add: check for valid entries in organisation form

Change-Id: I52724e5ab62ac17e686a8db889fe34034366b087

diff --git a/src/org/cacert/gigi/database/DatabaseConnection.java b/src/org/cacert/gigi/database/DatabaseConnection.java
index b4f2f0bba895c737573499c20c6e281e50a3cb78..abd4c93d641cb7d734f245695044b592479e0da2 100644 (file)
--- a/src/org/cacert/gigi/database/DatabaseConnection.java
+++ b/src/org/cacert/gigi/database/DatabaseConnection.java
@@ -122,7 +122,7 @@ public class DatabaseConnection {
 
     }
 
 
     }
 

-    public static final int CURRENT_SCHEMA_VERSION = 15;
+    public static final int CURRENT_SCHEMA_VERSION = 16;

 
     public static final int CONNECTION_TIMEOUT = 24 * 60 * 60;
 
 
     public static final int CONNECTION_TIMEOUT = 24 * 60 * 60;
 

diff --git a/src/org/cacert/gigi/database/tableStructure.sql b/src/org/cacert/gigi/database/tableStructure.sql
index 8cd29110b0bc08ed284714082ca2a099b2ecd13e..eddd1a6b31ece7e93b5895bb5ec0be3456618b2e 100644 (file)
--- a/src/org/cacert/gigi/database/tableStructure.sql
+++ b/src/org/cacert/gigi/database/tableStructure.sql
@@ -38,8 +38,8 @@ CREATE TABLE IF NOT EXISTS "organisations" (
   "id" int NOT NULL,
   "name" varchar(64) NOT NULL,
   "state" varchar(2) NOT NULL,
   "id" int NOT NULL,
   "name" varchar(64) NOT NULL,
   "state" varchar(2) NOT NULL,

-  "province" varchar(100) NOT NULL,
-  "city" varchar(100) NOT NULL,
+  "province" varchar(128) NOT NULL,
+  "city" varchar(128) NOT NULL,

   "contactEmail" varchar(100) NOT NULL,
   "creator" int NOT NULL,
   "optional_name" text,
   "contactEmail" varchar(100) NOT NULL,
   "creator" int NOT NULL,
   "optional_name" text,


@@ -376,7 +376,7 @@ CREATE TABLE "schemeVersion" (
   "version" smallint NOT NULL,
   PRIMARY KEY ("version")
 );
   "version" smallint NOT NULL,
   PRIMARY KEY ("version")
 );

-INSERT INTO "schemeVersion" (version)  VALUES(15);
+INSERT INTO "schemeVersion" (version)  VALUES(16);

 
 DROP TABLE IF EXISTS `passwordResetTickets`;
 CREATE TABLE `passwordResetTickets` (
 
 DROP TABLE IF EXISTS `passwordResetTickets`;
 CREATE TABLE `passwordResetTickets` (

diff --git a/src/org/cacert/gigi/database/upgrade/from_15.sql b/src/org/cacert/gigi/database/upgrade/from_15.sql
new file mode 100644 (file)
index 0000000..c7902bb
--- /dev/null
+++ b/src/org/cacert/gigi/database/upgrade/from_15.sql
@@ -0,0 +1,2 @@
+ALTER TABLE "organisations" ALTER "province" TYPE varchar(128);
+ALTER TABLE "organisations" ALTER "city" TYPE varchar(128);

diff --git a/src/org/cacert/gigi/pages/orga/CreateOrgForm.java b/src/org/cacert/gigi/pages/orga/CreateOrgForm.java
index 5e6b35a2a99989e49be3d1a5eebad307a0a31884..57f39d62c6a1e60e7dd7b9351f537ecea8d7809c 100644 (file)
--- a/src/org/cacert/gigi/pages/orga/CreateOrgForm.java
+++ b/src/org/cacert/gigi/pages/orga/CreateOrgForm.java
@@ -7,8 +7,10 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.dbObjects.Organisation;
 
 import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.dbObjects.Organisation;

+import org.cacert.gigi.email.EmailProvider;

 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.template.Form;

+import org.cacert.gigi.output.template.SprintfCommand;

 import org.cacert.gigi.output.template.Template;
 import org.cacert.gigi.pages.LoginPage;
 
 import org.cacert.gigi.output.template.Template;
 import org.cacert.gigi.pages.LoginPage;
 


@@ -57,44 +59,63 @@ public class CreateOrgForm extends Form {
         if (action == null) {
             return false;
         }
         if (action == null) {
             return false;
         }

-        if (action.equals("new")) {
-            o = req.getParameter("O");
-            c = req.getParameter("C");
-            st = req.getParameter("ST");
-            l = req.getParameter("L");
-            email = req.getParameter("contact");
-            optionalName = req.getParameter("optionalName");
-            postalAddress = req.getParameter("postalAddress");

 
 

+        if (action.equals("new")) {
+            checkCertData(req);
+            checkOrganisationData(req);

             Organisation ne = new Organisation(o, c, st, l, email, optionalName, postalAddress, LoginPage.getUser(req));
             result = ne;
             return true;
         } else if (action.equals("updateOrganisationData")) {
             Organisation ne = new Organisation(o, c, st, l, email, optionalName, postalAddress, LoginPage.getUser(req));
             result = ne;
             return true;
         } else if (action.equals("updateOrganisationData")) {

-            updateOrganisationData(out, req);
+            checkOrganisationData(req);
+            result.updateOrgData(email, optionalName, postalAddress);

             return true;
         } else if (action.equals("updateCertificateData")) {
             return true;
         } else if (action.equals("updateCertificateData")) {

-            updateCertificateData(out, req);
+            checkCertData(req);
+            result.updateCertData(o, c, st, l);

             return true;
         }
 
         return false;
     }
 
             return true;
         }
 
         return false;
     }
 

-    private void updateOrganisationData(PrintWriter out, HttpServletRequest req) throws GigiApiException {
-        email = req.getParameter("contact");
-        optionalName = req.getParameter("optionalName");
-        postalAddress = req.getParameter("postalAddress");
-
-        result.updateOrgData(email, optionalName, postalAddress);
+    private void checkOrganisationData(HttpServletRequest req) throws GigiApiException {
+        email = extractParam(req, "contact");
+        optionalName = extractParam(req, "optionalName");
+        postalAddress = extractParam(req, "postalAddress");
+        if ( !EmailProvider.MAIL.matcher(email).matches()) {
+            throw new GigiApiException("Contact email is not a valid email address");
+        }

     }
 
     }
 

-    private void updateCertificateData(PrintWriter out, HttpServletRequest req) throws GigiApiException {
-        o = req.getParameter("O");
-        c = req.getParameter("C");
-        st = req.getParameter("ST");
-        l = req.getParameter("L");
+    private void checkCertData(HttpServletRequest req) throws GigiApiException {
+        o = extractParam(req, "O");
+        c = extractParam(req, "C");
+        st = extractParam(req, "ST");
+        l = extractParam(req, "L");
+
+        if (o.length() > 64 || o.length() < 1) {
+            throw new GigiApiException(SprintfCommand.createSimple("{0} not given or longer than {1} characters", "Organisation name", 64));
+        }
+        if (c.length() != 2) {
+            throw new GigiApiException(SprintfCommand.createSimple("{0} not given or not exactly {1} characters long", "Country code", 2));
+        }

 
 

-        result.updateCertData(o, c, st, l);
+        if (st.length() > 128 || st.length() < 1) {
+            throw new GigiApiException(SprintfCommand.createSimple("{0} not given or longer than {1} characters", "State/county", 128));
+        }
+
+        if (l.length() > 128 || l.length() < 1) {
+            throw new GigiApiException(SprintfCommand.createSimple("{0} not given or longer than {1} characters", "Town/suburb", 128));
+        }
+    }
+
+    private String extractParam(HttpServletRequest req, String name) {
+        String parameter = req.getParameter(name);
+        if (parameter == null) {
+            return "";
+        }
+        return parameter.trim();

     }
 
     public Organisation getResult() {
     }
 
     public Organisation getResult() {

diff --git a/tests/org/cacert/gigi/pages/orga/TestOrgManagement.java b/tests/org/cacert/gigi/pages/orga/TestOrgManagement.java
index 80db6bde912939eb5cb3af3fcd7125367203d0a7..72767106423c459751fe166a6f59b155052d1299 100644 (file)
--- a/tests/org/cacert/gigi/pages/orga/TestOrgManagement.java
+++ b/tests/org/cacert/gigi/pages/orga/TestOrgManagement.java
@@ -36,10 +36,10 @@ public class TestOrgManagement extends OrgTest {
         for (Organisation i : Organisation.getOrganisations(0, 30)) {
             i.delete();
         }
         for (Organisation i : Organisation.getOrganisations(0, 30)) {
             i.delete();
         }

-        executeBasicWebInteraction(cookie, CreateOrgPage.DEFAULT_PATH, "action=new&O=name&contact=mail&L=K%C3%B6ln&ST=" + URLEncoder.encode(DIFFICULT_CHARS, "UTF-8") + "&C=DE&comments=jkl%C3%B6loiuzfdfgjlh%C3%B6&optionalName=opname&postalAddress=postaladdress", 0);
+        executeBasicWebInteraction(cookie, CreateOrgPage.DEFAULT_PATH, "action=new&O=name&contact=mail@serv.tld&L=K%C3%B6ln&ST=" + URLEncoder.encode(DIFFICULT_CHARS, "UTF-8") + "&C=DE&comments=jkl%C3%B6loiuzfdfgjlh%C3%B6&optionalName=opname&postalAddress=postaladdress", 0);

         Organisation[] orgs = Organisation.getOrganisations(0, 30);
         assertEquals(1, orgs.length);
         Organisation[] orgs = Organisation.getOrganisations(0, 30);
         assertEquals(1, orgs.length);

-        assertEquals("mail", orgs[0].getContactEmail());
+        assertEquals("mail@serv.tld", orgs[0].getContactEmail());

         assertEquals("name", orgs[0].getName());
         assertEquals("Köln", orgs[0].getCity());
         assertEquals(DIFFICULT_CHARS, orgs[0].getProvince());
         assertEquals("name", orgs[0].getName());
         assertEquals("Köln", orgs[0].getCity());
         assertEquals(DIFFICULT_CHARS, orgs[0].getProvince());