From: Felix Dörre Date: Mon, 25 Dec 2017 01:40:34 +0000 (+0100) Subject: Merge "upd: remove alert settings from register process" X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=7108b955eb9f66e5b2c65f43cde31aa009d7b44a;hp=ece99b99f40ab1fc1d0a1d2c3a346411a13e8c4f Merge "upd: remove alert settings from register process" --- diff --git a/src/club/wpia/gigi/dbObjects/CertificateOwner.java b/src/club/wpia/gigi/dbObjects/CertificateOwner.java index f608b2fc..007d98d3 100644 --- a/src/club/wpia/gigi/dbObjects/CertificateOwner.java +++ b/src/club/wpia/gigi/dbObjects/CertificateOwner.java @@ -24,7 +24,15 @@ public abstract class CertificateOwner implements IdCachable, Serializable { this.id = id; } - protected CertificateOwner() { + /** + * This constructor has a dummy parameter to allow callers to do checks + * before invoking the super constructor. + * + * @param dummy + * a parameter that is not used to allow callers to do checks + * before super constructor invocation. + */ + protected CertificateOwner(Void dummy) { try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `certOwners` DEFAULT VALUES")) { ps.execute(); id = ps.lastInsertId(); diff --git a/src/club/wpia/gigi/dbObjects/Organisation.java b/src/club/wpia/gigi/dbObjects/Organisation.java index 4ee25d0e..c9754565 100644 --- a/src/club/wpia/gigi/dbObjects/Organisation.java +++ b/src/club/wpia/gigi/dbObjects/Organisation.java @@ -68,12 +68,7 @@ public class Organisation extends CertificateOwner { private String postalAddress; public Organisation(String name, Country country, String province, String city, String email, String optionalName, String postalAddress, User creator) throws GigiApiException { - if ( !creator.isInGroup(Group.ORG_AGENT)) { - throw new GigiApiException("Only Organisation RA Agents may create organisations."); - } - if (country == null) { - throw new GigiApiException("Got country code of illegal type."); - } + super(validate(creator, country)); this.name = name; this.country = country; this.province = province; @@ -98,6 +93,16 @@ public class Organisation extends CertificateOwner { } } + private static Void validate(User creator, Country country) throws GigiApiException { + if ( !creator.isInGroup(Group.ORG_AGENT)) { + throw new GigiApiException("Only Organisation RA Agents may create organisations."); + } + if (country == null) { + throw new GigiApiException("Got country code of illegal type."); + } + return null; + } + protected Organisation(GigiResultSet rs) throws GigiApiException { super(rs.getInt("id")); name = rs.getString("name"); diff --git a/src/club/wpia/gigi/dbObjects/User.java b/src/club/wpia/gigi/dbObjects/User.java index cdd00d6f..3c2cd6b0 100644 --- a/src/club/wpia/gigi/dbObjects/User.java +++ b/src/club/wpia/gigi/dbObjects/User.java @@ -105,10 +105,7 @@ public class User extends CertificateOwner { } public User(String email, String password, DayDate dob, Locale locale, Country residenceCountry, NamePart... preferred) throws GigiApiException { - // Avoid storing information that obviously won't get through - if ( !EmailProvider.isValidMailAddress(email)) { - throw new IllegalArgumentException("Invalid email."); - } + super(validate(email)); this.email = email; this.dob = dob; @@ -128,6 +125,14 @@ public class User extends CertificateOwner { new EmailAddress(this, email, locale); } + private static Void validate(String email) { + // Avoid storing information that obviously won't get through + if ( !EmailProvider.isValidMailAddress(email)) { + throw new IllegalArgumentException("Invalid email."); + } + return null; + } + public Name[] getNames() { try (GigiPreparedStatement gps = new GigiPreparedStatement("SELECT `id` FROM `names` WHERE `uid`=? AND `deleted` IS NULL", true)) { gps.setInt(1, getId()); diff --git a/src/club/wpia/gigi/pages/admin/support/SupportEnterTicketForm.java b/src/club/wpia/gigi/pages/admin/support/SupportEnterTicketForm.java index 0a98dfd1..58b2997e 100644 --- a/src/club/wpia/gigi/pages/admin/support/SupportEnterTicketForm.java +++ b/src/club/wpia/gigi/pages/admin/support/SupportEnterTicketForm.java @@ -12,11 +12,14 @@ import club.wpia.gigi.output.template.Form; import club.wpia.gigi.output.template.Template; import club.wpia.gigi.pages.LoginPage; import club.wpia.gigi.util.AuthorizationContext; +import club.wpia.gigi.util.CalendarUtil; public class SupportEnterTicketForm extends Form { private static final Template t = new Template(SupportEnterTicketForm.class.getResource("SupportEnterTicketForm.templ")); + public static final String TICKET_PREFIX = "acdhi"; + public SupportEnterTicketForm(HttpServletRequest hsr) { super(hsr); } @@ -24,9 +27,9 @@ public class SupportEnterTicketForm extends Form { @Override public SubmissionResult submit(HttpServletRequest req) throws GigiApiException { if (req.getParameter("setTicket") != null) { - // [asdmASDM]\d{8}\.\d+ - String ticket = req.getParameter("ticketno"); - if (ticket.matches("[asdmASDM]\\d{8}\\.\\d+")) { + // [acdhi]\d{8}\.\d+ according to numbering scheme + String ticket = req.getParameter("ticketno").toLowerCase(); + if (ticket.matches("[" + TICKET_PREFIX + "]\\d{8}\\.\\d+") && CalendarUtil.isDateValid(ticket.substring(1, 9))) { AuthorizationContext ac = LoginPage.getAuthorizationContext(req); req.getSession().setAttribute(Gigi.AUTH_CONTEXT, new AuthorizationContext(ac.getActor(), ticket)); return new RedirectResult(SupportEnterTicketPage.PATH); diff --git a/src/club/wpia/gigi/util/CalendarUtil.java b/src/club/wpia/gigi/util/CalendarUtil.java index c7b2bb0f..9c4cf70a 100644 --- a/src/club/wpia/gigi/util/CalendarUtil.java +++ b/src/club/wpia/gigi/util/CalendarUtil.java @@ -15,6 +15,17 @@ public class CalendarUtil { } + /** + * @param date + * YYYYMMDD + */ + public static boolean isDateValid(String date) { + int year = Integer.parseInt(date.substring(0, 4)); + int month = Integer.parseInt(date.substring(4, 6)); + int day = Integer.parseInt(date.substring(6, 8)); + return isDateValid(year, month, day); + } + public static boolean isOfAge(DayDate dob, int age) { return isYearsInFuture(dob.start(), age); } diff --git a/tests/club/wpia/gigi/pages/admin/TestSEAdminTicketSetting.java b/tests/club/wpia/gigi/pages/admin/TestSEAdminTicketSetting.java index 59f04279..e20b4944 100644 --- a/tests/club/wpia/gigi/pages/admin/TestSEAdminTicketSetting.java +++ b/tests/club/wpia/gigi/pages/admin/TestSEAdminTicketSetting.java @@ -1,10 +1,13 @@ package club.wpia.gigi.pages.admin; +import static org.hamcrest.CoreMatchers.*; +import static org.hamcrest.MatcherAssert.assertThat; import static org.junit.Assert.*; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.MalformedURLException; +import java.util.Random; import org.junit.Test; @@ -12,8 +15,10 @@ import club.wpia.gigi.GigiApiException; import club.wpia.gigi.dbObjects.Group; import club.wpia.gigi.pages.admin.support.FindUserByDomainPage; import club.wpia.gigi.pages.admin.support.FindUserByEmailPage; +import club.wpia.gigi.pages.admin.support.SupportEnterTicketForm; import club.wpia.gigi.pages.admin.support.SupportEnterTicketPage; import club.wpia.gigi.testUtils.ClientTest; +import club.wpia.gigi.testUtils.IOUtils; public class TestSEAdminTicketSetting extends ClientTest { @@ -32,4 +37,66 @@ public class TestSEAdminTicketSetting extends ClientTest { assertEquals(403, get(FindUserByEmailPage.PATH).getResponseCode()); } + @Test + public void testSetTicketNumberCharacter() throws MalformedURLException, UnsupportedEncodingException, IOException { + String ticket; + String alphabet = "abcdefghijklmnopqrstuvwxyz"; + + // test allowed character + for (char ch : SupportEnterTicketForm.TICKET_PREFIX.toCharArray()) { + ticket = ch + "20171212.1"; + assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action", 0).getResponseCode()); + ticket = Character.toUpperCase(ch) + "20171212.1"; + assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action", 0).getResponseCode()); + alphabet = alphabet.replaceAll(Character.toString(ch), ""); + } + + // test not allowed character + Random rnd = new Random(); + char ch = alphabet.charAt(rnd.nextInt(alphabet.length())); + assertWrongTicketNumber(ch + "20171212.1"); + } + + @Test + public void testSetTicketNumberDatepart() throws MalformedURLException, UnsupportedEncodingException, IOException { + char ch = getValidCharacter(); + + assertWrongTicketNumber(ch + "220171212.1"); + + assertWrongTicketNumber(ch + "0171212.1"); + + assertWrongTicketNumber(ch + "20171512.1"); + + assertWrongTicketNumber(ch + "20170229.1"); + + assertWrongTicketNumber(ch + ch + "20171212.1"); + + assertWrongTicketNumber("20171212.1"); + + assertWrongTicketNumber(ch + "20171212" + ch + ".1"); + + assertWrongTicketNumber(ch + "201721" + ch + "21.1"); + } + + @Test + public void testSetTicketNumberNumberpart() throws MalformedURLException, UnsupportedEncodingException, IOException { + char ch = getValidCharacter(); + + assertWrongTicketNumber(ch + "20171212."); + + assertWrongTicketNumber(ch + "20171212"); + + assertWrongTicketNumber(ch + "20171212.1" + ch); + + } + + private char getValidCharacter() { + Random rnd = new Random(); + return SupportEnterTicketForm.TICKET_PREFIX.charAt(rnd.nextInt(SupportEnterTicketForm.TICKET_PREFIX.length())); + } + + private void assertWrongTicketNumber(String ticket) throws IOException { + String res = IOUtils.readURL(post(SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action")); + assertThat(res, containsString("Ticket format malformed")); + } }