Closes #379: spaces and colons not allowed in tag name

This commit is contained in:
bgamard 2020-02-14 21:40:13 +01:00
parent 89228a52dc
commit d619f98de7
4 changed files with 44 additions and 17 deletions

View File

@ -6,7 +6,15 @@ import org.junit.Test;
import java.nio.file.Paths; import java.nio.file.Paths;
/**
* Test of {@link PdfFormatHandler}
*
* @author bgamard
*/
public class TestPdfFormatHandler { public class TestPdfFormatHandler {
/**
* Test related to https://github.com/sismics/docs/issues/373.
*/
@Test @Test
public void testIssue373() throws Exception { public void testIssue373() throws Exception {
PdfFormatHandler formatHandler = new PdfFormatHandler(); PdfFormatHandler formatHandler = new PdfFormatHandler();

View File

@ -111,7 +111,18 @@ public class ValidationUtil {
public static void validateHexColor(String s, String name, boolean nullable) throws ClientException { public static void validateHexColor(String s, String name, boolean nullable) throws ClientException {
ValidationUtil.validateLength(s, name, 7, 7, nullable); ValidationUtil.validateLength(s, name, 7, 7, nullable);
} }
/**
* Validate a tag name.
*
* @param name Name of the tag
*/
public static void validateTagName(String name) throws ClientException {
if (name.contains(" ") || name.contains(":")) {
throw new ClientException("IllegalTagName", "Spaces and colons are not allowed in tag name");
}
}
/** /**
* Validates that the provided string matches an URL with HTTP or HTTPS scheme. * Validates that the provided string matches an URL with HTTP or HTTPS scheme.
* *

View File

@ -155,7 +155,7 @@ public class TagResource extends BaseResource {
* @apiSuccess {String} id Tag ID * @apiSuccess {String} id Tag ID
* @apiError (client) ForbiddenError Access denied * @apiError (client) ForbiddenError Access denied
* @apiError (client) ValidationError Validation error * @apiError (client) ValidationError Validation error
* @apiError (client) SpacesNotAllowed Spaces are not allowed in tag name * @apiError (client) IllegalTagName Spaces and colons are not allowed in tag name
* @apiError (client) ParentNotFound Parent not found * @apiError (client) ParentNotFound Parent not found
* @apiPermission user * @apiPermission user
* @apiVersion 1.5.0 * @apiVersion 1.5.0
@ -177,12 +177,8 @@ public class TagResource extends BaseResource {
// Validate input data // Validate input data
name = ValidationUtil.validateLength(name, "name", 1, 36, false); name = ValidationUtil.validateLength(name, "name", 1, 36, false);
ValidationUtil.validateHexColor(color, "color", true); ValidationUtil.validateHexColor(color, "color", true);
ValidationUtil.validateTagName(name);
// Don't allow spaces
if (name.contains(" ")) {
throw new ClientException("SpacesNotAllowed", "Spaces are not allowed in tag name");
}
// Check the parent // Check the parent
if (StringUtils.isEmpty(parentId)) { if (StringUtils.isEmpty(parentId)) {
parentId = null; parentId = null;
@ -237,7 +233,7 @@ public class TagResource extends BaseResource {
* @apiSuccess {String} id Tag ID * @apiSuccess {String} id Tag ID
* @apiError (client) ForbiddenError Access denied * @apiError (client) ForbiddenError Access denied
* @apiError (client) ValidationError Validation error * @apiError (client) ValidationError Validation error
* @apiError (client) SpacesNotAllowed Spaces are not allowed in tag name * @apiError (client) IllegalTagName Spaces and colons are not allowed in tag name
* @apiError (client) ParentNotFound Parent not found * @apiError (client) ParentNotFound Parent not found
* @apiError (client) CircularReference Circular reference in parent tag * @apiError (client) CircularReference Circular reference in parent tag
* @apiError (client) NotFound Tag not found * @apiError (client) NotFound Tag not found
@ -263,12 +259,8 @@ public class TagResource extends BaseResource {
// Validate input data // Validate input data
name = ValidationUtil.validateLength(name, "name", 1, 36, true); name = ValidationUtil.validateLength(name, "name", 1, 36, true);
ValidationUtil.validateHexColor(color, "color", true); ValidationUtil.validateHexColor(color, "color", true);
ValidationUtil.validateTagName(name);
// Don't allow spaces
if (name.contains(" ")) {
throw new ClientException("SpacesNotAllowed", "Spaces are not allowed in tag name");
}
// Check permission // Check permission
AclDao aclDao = new AclDao(); AclDao aclDao = new AclDao();
if (!aclDao.checkPermission(id, PermType.WRITE, getTargetIdList(null))) { if (!aclDao.checkPermission(id, PermType.WRITE, getTargetIdList(null))) {

View File

@ -25,7 +25,23 @@ public class TestTagResource extends BaseJerseyTest {
// Login tag1 // Login tag1
clientUtil.createUser("tag1"); clientUtil.createUser("tag1");
String tag1Token = clientUtil.login("tag1"); String tag1Token = clientUtil.login("tag1");
// Create a tag with a wrong name
Response response = target().path("/tag").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, tag1Token)
.put(Entity.form(new Form()
.param("name", "Tag:3")
.param("color", "#ff0000")));
Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus()));
// Create a tag with a wrong name
response = target().path("/tag").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, tag1Token)
.put(Entity.form(new Form()
.param("name", "Tag 3")
.param("color", "#ff0000")));
Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus()));
// Create a tag // Create a tag
JsonObject json = target().path("/tag").request() JsonObject json = target().path("/tag").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, tag1Token) .cookie(TokenBasedSecurityFilter.COOKIE_NAME, tag1Token)
@ -46,7 +62,7 @@ public class TestTagResource extends BaseJerseyTest {
Assert.assertNotNull(tag4Id); Assert.assertNotNull(tag4Id);
// Create a circular reference // Create a circular reference
Response response = target().path("/tag/" + tag3Id).request() response = target().path("/tag/" + tag3Id).request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, tag1Token) .cookie(TokenBasedSecurityFilter.COOKIE_NAME, tag1Token)
.post(Entity.form(new Form() .post(Entity.form(new Form()
.param("name", "Tag3") .param("name", "Tag3")