From: INOPIAE Date: Fri, 1 Jul 2016 19:05:06 +0000 (+0200) Subject: add: check for valid entries in organisation form X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=cee46f66ee6e45667adf46a9a8b5df040bc61e21 add: check for valid entries in organisation form Change-Id: I52724e5ab62ac17e686a8db889fe34034366b087 --- diff --git a/src/org/cacert/gigi/database/DatabaseConnection.java b/src/org/cacert/gigi/database/DatabaseConnection.java index b4f2f0bb..abd4c93d 100644 --- a/src/org/cacert/gigi/database/DatabaseConnection.java +++ b/src/org/cacert/gigi/database/DatabaseConnection.java @@ -122,7 +122,7 @@ public class DatabaseConnection { } - public static final int CURRENT_SCHEMA_VERSION = 15; + public static final int CURRENT_SCHEMA_VERSION = 16; public static final int CONNECTION_TIMEOUT = 24 * 60 * 60; diff --git a/src/org/cacert/gigi/database/tableStructure.sql b/src/org/cacert/gigi/database/tableStructure.sql index 8cd29110..eddd1a6b 100644 --- a/src/org/cacert/gigi/database/tableStructure.sql +++ b/src/org/cacert/gigi/database/tableStructure.sql @@ -38,8 +38,8 @@ CREATE TABLE IF NOT EXISTS "organisations" ( "id" int NOT NULL, "name" varchar(64) NOT NULL, "state" varchar(2) NOT NULL, - "province" varchar(100) NOT NULL, - "city" varchar(100) NOT NULL, + "province" varchar(128) NOT NULL, + "city" varchar(128) NOT NULL, "contactEmail" varchar(100) NOT NULL, "creator" int NOT NULL, "optional_name" text, @@ -376,7 +376,7 @@ CREATE TABLE "schemeVersion" ( "version" smallint NOT NULL, PRIMARY KEY ("version") ); -INSERT INTO "schemeVersion" (version) VALUES(15); +INSERT INTO "schemeVersion" (version) VALUES(16); DROP TABLE IF EXISTS `passwordResetTickets`; CREATE TABLE `passwordResetTickets` ( diff --git a/src/org/cacert/gigi/database/upgrade/from_15.sql b/src/org/cacert/gigi/database/upgrade/from_15.sql new file mode 100644 index 00000000..c7902bb9 --- /dev/null +++ b/src/org/cacert/gigi/database/upgrade/from_15.sql @@ -0,0 +1,2 @@ +ALTER TABLE "organisations" ALTER "province" TYPE varchar(128); +ALTER TABLE "organisations" ALTER "city" TYPE varchar(128); diff --git a/src/org/cacert/gigi/pages/orga/CreateOrgForm.java b/src/org/cacert/gigi/pages/orga/CreateOrgForm.java index 5e6b35a2..57f39d62 100644 --- a/src/org/cacert/gigi/pages/orga/CreateOrgForm.java +++ b/src/org/cacert/gigi/pages/orga/CreateOrgForm.java @@ -7,8 +7,10 @@ import javax.servlet.http.HttpServletRequest; import org.cacert.gigi.GigiApiException; import org.cacert.gigi.dbObjects.Organisation; +import org.cacert.gigi.email.EmailProvider; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.template.Form; +import org.cacert.gigi.output.template.SprintfCommand; import org.cacert.gigi.output.template.Template; import org.cacert.gigi.pages.LoginPage; @@ -57,44 +59,63 @@ public class CreateOrgForm extends Form { if (action == null) { return false; } - if (action.equals("new")) { - o = req.getParameter("O"); - c = req.getParameter("C"); - st = req.getParameter("ST"); - l = req.getParameter("L"); - email = req.getParameter("contact"); - optionalName = req.getParameter("optionalName"); - postalAddress = req.getParameter("postalAddress"); + if (action.equals("new")) { + checkCertData(req); + checkOrganisationData(req); Organisation ne = new Organisation(o, c, st, l, email, optionalName, postalAddress, LoginPage.getUser(req)); result = ne; return true; } else if (action.equals("updateOrganisationData")) { - updateOrganisationData(out, req); + checkOrganisationData(req); + result.updateOrgData(email, optionalName, postalAddress); return true; } else if (action.equals("updateCertificateData")) { - updateCertificateData(out, req); + checkCertData(req); + result.updateCertData(o, c, st, l); return true; } return false; } - private void updateOrganisationData(PrintWriter out, HttpServletRequest req) throws GigiApiException { - email = req.getParameter("contact"); - optionalName = req.getParameter("optionalName"); - postalAddress = req.getParameter("postalAddress"); - - result.updateOrgData(email, optionalName, postalAddress); + private void checkOrganisationData(HttpServletRequest req) throws GigiApiException { + email = extractParam(req, "contact"); + optionalName = extractParam(req, "optionalName"); + postalAddress = extractParam(req, "postalAddress"); + if ( !EmailProvider.MAIL.matcher(email).matches()) { + throw new GigiApiException("Contact email is not a valid email address"); + } } - private void updateCertificateData(PrintWriter out, HttpServletRequest req) throws GigiApiException { - o = req.getParameter("O"); - c = req.getParameter("C"); - st = req.getParameter("ST"); - l = req.getParameter("L"); + private void checkCertData(HttpServletRequest req) throws GigiApiException { + o = extractParam(req, "O"); + c = extractParam(req, "C"); + st = extractParam(req, "ST"); + l = extractParam(req, "L"); + + if (o.length() > 64 || o.length() < 1) { + throw new GigiApiException(SprintfCommand.createSimple("{0} not given or longer than {1} characters", "Organisation name", 64)); + } + if (c.length() != 2) { + throw new GigiApiException(SprintfCommand.createSimple("{0} not given or not exactly {1} characters long", "Country code", 2)); + } - result.updateCertData(o, c, st, l); + if (st.length() > 128 || st.length() < 1) { + throw new GigiApiException(SprintfCommand.createSimple("{0} not given or longer than {1} characters", "State/county", 128)); + } + + if (l.length() > 128 || l.length() < 1) { + throw new GigiApiException(SprintfCommand.createSimple("{0} not given or longer than {1} characters", "Town/suburb", 128)); + } + } + + private String extractParam(HttpServletRequest req, String name) { + String parameter = req.getParameter(name); + if (parameter == null) { + return ""; + } + return parameter.trim(); } public Organisation getResult() { diff --git a/tests/org/cacert/gigi/pages/orga/TestOrgManagement.java b/tests/org/cacert/gigi/pages/orga/TestOrgManagement.java index 80db6bde..72767106 100644 --- a/tests/org/cacert/gigi/pages/orga/TestOrgManagement.java +++ b/tests/org/cacert/gigi/pages/orga/TestOrgManagement.java @@ -36,10 +36,10 @@ public class TestOrgManagement extends OrgTest { for (Organisation i : Organisation.getOrganisations(0, 30)) { i.delete(); } - executeBasicWebInteraction(cookie, CreateOrgPage.DEFAULT_PATH, "action=new&O=name&contact=mail&L=K%C3%B6ln&ST=" + URLEncoder.encode(DIFFICULT_CHARS, "UTF-8") + "&C=DE&comments=jkl%C3%B6loiuzfdfgjlh%C3%B6&optionalName=opname&postalAddress=postaladdress", 0); + executeBasicWebInteraction(cookie, CreateOrgPage.DEFAULT_PATH, "action=new&O=name&contact=mail@serv.tld&L=K%C3%B6ln&ST=" + URLEncoder.encode(DIFFICULT_CHARS, "UTF-8") + "&C=DE&comments=jkl%C3%B6loiuzfdfgjlh%C3%B6&optionalName=opname&postalAddress=postaladdress", 0); Organisation[] orgs = Organisation.getOrganisations(0, 30); assertEquals(1, orgs.length); - assertEquals("mail", orgs[0].getContactEmail()); + assertEquals("mail@serv.tld", orgs[0].getContactEmail()); assertEquals("name", orgs[0].getName()); assertEquals("Köln", orgs[0].getCity()); assertEquals(DIFFICULT_CHARS, orgs[0].getProvince());