diff --git a/src/main/java/org/codelibs/fess/helper/UserInfoHelper.java b/src/main/java/org/codelibs/fess/helper/UserInfoHelper.java
index cd8f1df51..e0a0ec708 100644
--- a/src/main/java/org/codelibs/fess/helper/UserInfoHelper.java
+++ b/src/main/java/org/codelibs/fess/helper/UserInfoHelper.java
@@ -53,15 +53,20 @@ public class UserInfoHelper {
final HttpServletRequest request = LaRequestUtil.getRequest();
String userCode = (String) request.getAttribute(Constants.USER_CODE);
+ if (StringUtil.isNotBlank(userCode)) {
+ return userCode;
+ }
- if (StringUtil.isBlank(userCode)) {
- userCode = getUserCodeFromCookie(request);
+ userCode = getUserCodeFromRequest(request);
+ if (StringUtil.isNotBlank(userCode)) {
+ return userCode;
}
if (!request.isRequestedSessionIdValid()) {
return null;
}
+ userCode = getUserCodeFromCookie(request);
if (StringUtil.isBlank(userCode)) {
userCode = getId();
}
@@ -72,6 +77,26 @@ public class UserInfoHelper {
return userCode;
}
+ protected String getUserCodeFromRequest(final HttpServletRequest request) {
+ final FessConfig fessConfig = ComponentUtil.getFessConfig();
+ final String userCode = request.getParameter(fessConfig.getUserCodeRequestParameter());
+ if (StringUtil.isBlank(userCode)) {
+ return null;
+ }
+
+ final int length = userCode.length();
+ if (fessConfig.getUserCodeMinLengthAsInteger().intValue() > length
+ || fessConfig.getUserCodeMaxLengthAsInteger().intValue() < length) {
+ return null;
+ }
+
+ if (fessConfig.isValidUserCode(userCode)) {
+ request.setAttribute(Constants.USER_CODE, userCode);
+ return userCode;
+ }
+ return null;
+ }
+
protected String getId() {
return UUID.randomUUID().toString().replace("-", StringUtil.EMPTY);
}
diff --git a/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java b/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
index 5641bdc79..d6d9c869b 100644
--- a/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
+++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
@@ -720,6 +720,18 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
/** The key of the configuration. e.g. false */
String THUMBNAIL_CRAWLER_ENABLED = "thumbnail.crawler.enabled";
+ /** The key of the configuration. e.g. userCode */
+ String USER_CODE_REQUEST_PARAMETER = "user.code.request.parameter";
+
+ /** The key of the configuration. e.g. 20 */
+ String USER_CODE_MIN_LENGTH = "user.code.min.length";
+
+ /** The key of the configuration. e.g. 100 */
+ String USER_CODE_MAX_LENGTH = "user.code.max.length";
+
+ /** The key of the configuration. e.g. [a-zA-Z0-9_]+ */
+ String USER_CODE_PATTERN = "user.code.pattern";
+
/** The key of the configuration. e.g. Administrator */
String MAIL_FROM_NAME = "mail.from.name";
@@ -3504,6 +3516,51 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
*/
boolean isThumbnailCrawlerEnabled();
+ /**
+ * Get the value for the key 'user.code.request.parameter'.
+ * The value is, e.g. userCode
+ * comment: user
+ * @return The value of found property. (NotNull: if not found, exception but basically no way)
+ */
+ String getUserCodeRequestParameter();
+
+ /**
+ * Get the value for the key 'user.code.min.length'.
+ * The value is, e.g. 20
+ * @return The value of found property. (NotNull: if not found, exception but basically no way)
+ */
+ String getUserCodeMinLength();
+
+ /**
+ * Get the value for the key 'user.code.min.length' as {@link Integer}.
+ * The value is, e.g. 20
+ * @return The value of found property. (NotNull: if not found, exception but basically no way)
+ * @throws NumberFormatException When the property is not integer.
+ */
+ Integer getUserCodeMinLengthAsInteger();
+
+ /**
+ * Get the value for the key 'user.code.max.length'.
+ * The value is, e.g. 100
+ * @return The value of found property. (NotNull: if not found, exception but basically no way)
+ */
+ String getUserCodeMaxLength();
+
+ /**
+ * Get the value for the key 'user.code.max.length' as {@link Integer}.
+ * The value is, e.g. 100
+ * @return The value of found property. (NotNull: if not found, exception but basically no way)
+ * @throws NumberFormatException When the property is not integer.
+ */
+ Integer getUserCodeMaxLengthAsInteger();
+
+ /**
+ * Get the value for the key 'user.code.pattern'.
+ * The value is, e.g. [a-zA-Z0-9_]+
+ * @return The value of found property. (NotNull: if not found, exception but basically no way)
+ */
+ String getUserCodePattern();
+
/**
* Get the value for the key 'mail.from.name'.
* The value is, e.g. Administrator
@@ -5912,6 +5969,30 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
return is(FessConfig.THUMBNAIL_CRAWLER_ENABLED);
}
+ public String getUserCodeRequestParameter() {
+ return get(FessConfig.USER_CODE_REQUEST_PARAMETER);
+ }
+
+ public String getUserCodeMinLength() {
+ return get(FessConfig.USER_CODE_MIN_LENGTH);
+ }
+
+ public Integer getUserCodeMinLengthAsInteger() {
+ return getAsInteger(FessConfig.USER_CODE_MIN_LENGTH);
+ }
+
+ public String getUserCodeMaxLength() {
+ return get(FessConfig.USER_CODE_MAX_LENGTH);
+ }
+
+ public Integer getUserCodeMaxLengthAsInteger() {
+ return getAsInteger(FessConfig.USER_CODE_MAX_LENGTH);
+ }
+
+ public String getUserCodePattern() {
+ return get(FessConfig.USER_CODE_PATTERN);
+ }
+
public String getMailFromName() {
return get(FessConfig.MAIL_FROM_NAME);
}
diff --git a/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java b/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
index 65154cb74..774c9e4ef 100644
--- a/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
+++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
@@ -58,6 +58,8 @@ import org.lastaflute.web.validation.theme.typed.LongTypeValidator;
public interface FessProp {
+ public static final String USER_CODE_PATTERN = "userCodePattern";
+
public static final String API_ADMIN_ACCESS_PERMISSION_SET = "apiAdminAccessPermissionSet";
public static final String CRAWLER_DOCUMENT_SPACE_CHARS = "crawlerDocumentSpaceChars";
@@ -1488,4 +1490,18 @@ public interface FessProp {
public default boolean isApiAdminAccessAllowed(final Set accessPermissions) {
return getApiAdminAccessPermissionSet().stream().anyMatch(s -> accessPermissions.contains(s));
}
+
+ String getUserCodePattern();
+
+ public default boolean isValidUserCode(final String userCode) {
+ if (userCode == null) {
+ return false;
+ }
+ Pattern pattern = (Pattern) propMap.get(USER_CODE_PATTERN);
+ if (pattern == null) {
+ pattern = Pattern.compile(getUserCodePattern());
+ propMap.put(USER_CODE_PATTERN, pattern);
+ }
+ return pattern.matcher(userCode).matches();
+ }
}
diff --git a/src/main/resources/fess_config.properties b/src/main/resources/fess_config.properties
index 08563aeb4..17fc83a3a 100644
--- a/src/main/resources/fess_config.properties
+++ b/src/main/resources/fess_config.properties
@@ -375,6 +375,12 @@ thumbnail.html.phantomjs.format=png
thumbnail.generator.targets=all
thumbnail.crawler.enabled=false
+# user
+user.code.request.parameter=userCode
+user.code.min.length=20
+user.code.max.length=100
+user.code.pattern=[a-zA-Z0-9_]+
+
# ----------------------------------------------------------
# Mail
# ------
diff --git a/src/test/java/org/codelibs/fess/helper/UserInfoHelperTest.java b/src/test/java/org/codelibs/fess/helper/UserInfoHelperTest.java
new file mode 100644
index 000000000..e46d57424
--- /dev/null
+++ b/src/test/java/org/codelibs/fess/helper/UserInfoHelperTest.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2012-2017 CodeLibs Project and the Others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+package org.codelibs.fess.helper;
+
+import org.codelibs.fess.unit.UnitFessTestCase;
+import org.dbflute.utflute.mocklet.MockletHttpServletRequest;
+
+public class UserInfoHelperTest extends UnitFessTestCase {
+
+ public void test_getUserCodeFromRequest() {
+ UserInfoHelper userInfoHelper = new UserInfoHelper();
+
+ MockletHttpServletRequest request = getMockRequest();
+
+ assertNull(userInfoHelper.getUserCodeFromRequest(request));
+
+ request.setParameter("userCode", "");
+ assertNull(userInfoHelper.getUserCodeFromRequest(request));
+
+ final StringBuilder buf = new StringBuilder();
+ buf.append("12345abcde");
+ request.setParameter("userCode", buf.toString());
+ assertNull(userInfoHelper.getUserCodeFromRequest(request));
+
+ buf.append("12345ABCDE");
+ request.setParameter("userCode", buf.toString());
+ assertEquals("12345abcde12345ABCDE", userInfoHelper.getUserCodeFromRequest(request));
+ request.setParameter("userCode", buf.toString() + "_");
+ assertEquals("12345abcde12345ABCDE_", userInfoHelper.getUserCodeFromRequest(request));
+ request.setParameter("userCode", buf.toString() + " ");
+ assertNull(userInfoHelper.getUserCodeFromRequest(request));
+
+ buf.append("12345ABCDE");
+ request.setParameter("userCode", buf.toString());
+ assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+ buf.append("12345ABCDE");
+ request.setParameter("userCode", buf.toString());
+ assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+ buf.append("12345ABCDE");
+ request.setParameter("userCode", buf.toString());
+ assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+ buf.append("12345ABCDE");
+ request.setParameter("userCode", buf.toString());
+ assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+ buf.append("12345ABCDE");
+ request.setParameter("userCode", buf.toString());
+ assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+ buf.append("12345ABCDE");
+ request.setParameter("userCode", buf.toString());
+ assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+ buf.append("12345ABCDE");
+ request.setParameter("userCode", buf.toString());
+ assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+ buf.append("12345ABCDE");
+ request.setParameter("userCode", buf.toString());
+ assertNotNull(userInfoHelper.getUserCodeFromRequest(request));
+ request.setParameter("userCode", buf.toString() + "x");
+ assertNull(userInfoHelper.getUserCodeFromRequest(request));
+ }
+}