import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.Organisation;
+import org.cacert.gigi.email.EmailProvider;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.SprintfCommand;
import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.pages.LoginPage;
if (action == null) {
return false;
}
- if (action.equals("new")) {
- o = req.getParameter("O");
- c = req.getParameter("C");
- st = req.getParameter("ST");
- l = req.getParameter("L");
- email = req.getParameter("contact");
- optionalName = req.getParameter("optionalName");
- postalAddress = req.getParameter("postalAddress");
+ if (action.equals("new")) {
+ checkCertData(req);
+ checkOrganisationData(req);
Organisation ne = new Organisation(o, c, st, l, email, optionalName, postalAddress, LoginPage.getUser(req));
result = ne;
return true;
} else if (action.equals("updateOrganisationData")) {
- updateOrganisationData(out, req);
+ checkOrganisationData(req);
+ result.updateOrgData(email, optionalName, postalAddress);
return true;
} else if (action.equals("updateCertificateData")) {
- updateCertificateData(out, req);
+ checkCertData(req);
+ result.updateCertData(o, c, st, l);
return true;
}
return false;
}
- private void updateOrganisationData(PrintWriter out, HttpServletRequest req) throws GigiApiException {
- email = req.getParameter("contact");
- optionalName = req.getParameter("optionalName");
- postalAddress = req.getParameter("postalAddress");
-
- result.updateOrgData(email, optionalName, postalAddress);
+ private void checkOrganisationData(HttpServletRequest req) throws GigiApiException {
+ email = extractParam(req, "contact");
+ optionalName = extractParam(req, "optionalName");
+ postalAddress = extractParam(req, "postalAddress");
+ if ( !EmailProvider.MAIL.matcher(email).matches()) {
+ throw new GigiApiException("Contact email is not a valid email address");
+ }
}
- private void updateCertificateData(PrintWriter out, HttpServletRequest req) throws GigiApiException {
- o = req.getParameter("O");
- c = req.getParameter("C");
- st = req.getParameter("ST");
- l = req.getParameter("L");
+ private void checkCertData(HttpServletRequest req) throws GigiApiException {
+ o = extractParam(req, "O");
+ c = extractParam(req, "C");
+ st = extractParam(req, "ST");
+ l = extractParam(req, "L");
+
+ if (o.length() > 64 || o.length() < 1) {
+ throw new GigiApiException(SprintfCommand.createSimple("{0} not given or longer than {1} characters", "Organisation name", 64));
+ }
+ if (c.length() != 2) {
+ throw new GigiApiException(SprintfCommand.createSimple("{0} not given or not exactly {1} characters long", "Country code", 2));
+ }
- result.updateCertData(o, c, st, l);
+ if (st.length() > 128 || st.length() < 1) {
+ throw new GigiApiException(SprintfCommand.createSimple("{0} not given or longer than {1} characters", "State/county", 128));
+ }
+
+ if (l.length() > 128 || l.length() < 1) {
+ throw new GigiApiException(SprintfCommand.createSimple("{0} not given or longer than {1} characters", "Town/suburb", 128));
+ }
+ }
+
+ private String extractParam(HttpServletRequest req, String name) {
+ String parameter = req.getParameter(name);
+ if (parameter == null) {
+ return "";
+ }
+ return parameter.trim();
}
public Organisation getResult() {
for (Organisation i : Organisation.getOrganisations(0, 30)) {
i.delete();
}
- executeBasicWebInteraction(cookie, CreateOrgPage.DEFAULT_PATH, "action=new&O=name&contact=mail&L=K%C3%B6ln&ST=" + URLEncoder.encode(DIFFICULT_CHARS, "UTF-8") + "&C=DE&comments=jkl%C3%B6loiuzfdfgjlh%C3%B6&optionalName=opname&postalAddress=postaladdress", 0);
+ executeBasicWebInteraction(cookie, CreateOrgPage.DEFAULT_PATH, "action=new&O=name&contact=mail@serv.tld&L=K%C3%B6ln&ST=" + URLEncoder.encode(DIFFICULT_CHARS, "UTF-8") + "&C=DE&comments=jkl%C3%B6loiuzfdfgjlh%C3%B6&optionalName=opname&postalAddress=postaladdress", 0);
Organisation[] orgs = Organisation.getOrganisations(0, 30);
assertEquals(1, orgs.length);
- assertEquals("mail", orgs[0].getContactEmail());
+ assertEquals("mail@serv.tld", orgs[0].getContactEmail());
assertEquals("name", orgs[0].getName());
assertEquals("Köln", orgs[0].getCity());
assertEquals(DIFFICULT_CHARS, orgs[0].getProvince());