From 4aaed35a710ad70511aae6c77e620eed40159da0 Mon Sep 17 00:00:00 2001
From: INOPIAE <m.maengel@inopiae.de>
Date: Sun, 17 Dec 2017 07:15:48 +0100
Subject: [PATCH] chg: adjust ticket number handling according to current
 number scheme

Change-Id: I48d298bc4b4b9f11befdb00ec87a4cc83ebbcc2c
---
 .../admin/support/SupportEnterTicketForm.java |  9 ++-
 src/club/wpia/gigi/util/CalendarUtil.java     | 11 +++
 .../pages/admin/TestSEAdminTicketSetting.java | 67 +++++++++++++++++++
 3 files changed, 84 insertions(+), 3 deletions(-)

diff --git a/src/club/wpia/gigi/pages/admin/support/SupportEnterTicketForm.java b/src/club/wpia/gigi/pages/admin/support/SupportEnterTicketForm.java
index 0a98dfd1..58b2997e 100644
--- a/src/club/wpia/gigi/pages/admin/support/SupportEnterTicketForm.java
+++ b/src/club/wpia/gigi/pages/admin/support/SupportEnterTicketForm.java
@@ -12,11 +12,14 @@ import club.wpia.gigi.output.template.Form;
 import club.wpia.gigi.output.template.Template;
 import club.wpia.gigi.pages.LoginPage;
 import club.wpia.gigi.util.AuthorizationContext;
+import club.wpia.gigi.util.CalendarUtil;
 
 public class SupportEnterTicketForm extends Form {
 
     private static final Template t = new Template(SupportEnterTicketForm.class.getResource("SupportEnterTicketForm.templ"));
 
+    public static final String TICKET_PREFIX = "acdhi";
+
     public SupportEnterTicketForm(HttpServletRequest hsr) {
         super(hsr);
     }
@@ -24,9 +27,9 @@ public class SupportEnterTicketForm extends Form {
     @Override
     public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
         if (req.getParameter("setTicket") != null) {
-            // [asdmASDM]\d{8}\.\d+
-            String ticket = req.getParameter("ticketno");
-            if (ticket.matches("[asdmASDM]\\d{8}\\.\\d+")) {
+            // [acdhi]\d{8}\.\d+ according to numbering scheme
+            String ticket = req.getParameter("ticketno").toLowerCase();
+            if (ticket.matches("[" + TICKET_PREFIX + "]\\d{8}\\.\\d+") && CalendarUtil.isDateValid(ticket.substring(1, 9))) {
                 AuthorizationContext ac = LoginPage.getAuthorizationContext(req);
                 req.getSession().setAttribute(Gigi.AUTH_CONTEXT, new AuthorizationContext(ac.getActor(), ticket));
                 return new RedirectResult(SupportEnterTicketPage.PATH);
diff --git a/src/club/wpia/gigi/util/CalendarUtil.java b/src/club/wpia/gigi/util/CalendarUtil.java
index c7b2bb0f..9c4cf70a 100644
--- a/src/club/wpia/gigi/util/CalendarUtil.java
+++ b/src/club/wpia/gigi/util/CalendarUtil.java
@@ -15,6 +15,17 @@ public class CalendarUtil {
 
     }
 
+    /**
+     * @param date
+     *            YYYYMMDD
+     */
+    public static boolean isDateValid(String date) {
+        int year = Integer.parseInt(date.substring(0, 4));
+        int month = Integer.parseInt(date.substring(4, 6));
+        int day = Integer.parseInt(date.substring(6, 8));
+        return isDateValid(year, month, day);
+    }
+
     public static boolean isOfAge(DayDate dob, int age) {
         return isYearsInFuture(dob.start(), age);
     }
diff --git a/tests/club/wpia/gigi/pages/admin/TestSEAdminTicketSetting.java b/tests/club/wpia/gigi/pages/admin/TestSEAdminTicketSetting.java
index 59f04279..e20b4944 100644
--- a/tests/club/wpia/gigi/pages/admin/TestSEAdminTicketSetting.java
+++ b/tests/club/wpia/gigi/pages/admin/TestSEAdminTicketSetting.java
@@ -1,10 +1,13 @@
 package club.wpia.gigi.pages.admin;
 
+import static org.hamcrest.CoreMatchers.*;
+import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.Assert.*;
 
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.MalformedURLException;
+import java.util.Random;
 
 import org.junit.Test;
 
@@ -12,8 +15,10 @@ import club.wpia.gigi.GigiApiException;
 import club.wpia.gigi.dbObjects.Group;
 import club.wpia.gigi.pages.admin.support.FindUserByDomainPage;
 import club.wpia.gigi.pages.admin.support.FindUserByEmailPage;
+import club.wpia.gigi.pages.admin.support.SupportEnterTicketForm;
 import club.wpia.gigi.pages.admin.support.SupportEnterTicketPage;
 import club.wpia.gigi.testUtils.ClientTest;
+import club.wpia.gigi.testUtils.IOUtils;
 
 public class TestSEAdminTicketSetting extends ClientTest {
 
@@ -32,4 +37,66 @@ public class TestSEAdminTicketSetting extends ClientTest {
         assertEquals(403, get(FindUserByEmailPage.PATH).getResponseCode());
     }
 
+    @Test
+    public void testSetTicketNumberCharacter() throws MalformedURLException, UnsupportedEncodingException, IOException {
+        String ticket;
+        String alphabet = "abcdefghijklmnopqrstuvwxyz";
+
+        // test allowed character
+        for (char ch : SupportEnterTicketForm.TICKET_PREFIX.toCharArray()) {
+            ticket = ch + "20171212.1";
+            assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action", 0).getResponseCode());
+            ticket = Character.toUpperCase(ch) + "20171212.1";
+            assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action", 0).getResponseCode());
+            alphabet = alphabet.replaceAll(Character.toString(ch), "");
+        }
+
+        // test not allowed character
+        Random rnd = new Random();
+        char ch = alphabet.charAt(rnd.nextInt(alphabet.length()));
+        assertWrongTicketNumber(ch + "20171212.1");
+    }
+
+    @Test
+    public void testSetTicketNumberDatepart() throws MalformedURLException, UnsupportedEncodingException, IOException {
+        char ch = getValidCharacter();
+
+        assertWrongTicketNumber(ch + "220171212.1");
+
+        assertWrongTicketNumber(ch + "0171212.1");
+
+        assertWrongTicketNumber(ch + "20171512.1");
+
+        assertWrongTicketNumber(ch + "20170229.1");
+
+        assertWrongTicketNumber(ch + ch + "20171212.1");
+
+        assertWrongTicketNumber("20171212.1");
+
+        assertWrongTicketNumber(ch + "20171212" + ch + ".1");
+
+        assertWrongTicketNumber(ch + "201721" + ch + "21.1");
+    }
+
+    @Test
+    public void testSetTicketNumberNumberpart() throws MalformedURLException, UnsupportedEncodingException, IOException {
+        char ch = getValidCharacter();
+
+        assertWrongTicketNumber(ch + "20171212.");
+
+        assertWrongTicketNumber(ch + "20171212");
+
+        assertWrongTicketNumber(ch + "20171212.1" + ch);
+
+    }
+
+    private char getValidCharacter() {
+        Random rnd = new Random();
+        return SupportEnterTicketForm.TICKET_PREFIX.charAt(rnd.nextInt(SupportEnterTicketForm.TICKET_PREFIX.length()));
+    }
+
+    private void assertWrongTicketNumber(String ticket) throws IOException {
+        String res = IOUtils.readURL(post(SupportEnterTicketPage.PATH, "ticketno=" + ticket + "&setTicket=action"));
+        assertThat(res, containsString("Ticket format malformed"));
+    }
 }
-- 
2.39.2