From 0dfe195d39328924a19f9301278eaba97f57c1b8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Felix=20D=C3=B6rre?= Date: Thu, 28 Jul 2016 22:58:30 +0200 Subject: [PATCH] fix: prevent assuring no names when submitting verification form Change-Id: I258ad3fd7e508f0d81282ee79fe79cd1a3f54174 --- src/org/cacert/gigi/pages/wot/AssuranceForm.java | 5 ++++- src/org/cacert/gigi/util/Notary.java | 3 +++ tests/org/cacert/gigi/pages/wot/TestAssurance.java | 9 +++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/src/org/cacert/gigi/pages/wot/AssuranceForm.java b/src/org/cacert/gigi/pages/wot/AssuranceForm.java index 6084c321..aca82b91 100644 --- a/src/org/cacert/gigi/pages/wot/AssuranceForm.java +++ b/src/org/cacert/gigi/pages/wot/AssuranceForm.java @@ -168,7 +168,7 @@ public class AssuranceForm extends Form { } } String[] parameterValues = req.getParameterValues("assuredName"); - HashSet data = new HashSet<>(Arrays.asList(parameterValues==null?new String[0]:parameterValues)); + HashSet data = new HashSet<>(Arrays.asList(parameterValues == null ? new String[0] : parameterValues)); for (int i = 0; i < assureeNames.length; i++) { selected[i] = data.contains(Integer.toString(assureeNames[i].getId())); } @@ -183,6 +183,9 @@ public class AssuranceForm extends Form { toAssure.add(assureeNames[i]); } } + if (toAssure.size() == 0) { + throw new GigiApiException("You must confirm at least one name to verify an account."); + } Notary.assureAll(assurer, assuree, dob, pointsI, location, req.getParameter("date"), type, toAssure.toArray(new Name[toAssure.size()])); diff --git a/src/org/cacert/gigi/util/Notary.java b/src/org/cacert/gigi/util/Notary.java index cba93aba..280bce39 100644 --- a/src/org/cacert/gigi/util/Notary.java +++ b/src/org/cacert/gigi/util/Notary.java @@ -239,6 +239,9 @@ public class Notary { } public synchronized static void assureAll(User assurer, User assuree, DayDate dob, int awarded, String location, String date, AssuranceType type, Name[] toAssure) throws GigiApiException { + if (toAssure.length == 0) { + throw new GigiApiException("You must confirm at least one name to verify an account."); + } boolean[] hadLessThan50Points = new boolean[toAssure.length]; boolean hadTotalLessThan100 = assuree.getAssurancePoints() < 100; for (int i = 0; i < toAssure.length; i++) { diff --git a/tests/org/cacert/gigi/pages/wot/TestAssurance.java b/tests/org/cacert/gigi/pages/wot/TestAssurance.java index eb488e5d..915ede7f 100644 --- a/tests/org/cacert/gigi/pages/wot/TestAssurance.java +++ b/tests/org/cacert/gigi/pages/wot/TestAssurance.java @@ -96,6 +96,15 @@ public class TestAssurance extends ManagedTest { executeSuccess("date=" + validVerificationDateString() + "&location=testcase&certify=1&rules=1&assertion=1&points=10"); } + @Test + public void testAssureFormEmpty() throws IOException { + URLConnection uc = buildupAssureFormConnection(true); + uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&rules=1&assertion=1&points=10").getBytes("UTF-8")); + uc.getOutputStream().flush(); + String data = IOUtils.readURL(uc); + assertThat(data, hasError()); + } + @Test public void testAssureFormContanisData() throws IOException { URLConnection uc = buildupAssureFormConnection(true); -- 2.39.2