mirror of
https://bitbucket.org/wisemapping/wisemapping-open-source.git
synced 2024-11-05 07:03:24 +01:00
Fix ReCaptha NPE
Improve error handling when permission are removed.
This commit is contained in:
parent
743164ade4
commit
337a67a8f6
@ -45,7 +45,8 @@ mindplot.RESTPersistenceManager = new Class({
|
||||
events.onError();
|
||||
},
|
||||
onFailure:function (xhr) {
|
||||
events.onError();
|
||||
var responseText = xhr.responseText;
|
||||
events.onError(JSON.decode(responseText));
|
||||
},
|
||||
headers:{"Content-Type":"application/json", "Accept":"application/json"},
|
||||
emulation:false,
|
||||
@ -60,7 +61,6 @@ mindplot.RESTPersistenceManager = new Class({
|
||||
async:false,
|
||||
method:'post',
|
||||
onSuccess:function () {
|
||||
console.log("Revert success ....");
|
||||
},
|
||||
onException:function () {
|
||||
},
|
||||
|
@ -78,10 +78,14 @@ mindplot.widget.IMenu = new Class({
|
||||
}
|
||||
menu.setRequireChange(false);
|
||||
},
|
||||
onError:function () {
|
||||
onError:function (error) {
|
||||
if (saveHistory) {
|
||||
saveElem.setStyle('cursor', 'pointer');
|
||||
$notify($msg('SAVE_COULD_NOT_BE_COMPLETED'));
|
||||
var msg = error ? error.globalErrors : null;
|
||||
if (!msg) {
|
||||
msg = $msg('SAVE_COULD_NOT_BE_COMPLETED');
|
||||
}
|
||||
$notify(msg);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
@ -18,11 +18,21 @@
|
||||
|
||||
package com.wisemapping.exceptions;
|
||||
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
|
||||
public class AccessDeniedSecurityException
|
||||
extends Exception
|
||||
extends ClientException
|
||||
{
|
||||
public AccessDeniedSecurityException(String msg)
|
||||
public static final String MSG_KEY = "ACCESS_HAS_BEEN_REVOKED";
|
||||
|
||||
public AccessDeniedSecurityException(@NotNull String msg)
|
||||
{
|
||||
super(msg);
|
||||
}
|
||||
|
||||
@NotNull
|
||||
@Override
|
||||
protected String getMsgBundleKey() {
|
||||
return MSG_KEY;
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,20 @@
|
||||
package com.wisemapping.exceptions;
|
||||
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.springframework.context.MessageSource;
|
||||
|
||||
import java.util.Locale;
|
||||
|
||||
abstract public class ClientException extends WiseMappingException {
|
||||
public ClientException(@NotNull String message) {
|
||||
super(message);
|
||||
}
|
||||
|
||||
protected abstract
|
||||
@NotNull
|
||||
String getMsgBundleKey();
|
||||
|
||||
public String getMessage(@NotNull final MessageSource messageSource, final @NotNull Locale locale) {
|
||||
return messageSource.getMessage(this.getMsgBundleKey(), null, locale);
|
||||
}
|
||||
}
|
@ -18,6 +18,7 @@
|
||||
|
||||
package com.wisemapping.model;
|
||||
|
||||
import com.wisemapping.exceptions.AccessDeniedSecurityException;
|
||||
import com.wisemapping.exceptions.WiseMappingException;
|
||||
import com.wisemapping.util.ZipUtils;
|
||||
import org.apache.commons.lang.StringEscapeUtils;
|
||||
@ -233,7 +234,7 @@ public class Mindmap {
|
||||
|
||||
final Collaboration collaboration = this.findCollaboration(collaborator);
|
||||
if (collaboration == null) {
|
||||
throw new WiseMappingException("User is not collaborator");
|
||||
throw new AccessDeniedSecurityException("Collaborator " + collaborator.getEmail() + " could not access " + this.getId());
|
||||
}
|
||||
return collaboration.getCollaborationProperties();
|
||||
}
|
||||
|
@ -137,11 +137,17 @@ public class UsersController {
|
||||
final String challenge = request.getParameter("recaptcha_challenge_field");
|
||||
final String uresponse = request.getParameter("recaptcha_response_field");
|
||||
|
||||
if (challenge != null && uresponse != null) {
|
||||
final String remoteAddr = request.getRemoteAddr();
|
||||
final ReCaptchaResponse reCaptchaResponse = captchaService.checkAnswer(remoteAddr, challenge, uresponse);
|
||||
|
||||
if (!reCaptchaResponse.isValid()) {
|
||||
bindingResult.rejectValue("captcha", Messages.CAPTCHA_ERROR);
|
||||
}
|
||||
|
||||
} else {
|
||||
bindingResult.rejectValue("captcha", Messages.CAPTCHA_LOADING_ERROR);
|
||||
}
|
||||
}
|
||||
return bindingResult;
|
||||
}
|
||||
|
@ -60,7 +60,7 @@ public class AdminController extends BaseController {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST, value = "admin/users", consumes = {"application/xml", "application/json"}, produces = {"application/json", "text/html", "application/xml"})
|
||||
@ResponseStatus(value = HttpStatus.CREATED)
|
||||
public void createUser(@RequestBody RestUser user, HttpServletResponse response) throws IOException, WiseMappingException {
|
||||
public void createUser(@RequestBody RestUser user, HttpServletResponse response) throws WiseMappingException {
|
||||
if (user == null) {
|
||||
throw new IllegalArgumentException("User could not be found");
|
||||
}
|
||||
@ -90,7 +90,7 @@ public class AdminController extends BaseController {
|
||||
|
||||
@RequestMapping(method = RequestMethod.PUT, value = "admin/users/{id}/password", consumes = {"text/plain"})
|
||||
@ResponseStatus(value = HttpStatus.NO_CONTENT)
|
||||
public void changePassword(@RequestBody String password, @PathVariable long id) throws IOException, WiseMappingException {
|
||||
public void changePassword(@RequestBody String password, @PathVariable long id) throws WiseMappingException {
|
||||
if (password == null) {
|
||||
throw new IllegalArgumentException("Password can not be null");
|
||||
}
|
||||
@ -105,7 +105,7 @@ public class AdminController extends BaseController {
|
||||
|
||||
@RequestMapping(method = RequestMethod.DELETE,value = "admin/users/{id}")
|
||||
@ResponseStatus(value = HttpStatus.NO_CONTENT)
|
||||
public void getUserByEmail(@PathVariable long id) throws IOException, WiseMappingException {
|
||||
public void getUserByEmail(@PathVariable long id) throws WiseMappingException {
|
||||
final User user = userService.getUserBy(id);
|
||||
if (user == null) {
|
||||
throw new IllegalArgumentException("User '" + id + "' could not be found");
|
||||
|
@ -19,6 +19,7 @@
|
||||
package com.wisemapping.rest;
|
||||
|
||||
import com.wisemapping.exceptions.AccessDeniedSecurityException;
|
||||
import com.wisemapping.exceptions.ClientException;
|
||||
import com.wisemapping.filter.UserAgent;
|
||||
import com.wisemapping.mail.NotificationService;
|
||||
import com.wisemapping.model.User;
|
||||
@ -27,6 +28,7 @@ import com.wisemapping.security.Utils;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.context.i18n.LocaleContextHolder;
|
||||
import org.springframework.context.support.ResourceBundleMessageSource;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.web.bind.annotation.ExceptionHandler;
|
||||
@ -36,6 +38,7 @@ import org.springframework.web.bind.annotation.ResponseStatus;
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.lang.reflect.UndeclaredThrowableException;
|
||||
import java.util.Locale;
|
||||
|
||||
public class BaseController {
|
||||
|
||||
@ -75,13 +78,20 @@ public class BaseController {
|
||||
@ExceptionHandler(java.lang.reflect.UndeclaredThrowableException.class)
|
||||
@ResponseStatus(HttpStatus.BAD_REQUEST)
|
||||
public RestErrors handleSecurityErrors(@NotNull UndeclaredThrowableException ex) {
|
||||
return new RestErrors(ex.getMessage());
|
||||
final Throwable cause = ex.getCause();
|
||||
RestErrors result;
|
||||
if (cause instanceof ClientException) {
|
||||
result = handleClientErrors((ClientException) cause);
|
||||
} else {
|
||||
result = new RestErrors(ex.getMessage());
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
@ExceptionHandler(com.wisemapping.exceptions.AccessDeniedSecurityException.class)
|
||||
@ExceptionHandler(ClientException.class)
|
||||
@ResponseStatus(HttpStatus.BAD_REQUEST)
|
||||
public RestErrors handleSecurityException(@NotNull AccessDeniedSecurityException ex) {
|
||||
return new RestErrors(ex.getMessage());
|
||||
public RestErrors handleClientErrors(@NotNull ClientException ex) {
|
||||
final Locale locale = LocaleContextHolder.getLocale();
|
||||
return new RestErrors(ex.getMessage(messageSource, locale));
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -30,7 +30,7 @@ public class RestErrors {
|
||||
private Errors errors;
|
||||
|
||||
@JsonIgnore
|
||||
private List<String> globalErrors;
|
||||
private List<String> gErrors;
|
||||
|
||||
@JsonIgnore
|
||||
MessageSource messageSource;
|
||||
@ -43,12 +43,12 @@ public class RestErrors {
|
||||
|
||||
this.errors = errors;
|
||||
this.messageSource = messageSource;
|
||||
this.globalErrors = this.processGlobalErrors(errors, messageSource);
|
||||
this.gErrors = this.processGlobalErrors(errors, messageSource);
|
||||
}
|
||||
|
||||
public RestErrors(@NotNull String errorMsg) {
|
||||
globalErrors = new ArrayList<String>();
|
||||
globalErrors.add(errorMsg);
|
||||
gErrors = new ArrayList<String>();
|
||||
gErrors.add(errorMsg);
|
||||
}
|
||||
|
||||
private List<String> processGlobalErrors(@NotNull Errors errors, @NotNull MessageSource messageSource) {
|
||||
@ -61,7 +61,7 @@ public class RestErrors {
|
||||
}
|
||||
|
||||
public List<String> getGlobalErrors() {
|
||||
return globalErrors;
|
||||
return gErrors;
|
||||
}
|
||||
|
||||
public void setGlobalErrors(List<String> list) {
|
||||
|
@ -26,4 +26,5 @@ public interface Messages {
|
||||
String MAP_TITLE_ALREADY_EXISTS = "MAP_TITLE_ALREADY_EXISTS";
|
||||
String PASSWORD_MISSMATCH = "PASSWORD_MISSMATCH";
|
||||
String CAPTCHA_ERROR = "CAPTCHA_ERROR";
|
||||
String CAPTCHA_LOADING_ERROR = "CAPTCHA_LOADING_ERROR";
|
||||
}
|
||||
|
@ -241,6 +241,10 @@ SUPPORT=Support
|
||||
FEEDBACK=Feedback
|
||||
CONTACT_US=Contact Us
|
||||
|
||||
#Pending for translation ...
|
||||
CAPTCHA_LOADING_ERROR=ReCaptcha could not be loaded. You must have access to Google ReCaptcha service.
|
||||
ACCESS_HAS_BEEN_REVOKED= Upps. your access permissions to this map has been revoked. Contact map owner.
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -241,3 +241,7 @@ FEEDBACK=Feedback
|
||||
CONTACT_US=Contáctenos
|
||||
|
||||
|
||||
ACCESS_HAS_BEEN_REVOKED=Los permisos de acceso al mapa han sido revocados. No es posible grabar sus cambios.
|
||||
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user