1";
+ assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action", 0).getResponseCode());
+ alphabet = alphabet.replaceAll(Character.toString(ch), "");
+ }
+
+ // test not allowed character
+ Random rnd = new Random();
+ char ch = alphabet.charAt(rnd.nextInt(alphabet.length()));
+ assertWrongTicketNumber(ch + "20171212.1");
+ }
+
+ @Test
+ public void testSetTicketNumberDatepart() throws MalformedURLException, UnsupportedEncodingException, IOException {
+ char ch = getValidCharacter();
+
+ assertWrongTicketNumber(ch + "220171212.1");
+
+ assertWrongTicketNumber(ch + "0171212.1");
+
+ assertWrongTicketNumber(ch + "20171512.1");
+
+ assertWrongTicketNumber(ch + "20170229.1");
+
+ assertWrongTicketNumber(ch + ch + "20171212.1");
+
+ assertWrongTicketNumber("20171212.1");
+
+ assertWrongTicketNumber(ch + "20171212" + ch + ".1");
+
+ assertWrongTicketNumber(ch + "201721" + ch + "21.1");
+ }
+
+ @Test
+ public void testSetTicketNumberNumberpart() throws MalformedURLException, UnsupportedEncodingException, IOException {
+ char ch = getValidCharacter();
+
+ assertWrongTicketNumber(ch + "20171212.");
+
+ assertWrongTicketNumber(ch + "20171212");
+
+ assertWrongTicketNumber(ch + "20171212.1" + ch);
+
+ }
+
+ private char getValidCharacter() {
+ Random rnd = new Random();
+ return SupportEnterTicketForm.TICKET_PREFIX.charAt(rnd.nextInt(SupportEnterTicketForm.TICKET_PREFIX.length()));
+ }
+
+ private void assertWrongTicketNumber(String ticket) throws IOException {
+ String res = IOUtils.readURL(post(SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action"));
+ assertThat(res, containsString("Ticket format malformed"));
+ }
}