fix #924 add userCode parameter

src/main/java/org/codelibs/fess/helper/UserInfoHelper.java

@@ -53,15 +53,20 @@ public class UserInfoHelper {
         final HttpServletRequest request = LaRequestUtil.getRequest();
 
         String userCode = (String) request.getAttribute(Constants.USER_CODE);
+        if (StringUtil.isNotBlank(userCode)) {
+            return userCode;
+        }
 
-        if (StringUtil.isBlank(userCode)) {
-            userCode = getUserCodeFromCookie(request);
+        userCode = getUserCodeFromRequest(request);
+        if (StringUtil.isNotBlank(userCode)) {
+            return userCode;
         }
 
         if (!request.isRequestedSessionIdValid()) {
             return null;
         }
 
+        userCode = getUserCodeFromCookie(request);
         if (StringUtil.isBlank(userCode)) {
             userCode = getId();
         }
@@ -72,6 +77,26 @@ public class UserInfoHelper {
         return userCode;
     }
 
+    protected String getUserCodeFromRequest(final HttpServletRequest request) {
+        final FessConfig fessConfig = ComponentUtil.getFessConfig();
+        final String userCode = request.getParameter(fessConfig.getUserCodeRequestParameter());
+        if (StringUtil.isBlank(userCode)) {
+            return null;
+        }
+
+        final int length = userCode.length();
+        if (fessConfig.getUserCodeMinLengthAsInteger().intValue() > length
+                || fessConfig.getUserCodeMaxLengthAsInteger().intValue() < length) {
+            return null;
+        }
+
+        if (fessConfig.isValidUserCode(userCode)) {
+            request.setAttribute(Constants.USER_CODE, userCode);
+            return userCode;
+        }
+        return null;
+    }
+
     protected String getId() {
         return UUID.randomUUID().toString().replace("-", StringUtil.EMPTY);
     }

src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java

@@ -720,6 +720,18 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
     /** The key of the configuration. e.g. false */
     String THUMBNAIL_CRAWLER_ENABLED = "thumbnail.crawler.enabled";
 
+    /** The key of the configuration. e.g. userCode */
+    String USER_CODE_REQUEST_PARAMETER = "user.code.request.parameter";
+
+    /** The key of the configuration. e.g. 20 */
+    String USER_CODE_MIN_LENGTH = "user.code.min.length";
+
+    /** The key of the configuration. e.g. 100 */
+    String USER_CODE_MAX_LENGTH = "user.code.max.length";
+
+    /** The key of the configuration. e.g. [a-zA-Z0-9_]+ */
+    String USER_CODE_PATTERN = "user.code.pattern";
+
     /** The key of the configuration. e.g. Administrator */
     String MAIL_FROM_NAME = "mail.from.name";
 
@@ -3504,6 +3516,51 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
      */
     boolean isThumbnailCrawlerEnabled();
 
+    /**
+     * Get the value for the key 'user.code.request.parameter'. <br>
+     * The value is, e.g. userCode <br>
+     * comment: user
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getUserCodeRequestParameter();
+
+    /**
+     * Get the value for the key 'user.code.min.length'. <br>
+     * The value is, e.g. 20 <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getUserCodeMinLength();
+
+    /**
+     * Get the value for the key 'user.code.min.length' as {@link Integer}. <br>
+     * The value is, e.g. 20 <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     * @throws NumberFormatException When the property is not integer.
+     */
+    Integer getUserCodeMinLengthAsInteger();
+
+    /**
+     * Get the value for the key 'user.code.max.length'. <br>
+     * The value is, e.g. 100 <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getUserCodeMaxLength();
+
+    /**
+     * Get the value for the key 'user.code.max.length' as {@link Integer}. <br>
+     * The value is, e.g. 100 <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     * @throws NumberFormatException When the property is not integer.
+     */
+    Integer getUserCodeMaxLengthAsInteger();
+
+    /**
+     * Get the value for the key 'user.code.pattern'. <br>
+     * The value is, e.g. [a-zA-Z0-9_]+ <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getUserCodePattern();
+
     /**
      * Get the value for the key 'mail.from.name'. <br>
      * The value is, e.g. Administrator <br>
@@ -5912,6 +5969,30 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
             return is(FessConfig.THUMBNAIL_CRAWLER_ENABLED);
         }
 
+        public String getUserCodeRequestParameter() {
+            return get(FessConfig.USER_CODE_REQUEST_PARAMETER);
+        }
+
+        public String getUserCodeMinLength() {
+            return get(FessConfig.USER_CODE_MIN_LENGTH);
+        }
+
+        public Integer getUserCodeMinLengthAsInteger() {
+            return getAsInteger(FessConfig.USER_CODE_MIN_LENGTH);
+        }
+
+        public String getUserCodeMaxLength() {
+            return get(FessConfig.USER_CODE_MAX_LENGTH);
+        }
+
+        public Integer getUserCodeMaxLengthAsInteger() {
+            return getAsInteger(FessConfig.USER_CODE_MAX_LENGTH);
+        }
+
+        public String getUserCodePattern() {
+            return get(FessConfig.USER_CODE_PATTERN);
+        }
+
         public String getMailFromName() {
             return get(FessConfig.MAIL_FROM_NAME);
         }

src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java

@@ -58,6 +58,8 @@ import org.lastaflute.web.validation.theme.typed.LongTypeValidator;
 
 public interface FessProp {
 
+    public static final String USER_CODE_PATTERN = "userCodePattern";
+
     public static final String API_ADMIN_ACCESS_PERMISSION_SET = "apiAdminAccessPermissionSet";
 
     public static final String CRAWLER_DOCUMENT_SPACE_CHARS = "crawlerDocumentSpaceChars";
@@ -1488,4 +1490,18 @@ public interface FessProp {
     public default boolean isApiAdminAccessAllowed(final Set<String> accessPermissions) {
         return getApiAdminAccessPermissionSet().stream().anyMatch(s -> accessPermissions.contains(s));
     }
+
+    String getUserCodePattern();
+
+    public default boolean isValidUserCode(final String userCode) {
+        if (userCode == null) {
+            return false;
+        }
+        Pattern pattern = (Pattern) propMap.get(USER_CODE_PATTERN);
+        if (pattern == null) {
+            pattern = Pattern.compile(getUserCodePattern());
+            propMap.put(USER_CODE_PATTERN, pattern);
+        }
+        return pattern.matcher(userCode).matches();
+    }
 }

src/main/resources/fess_config.properties

@@ -375,6 +375,12 @@ thumbnail.html.phantomjs.format=png
 thumbnail.generator.targets=all
 thumbnail.crawler.enabled=false
 
+# user
+user.code.request.parameter=userCode
+user.code.min.length=20
+user.code.max.length=100
+user.code.pattern=[a-zA-Z0-9_]+
+
 # ----------------------------------------------------------
 #                                                       Mail
 #                                                     ------

src/test/java/org/codelibs/fess/helper/UserInfoHelperTest.java

@@ -0,0 +1,73 @@
+/*
+ * Copyright 2012-2017 CodeLibs Project and the Others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+package org.codelibs.fess.helper;
+
+import org.codelibs.fess.unit.UnitFessTestCase;
+import org.dbflute.utflute.mocklet.MockletHttpServletRequest;
+
+public class UserInfoHelperTest extends UnitFessTestCase {
+
+    public void test_getUserCodeFromRequest() {
+        UserInfoHelper userInfoHelper = new UserInfoHelper();
+
+        MockletHttpServletRequest request = getMockRequest();
+
+        assertNull(userInfoHelper.getUserCodeFromRequest(request));
+
+        request.setParameter("userCode", "");
+        assertNull(userInfoHelper.getUserCodeFromRequest(request));
+
+        final StringBuilder buf = new StringBuilder();
+        buf.append("12345abcde");
+        request.setParameter("userCode", buf.toString());
+        assertNull(userInfoHelper.getUserCodeFromRequest(request));
+
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertEquals("12345abcde12345ABCDE", userInfoHelper.getUserCodeFromRequest(request));
+        request.setParameter("userCode", buf.toString() + "_");
+        assertEquals("12345abcde12345ABCDE_", userInfoHelper.getUserCodeFromRequest(request));
+        request.setParameter("userCode", buf.toString() + " ");
+        assertNull(userInfoHelper.getUserCodeFromRequest(request));
+
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        request.setParameter("userCode", buf.toString() + "x");
+        assertNull(userInfoHelper.getUserCodeFromRequest(request));
+    }
+}