fix #924 add userCode parameter

2017-03-11 19:03:09 +09:00 · 2017-03-11 19:03:09 +09:00 · a8cb4b92ba
commit a8cb4b92ba
parent 1fd2e2c18c
5 changed files with 203 additions and 2 deletions
--- a/src/main/java/org/codelibs/fess/helper/UserInfoHelper.java
+++ b/src/main/java/org/codelibs/fess/helper/UserInfoHelper.java
@ -53,15 +53,20 @@ public class UserInfoHelper {
        final HttpServletRequest request = LaRequestUtil.getRequest();

        String userCode = (String) request.getAttribute(Constants.USER_CODE);
+        if (StringUtil.isNotBlank(userCode)) {
+            return userCode;
+        }

-        if (StringUtil.isBlank(userCode)) {
-            userCode = getUserCodeFromCookie(request);
+        userCode = getUserCodeFromRequest(request);
+        if (StringUtil.isNotBlank(userCode)) {
+            return userCode;
        }

        if (!request.isRequestedSessionIdValid()) {
            return null;
        }

+        userCode = getUserCodeFromCookie(request);
        if (StringUtil.isBlank(userCode)) {
            userCode = getId();
        }
@ -72,6 +77,26 @@ public class UserInfoHelper {
        return userCode;
    }

+    protected String getUserCodeFromRequest(final HttpServletRequest request) {
+        final FessConfig fessConfig = ComponentUtil.getFessConfig();
+        final String userCode = request.getParameter(fessConfig.getUserCodeRequestParameter());
+        if (StringUtil.isBlank(userCode)) {
+            return null;
+        }
+
+        final int length = userCode.length();
+        if (fessConfig.getUserCodeMinLengthAsInteger().intValue() > length
+                || fessConfig.getUserCodeMaxLengthAsInteger().intValue() < length) {
+            return null;
+        }
+
+        if (fessConfig.isValidUserCode(userCode)) {
+            request.setAttribute(Constants.USER_CODE, userCode);
+            return userCode;
+        }
+        return null;
+    }
+
    protected String getId() {
        return UUID.randomUUID().toString().replace("-", StringUtil.EMPTY);
    }
--- a/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
+++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
@ -720,6 +720,18 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
    /** The key of the configuration. e.g. false */
    String THUMBNAIL_CRAWLER_ENABLED = "thumbnail.crawler.enabled";

+    /** The key of the configuration. e.g. userCode */
+    String USER_CODE_REQUEST_PARAMETER = "user.code.request.parameter";
+
+    /** The key of the configuration. e.g. 20 */
+    String USER_CODE_MIN_LENGTH = "user.code.min.length";
+
+    /** The key of the configuration. e.g. 100 */
+    String USER_CODE_MAX_LENGTH = "user.code.max.length";
+
+    /** The key of the configuration. e.g. [a-zA-Z0-9_]+ */
+    String USER_CODE_PATTERN = "user.code.pattern";
+
    /** The key of the configuration. e.g. Administrator */
    String MAIL_FROM_NAME = "mail.from.name";

@ -3504,6 +3516,51 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
     */
    boolean isThumbnailCrawlerEnabled();

+    /**
+     * Get the value for the key 'user.code.request.parameter'. <br>
+     * The value is, e.g. userCode <br>
+     * comment: user
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getUserCodeRequestParameter();
+
+    /**
+     * Get the value for the key 'user.code.min.length'. <br>
+     * The value is, e.g. 20 <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getUserCodeMinLength();
+
+    /**
+     * Get the value for the key 'user.code.min.length' as {@link Integer}. <br>
+     * The value is, e.g. 20 <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     * @throws NumberFormatException When the property is not integer.
+     */
+    Integer getUserCodeMinLengthAsInteger();
+
+    /**
+     * Get the value for the key 'user.code.max.length'. <br>
+     * The value is, e.g. 100 <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getUserCodeMaxLength();
+
+    /**
+     * Get the value for the key 'user.code.max.length' as {@link Integer}. <br>
+     * The value is, e.g. 100 <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     * @throws NumberFormatException When the property is not integer.
+     */
+    Integer getUserCodeMaxLengthAsInteger();
+
+    /**
+     * Get the value for the key 'user.code.pattern'. <br>
+     * The value is, e.g. [a-zA-Z0-9_]+ <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getUserCodePattern();
+
    /**
     * Get the value for the key 'mail.from.name'. <br>
     * The value is, e.g. Administrator <br>
@ -5912,6 +5969,30 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
            return is(FessConfig.THUMBNAIL_CRAWLER_ENABLED);
        }

+        public String getUserCodeRequestParameter() {
+            return get(FessConfig.USER_CODE_REQUEST_PARAMETER);
+        }
+
+        public String getUserCodeMinLength() {
+            return get(FessConfig.USER_CODE_MIN_LENGTH);
+        }
+
+        public Integer getUserCodeMinLengthAsInteger() {
+            return getAsInteger(FessConfig.USER_CODE_MIN_LENGTH);
+        }
+
+        public String getUserCodeMaxLength() {
+            return get(FessConfig.USER_CODE_MAX_LENGTH);
+        }
+
+        public Integer getUserCodeMaxLengthAsInteger() {
+            return getAsInteger(FessConfig.USER_CODE_MAX_LENGTH);
+        }
+
+        public String getUserCodePattern() {
+            return get(FessConfig.USER_CODE_PATTERN);
+        }
+
        public String getMailFromName() {
            return get(FessConfig.MAIL_FROM_NAME);
        }
--- a/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
+++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
@ -58,6 +58,8 @@ import org.lastaflute.web.validation.theme.typed.LongTypeValidator;

 public interface FessProp {

+    public static final String USER_CODE_PATTERN = "userCodePattern";
+
    public static final String API_ADMIN_ACCESS_PERMISSION_SET = "apiAdminAccessPermissionSet";

    public static final String CRAWLER_DOCUMENT_SPACE_CHARS = "crawlerDocumentSpaceChars";
@ -1488,4 +1490,18 @@ public interface FessProp {
    public default boolean isApiAdminAccessAllowed(final Set<String> accessPermissions) {
        return getApiAdminAccessPermissionSet().stream().anyMatch(s -> accessPermissions.contains(s));
    }
+
+    String getUserCodePattern();
+
+    public default boolean isValidUserCode(final String userCode) {
+        if (userCode == null) {
+            return false;
+        }
+        Pattern pattern = (Pattern) propMap.get(USER_CODE_PATTERN);
+        if (pattern == null) {
+            pattern = Pattern.compile(getUserCodePattern());
+            propMap.put(USER_CODE_PATTERN, pattern);
+        }
+        return pattern.matcher(userCode).matches();
+    }
 }
--- a/src/main/resources/fess_config.properties
+++ b/src/main/resources/fess_config.properties
@ -375,6 +375,12 @@ thumbnail.html.phantomjs.format=png
 thumbnail.generator.targets=all
 thumbnail.crawler.enabled=false

+# user
+user.code.request.parameter=userCode
+user.code.min.length=20
+user.code.max.length=100
+user.code.pattern=[a-zA-Z0-9_]+
+
 # ----------------------------------------------------------
 #                                                       Mail
 #                                                     ------
--- a/src/test/java/org/codelibs/fess/helper/UserInfoHelperTest.java
+++ b/src/test/java/org/codelibs/fess/helper/UserInfoHelperTest.java
@ -0,0 +1,73 @@
+/*
+ * Copyright 2012-2017 CodeLibs Project and the Others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+package org.codelibs.fess.helper;
+
+import org.codelibs.fess.unit.UnitFessTestCase;
+import org.dbflute.utflute.mocklet.MockletHttpServletRequest;
+
+public class UserInfoHelperTest extends UnitFessTestCase {
+
+    public void test_getUserCodeFromRequest() {
+        UserInfoHelper userInfoHelper = new UserInfoHelper();
+
+        MockletHttpServletRequest request = getMockRequest();
+
+        assertNull(userInfoHelper.getUserCodeFromRequest(request));
+
+        request.setParameter("userCode", "");
+        assertNull(userInfoHelper.getUserCodeFromRequest(request));
+
+        final StringBuilder buf = new StringBuilder();
+        buf.append("12345abcde");
+        request.setParameter("userCode", buf.toString());
+        assertNull(userInfoHelper.getUserCodeFromRequest(request));
+
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertEquals("12345abcde12345ABCDE", userInfoHelper.getUserCodeFromRequest(request));
+        request.setParameter("userCode", buf.toString() + "_");
+        assertEquals("12345abcde12345ABCDE_", userInfoHelper.getUserCodeFromRequest(request));
+        request.setParameter("userCode", buf.toString() + " ");
+        assertNull(userInfoHelper.getUserCodeFromRequest(request));
+
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        buf.append("12345ABCDE");
+        request.setParameter("userCode", buf.toString());
+        assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+        request.setParameter("userCode", buf.toString() + "x");
+        assertNull(userInfoHelper.getUserCodeFromRequest(request));
+    }
+}