From d619f98de71a7b04069879147fc069fb355aa9cd Mon Sep 17 00:00:00 2001 From: bgamard Date: Fri, 14 Feb 2020 21:40:13 +0100 Subject: [PATCH] Closes #379: spaces and colons not allowed in tag name --- .../util/format/TestPdfFormatHandler.java | 8 ++++++++ .../com/sismics/rest/util/ValidationUtil.java | 13 +++++++++++- .../docs/rest/resource/TagResource.java | 20 ++++++------------- .../sismics/docs/rest/TestTagResource.java | 20 +++++++++++++++++-- 4 files changed, 44 insertions(+), 17 deletions(-) diff --git a/docs-core/src/test/java/com/sismics/util/format/TestPdfFormatHandler.java b/docs-core/src/test/java/com/sismics/util/format/TestPdfFormatHandler.java index 7b664df7..7e3b2f00 100644 --- a/docs-core/src/test/java/com/sismics/util/format/TestPdfFormatHandler.java +++ b/docs-core/src/test/java/com/sismics/util/format/TestPdfFormatHandler.java @@ -6,7 +6,15 @@ import org.junit.Test; import java.nio.file.Paths; +/** + * Test of {@link PdfFormatHandler} + * + * @author bgamard + */ public class TestPdfFormatHandler { + /** + * Test related to https://github.com/sismics/docs/issues/373. + */ @Test public void testIssue373() throws Exception { PdfFormatHandler formatHandler = new PdfFormatHandler(); diff --git a/docs-web-common/src/main/java/com/sismics/rest/util/ValidationUtil.java b/docs-web-common/src/main/java/com/sismics/rest/util/ValidationUtil.java index ce4b9883..c2054043 100644 --- a/docs-web-common/src/main/java/com/sismics/rest/util/ValidationUtil.java +++ b/docs-web-common/src/main/java/com/sismics/rest/util/ValidationUtil.java @@ -111,7 +111,18 @@ public class ValidationUtil { public static void validateHexColor(String s, String name, boolean nullable) throws ClientException { ValidationUtil.validateLength(s, name, 7, 7, nullable); } - + + /** + * Validate a tag name. + * + * @param name Name of the tag + */ + public static void validateTagName(String name) throws ClientException { + if (name.contains(" ") || name.contains(":")) { + throw new ClientException("IllegalTagName", "Spaces and colons are not allowed in tag name"); + } + } + /** * Validates that the provided string matches an URL with HTTP or HTTPS scheme. * diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/TagResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/TagResource.java index 731e6307..92485097 100644 --- a/docs-web/src/main/java/com/sismics/docs/rest/resource/TagResource.java +++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/TagResource.java @@ -155,7 +155,7 @@ public class TagResource extends BaseResource { * @apiSuccess {String} id Tag ID * @apiError (client) ForbiddenError Access denied * @apiError (client) ValidationError Validation error - * @apiError (client) SpacesNotAllowed Spaces are not allowed in tag name + * @apiError (client) IllegalTagName Spaces and colons are not allowed in tag name * @apiError (client) ParentNotFound Parent not found * @apiPermission user * @apiVersion 1.5.0 @@ -177,12 +177,8 @@ public class TagResource extends BaseResource { // Validate input data name = ValidationUtil.validateLength(name, "name", 1, 36, false); ValidationUtil.validateHexColor(color, "color", true); - - // Don't allow spaces - if (name.contains(" ")) { - throw new ClientException("SpacesNotAllowed", "Spaces are not allowed in tag name"); - } - + ValidationUtil.validateTagName(name); + // Check the parent if (StringUtils.isEmpty(parentId)) { parentId = null; @@ -237,7 +233,7 @@ public class TagResource extends BaseResource { * @apiSuccess {String} id Tag ID * @apiError (client) ForbiddenError Access denied * @apiError (client) ValidationError Validation error - * @apiError (client) SpacesNotAllowed Spaces are not allowed in tag name + * @apiError (client) IllegalTagName Spaces and colons are not allowed in tag name * @apiError (client) ParentNotFound Parent not found * @apiError (client) CircularReference Circular reference in parent tag * @apiError (client) NotFound Tag not found @@ -263,12 +259,8 @@ public class TagResource extends BaseResource { // Validate input data name = ValidationUtil.validateLength(name, "name", 1, 36, true); ValidationUtil.validateHexColor(color, "color", true); - - // Don't allow spaces - if (name.contains(" ")) { - throw new ClientException("SpacesNotAllowed", "Spaces are not allowed in tag name"); - } - + ValidationUtil.validateTagName(name); + // Check permission AclDao aclDao = new AclDao(); if (!aclDao.checkPermission(id, PermType.WRITE, getTargetIdList(null))) { diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java index b8f4b5fa..bf98a570 100644 --- a/docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java +++ b/docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java @@ -25,7 +25,23 @@ public class TestTagResource extends BaseJerseyTest { // Login tag1 clientUtil.createUser("tag1"); String tag1Token = clientUtil.login("tag1"); - + + // Create a tag with a wrong name + Response response = target().path("/tag").request() + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, tag1Token) + .put(Entity.form(new Form() + .param("name", "Tag:3") + .param("color", "#ff0000"))); + Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus())); + + // Create a tag with a wrong name + response = target().path("/tag").request() + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, tag1Token) + .put(Entity.form(new Form() + .param("name", "Tag 3") + .param("color", "#ff0000"))); + Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus())); + // Create a tag JsonObject json = target().path("/tag").request() .cookie(TokenBasedSecurityFilter.COOKIE_NAME, tag1Token) @@ -46,7 +62,7 @@ public class TestTagResource extends BaseJerseyTest { Assert.assertNotNull(tag4Id); // Create a circular reference - Response response = target().path("/tag/" + tag3Id).request() + response = target().path("/tag/" + tag3Id).request() .cookie(TokenBasedSecurityFilter.COOKIE_NAME, tag1Token) .post(Entity.form(new Form() .param("name", "Tag3")