Fix ReCaptha NPE

Improve error handling when permission are removed.
2024-09-12 07:10:07 +02:00 · 2012-09-06 23:52:53 -03:00 · 2012-09-06 23:52:53 -03:00 · 337a67a8f6
commit 337a67a8f6
parent 743164ade4
12 changed files with 84 additions and 24 deletions
--- a/mindplot/src/main/javascript/RestPersistenceManager.js
+++ b/mindplot/src/main/javascript/RestPersistenceManager.js
@ -45,7 +45,8 @@ mindplot.RESTPersistenceManager = new Class({
                    events.onError();
                },
                onFailure:function (xhr) {
-                    events.onError();
+                    var responseText = xhr.responseText;
+                    events.onError(JSON.decode(responseText));
                },
                headers:{"Content-Type":"application/json", "Accept":"application/json"},
                emulation:false,
@ -60,7 +61,6 @@ mindplot.RESTPersistenceManager = new Class({
                async:false,
                method:'post',
                onSuccess:function () {
-                    console.log("Revert success ....");
                },
                onException:function () {
                },
--- a/mindplot/src/main/javascript/widget/IMenu.js
+++ b/mindplot/src/main/javascript/widget/IMenu.js
@ -78,10 +78,14 @@ mindplot.widget.IMenu = new Class({
                }
                menu.setRequireChange(false);
            },
-            onError:function () {
+            onError:function (error) {
                if (saveHistory) {
                    saveElem.setStyle('cursor', 'pointer');
-                    $notify($msg('SAVE_COULD_NOT_BE_COMPLETED'));
+                    var msg = error ? error.globalErrors : null;
+                    if (!msg) {
+                        msg = $msg('SAVE_COULD_NOT_BE_COMPLETED');
+                    }
+                    $notify(msg);
                }
            }
        });
--- a/wise-webapp/src/main/java/com/wisemapping/exceptions/AccessDeniedSecurityException.java
+++ b/wise-webapp/src/main/java/com/wisemapping/exceptions/AccessDeniedSecurityException.java
@ -18,11 +18,21 @@

 package com.wisemapping.exceptions;

+import org.jetbrains.annotations.NotNull;
+
 public class AccessDeniedSecurityException
-    extends Exception
+    extends ClientException
 {
-    public AccessDeniedSecurityException(String msg)
+    public static final String MSG_KEY = "ACCESS_HAS_BEEN_REVOKED";
+
+    public AccessDeniedSecurityException(@NotNull String msg)
    {
        super(msg);
    }
+
+    @NotNull
+    @Override
+    protected String getMsgBundleKey() {
+        return MSG_KEY;
+    }
 }
--- a/wise-webapp/src/main/java/com/wisemapping/exceptions/ClientException.java
+++ b/wise-webapp/src/main/java/com/wisemapping/exceptions/ClientException.java
@ -0,0 +1,20 @@
+package com.wisemapping.exceptions;
+
+import org.jetbrains.annotations.NotNull;
+import org.springframework.context.MessageSource;
+
+import java.util.Locale;
+
+abstract public class ClientException extends WiseMappingException {
+    public ClientException(@NotNull String message) {
+        super(message);
+    }
+
+    protected abstract
+    @NotNull
+    String getMsgBundleKey();
+
+    public String getMessage(@NotNull final MessageSource messageSource, final @NotNull Locale locale) {
+        return messageSource.getMessage(this.getMsgBundleKey(), null, locale);
+    }
+}
--- a/wise-webapp/src/main/java/com/wisemapping/model/Mindmap.java
+++ b/wise-webapp/src/main/java/com/wisemapping/model/Mindmap.java
@ -18,6 +18,7 @@

 package com.wisemapping.model;

+import com.wisemapping.exceptions.AccessDeniedSecurityException;
 import com.wisemapping.exceptions.WiseMappingException;
 import com.wisemapping.util.ZipUtils;
 import org.apache.commons.lang.StringEscapeUtils;
@ -233,7 +234,7 @@ public class Mindmap {

        final Collaboration collaboration = this.findCollaboration(collaborator);
        if (collaboration == null) {
-            throw new WiseMappingException("User is not collaborator");
+            throw new AccessDeniedSecurityException("Collaborator " + collaborator.getEmail() + " could not access " + this.getId());
        }
        return collaboration.getCollaborationProperties();
    }
--- a/wise-webapp/src/main/java/com/wisemapping/ncontroller/UsersController.java
+++ b/wise-webapp/src/main/java/com/wisemapping/ncontroller/UsersController.java
@ -137,10 +137,16 @@ public class UsersController {
            final String challenge = request.getParameter("recaptcha_challenge_field");
            final String uresponse = request.getParameter("recaptcha_response_field");

-            final String remoteAddr = request.getRemoteAddr();
-            final ReCaptchaResponse reCaptchaResponse = captchaService.checkAnswer(remoteAddr, challenge, uresponse);
-            if (!reCaptchaResponse.isValid()) {
-                bindingResult.rejectValue("captcha", Messages.CAPTCHA_ERROR);
+            if (challenge != null && uresponse != null) {
+                final String remoteAddr = request.getRemoteAddr();
+                final ReCaptchaResponse reCaptchaResponse = captchaService.checkAnswer(remoteAddr, challenge, uresponse);
+
+                if (!reCaptchaResponse.isValid()) {
+                    bindingResult.rejectValue("captcha", Messages.CAPTCHA_ERROR);
+                }
+
+            } else {
+                bindingResult.rejectValue("captcha", Messages.CAPTCHA_LOADING_ERROR);
            }
        }
        return bindingResult;
--- a/wise-webapp/src/main/java/com/wisemapping/rest/AdminController.java
+++ b/wise-webapp/src/main/java/com/wisemapping/rest/AdminController.java
@ -60,7 +60,7 @@ public class AdminController extends BaseController {

    @RequestMapping(method = RequestMethod.POST, value = "admin/users", consumes = {"application/xml", "application/json"}, produces = {"application/json", "text/html", "application/xml"})
    @ResponseStatus(value = HttpStatus.CREATED)
-    public void createUser(@RequestBody RestUser user, HttpServletResponse response) throws IOException, WiseMappingException {
+    public void createUser(@RequestBody RestUser user, HttpServletResponse response) throws WiseMappingException {
        if (user == null) {
            throw new IllegalArgumentException("User could not be found");
        }
@ -90,7 +90,7 @@ public class AdminController extends BaseController {

    @RequestMapping(method = RequestMethod.PUT, value = "admin/users/{id}/password", consumes = {"text/plain"})
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
-    public void changePassword(@RequestBody String password, @PathVariable long id) throws IOException, WiseMappingException {
+    public void changePassword(@RequestBody String password, @PathVariable long id) throws  WiseMappingException {
        if (password == null) {
            throw new IllegalArgumentException("Password can not be null");
        }
@ -105,7 +105,7 @@ public class AdminController extends BaseController {

    @RequestMapping(method = RequestMethod.DELETE,value = "admin/users/{id}")
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
-    public void getUserByEmail(@PathVariable long id) throws IOException, WiseMappingException {
+    public void getUserByEmail(@PathVariable long id) throws WiseMappingException {
        final User user = userService.getUserBy(id);
        if (user == null) {
            throw new IllegalArgumentException("User '" + id + "' could not be found");
--- a/wise-webapp/src/main/java/com/wisemapping/rest/BaseController.java
+++ b/wise-webapp/src/main/java/com/wisemapping/rest/BaseController.java
@ -19,6 +19,7 @@
 package com.wisemapping.rest;

 import com.wisemapping.exceptions.AccessDeniedSecurityException;
+import com.wisemapping.exceptions.ClientException;
 import com.wisemapping.filter.UserAgent;
 import com.wisemapping.mail.NotificationService;
 import com.wisemapping.model.User;
@ -27,6 +28,7 @@ import com.wisemapping.security.Utils;
 import org.jetbrains.annotations.NotNull;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.context.i18n.LocaleContextHolder;
 import org.springframework.context.support.ResourceBundleMessageSource;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.ExceptionHandler;
@ -36,6 +38,7 @@ import org.springframework.web.bind.annotation.ResponseStatus;
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
 import java.lang.reflect.UndeclaredThrowableException;
+import java.util.Locale;

 public class BaseController {

@ -75,13 +78,20 @@ public class BaseController {
    @ExceptionHandler(java.lang.reflect.UndeclaredThrowableException.class)
    @ResponseStatus(HttpStatus.BAD_REQUEST)
    public RestErrors handleSecurityErrors(@NotNull UndeclaredThrowableException ex) {
-        return new RestErrors(ex.getMessage());
+        final Throwable cause = ex.getCause();
+        RestErrors result;
+        if (cause instanceof ClientException) {
+            result = handleClientErrors((ClientException) cause);
+        } else {
+            result = new RestErrors(ex.getMessage());
+        }
+        return result;
    }

-    @ExceptionHandler(com.wisemapping.exceptions.AccessDeniedSecurityException.class)
+    @ExceptionHandler(ClientException.class)
    @ResponseStatus(HttpStatus.BAD_REQUEST)
-    public RestErrors handleSecurityException(@NotNull AccessDeniedSecurityException ex) {
-        return new RestErrors(ex.getMessage());
+    public RestErrors handleClientErrors(@NotNull ClientException ex) {
+        final Locale locale = LocaleContextHolder.getLocale();
+        return new RestErrors(ex.getMessage(messageSource, locale));
    }
-
 }
--- a/wise-webapp/src/main/java/com/wisemapping/rest/model/RestErrors.java
+++ b/wise-webapp/src/main/java/com/wisemapping/rest/model/RestErrors.java
@ -30,7 +30,7 @@ public class RestErrors {
    private Errors errors;

    @JsonIgnore
-    private List<String> globalErrors;
+    private List<String> gErrors;

    @JsonIgnore
    MessageSource messageSource;
@ -43,12 +43,12 @@ public class RestErrors {

        this.errors = errors;
        this.messageSource = messageSource;
-        this.globalErrors = this.processGlobalErrors(errors, messageSource);
+        this.gErrors = this.processGlobalErrors(errors, messageSource);
    }

    public RestErrors(@NotNull String errorMsg) {
-        globalErrors = new ArrayList<String>();
-        globalErrors.add(errorMsg);
+        gErrors = new ArrayList<String>();
+        gErrors.add(errorMsg);
    }

    private List<String> processGlobalErrors(@NotNull Errors errors, @NotNull MessageSource messageSource) {
@ -61,7 +61,7 @@ public class RestErrors {
    }

    public List<String> getGlobalErrors() {
-        return globalErrors;
+        return gErrors;
    }

    public void setGlobalErrors(List<String> list) {
--- a/wise-webapp/src/main/java/com/wisemapping/validator/Messages.java
+++ b/wise-webapp/src/main/java/com/wisemapping/validator/Messages.java
@ -26,4 +26,5 @@ public interface Messages {
    String MAP_TITLE_ALREADY_EXISTS = "MAP_TITLE_ALREADY_EXISTS";
    String PASSWORD_MISSMATCH = "PASSWORD_MISSMATCH";
    String CAPTCHA_ERROR = "CAPTCHA_ERROR";
+    String CAPTCHA_LOADING_ERROR = "CAPTCHA_LOADING_ERROR";
 }
--- a/wise-webapp/src/main/resources/messages_en.properties
+++ b/wise-webapp/src/main/resources/messages_en.properties
@ -241,6 +241,10 @@ SUPPORT=Support
 FEEDBACK=Feedback
 CONTACT_US=Contact Us

+#Pending for translation ...
+CAPTCHA_LOADING_ERROR=ReCaptcha could not be loaded. You must have access to Google ReCaptcha service.
+ACCESS_HAS_BEEN_REVOKED= Upps. your access permissions to this map has been revoked. Contact map owner.
+



--- a/wise-webapp/src/main/resources/messages_es.properties
+++ b/wise-webapp/src/main/resources/messages_es.properties
@ -241,3 +241,7 @@ FEEDBACK=Feedback
 CONTACT_US=Contáctenos


+ACCESS_HAS_BEEN_REVOKED=Los permisos de acceso al mapa han sido revocados. No es posible grabar sus cambios.
+
+
+