0ct0pu5/fess
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add validation to numericals of ldap attributes (#2402)

Browse source
This commit is contained in:
Koki Igarashi 2020-02-14 21:15:45 +09:00 committed by GitHub
parent 1609b616f0
commit aae90a31cb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 80 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/main/java/org/codelibs/fess/app/web/admin/group/AdminGroupAction.java
View file

@ -16,6 +16,8 @@
package org.codelibs.fess.app.web.admin.group;
import java.util.Base64;
import java.util.Map;
import java.util.function.Consumer;
import javax.annotation.Resource;
@ -28,6 +30,7 @@ import org.codelibs.fess.app.service.GroupService;
import org.codelibs.fess.app.web.CrudMode;
import org.codelibs.fess.app.web.base.FessAdminAction;
import org.codelibs.fess.es.user.exentity.Group;
import org.codelibs.fess.mylasta.action.FessMessages;
import org.codelibs.fess.util.ComponentUtil;
import org.codelibs.fess.util.RenderDataUtil;
import org.dbflute.optional.OptionalEntity;
@ -36,6 +39,7 @@ import org.lastaflute.web.Execute;
import org.lastaflute.web.response.HtmlResponse;
import org.lastaflute.web.response.render.RenderData;
import org.lastaflute.web.ruts.process.ActionRuntime;
import org.lastaflute.web.validation.VaMessenger;
/**
* @author shinsuke
@ -185,6 +189,7 @@ public class AdminGroupAction extends FessAdminAction {
public HtmlResponse create(final CreateForm form) {
verifyCrudMode(form.crudMode, CrudMode.CREATE);
validate(form, messages -> {}, () -> asEditHtml());
validateAttributes(form.attributes, v -> throwValidationError(v, () -> asEditHtml()));
verifyToken(() -> asEditHtml());
getGroup(form).ifPresent(
entity -> {
@ -207,6 +212,7 @@ public class AdminGroupAction extends FessAdminAction {
public HtmlResponse update(final EditForm form) {
verifyCrudMode(form.crudMode, CrudMode.EDIT);
validate(form, messages -> {}, () -> asEditHtml());
validateAttributes(form.attributes, v -> throwValidationError(v, () -> asEditHtml()));
verifyToken(() -> asEditHtml());
getGroup(form).ifPresent(
entity -> {
@ -290,6 +296,12 @@ public class AdminGroupAction extends FessAdminAction {
}
}
public static void validateAttributes(final Map<String, String> attributes, final Consumer<VaMessenger<FessMessages>> throwError) {
ComponentUtil.getLdapManager().validateGroupAttributes(Long.class, attributes, s ->
throwError.accept(messages -> messages.addErrorsPropertyTypeLong("attributes." + s,
"attributes." + s)));
}
// ===================================================================================
// JSP
// =========

11
src/main/java/org/codelibs/fess/app/web/admin/user/AdminUserAction.java
View file

@ -18,6 +18,7 @@ package org.codelibs.fess.app.web.admin.user;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Consumer;
import javax.annotation.Resource;
@ -35,6 +36,7 @@ import org.codelibs.fess.app.web.CrudMode;
import org.codelibs.fess.app.web.base.FessAdminAction;
import org.codelibs.fess.app.web.base.login.FessLoginAssist;
import org.codelibs.fess.es.user.exentity.User;
import org.codelibs.fess.mylasta.action.FessMessages;
import org.codelibs.fess.util.ComponentUtil;
import org.codelibs.fess.util.RenderDataUtil;
import org.dbflute.optional.OptionalEntity;
@ -44,6 +46,7 @@ import org.lastaflute.web.response.HtmlResponse;
import org.lastaflute.web.response.render.RenderData;
import org.lastaflute.web.ruts.process.ActionRuntime;
import org.lastaflute.web.validation.VaErrorHook;
import org.lastaflute.web.validation.VaMessenger;
/**
* @author shinsuke
@ -208,6 +211,7 @@ public class AdminUserAction extends FessAdminAction {
public HtmlResponse create(final CreateForm form) {
verifyCrudMode(form.crudMode, CrudMode.CREATE);
validate(form, messages -> {}, () -> asEditHtml());
validateAttributes(form.attributes, v -> throwValidationError(v, () -> asEditHtml()));
verifyPassword(form, () -> asEditHtml());
verifyToken(() -> asEditHtml());
getUser(form).ifPresent(
@ -231,6 +235,7 @@ public class AdminUserAction extends FessAdminAction {
public HtmlResponse update(final EditForm form) {
verifyCrudMode(form.crudMode, CrudMode.EDIT);
validate(form, messages -> {}, () -> asEditHtml());
validateAttributes(form.attributes, v -> throwValidationError(v, () -> asEditHtml()));
verifyPassword(form, () -> asEditHtml());
verifyToken(() -> asEditHtml());
getUser(form).ifPresent(
@ -353,6 +358,12 @@ public class AdminUserAction extends FessAdminAction {
form.confirmPassword = null;
}
public static void validateAttributes(final Map<String, String> attributes, final Consumer<VaMessenger<FessMessages>> throwError) {
ComponentUtil.getLdapManager().validateUserAttributes(Long.class, attributes, s ->
throwError.accept(messages -> messages.addErrorsPropertyTypeLong("attributes." + s,
"attributes." + s)));
}
// ===================================================================================
// JSP
// =========

3
src/main/java/org/codelibs/fess/app/web/api/admin/group/ApiAdminGroupAction.java
View file

@ -16,6 +16,7 @@
package org.codelibs.fess.app.web.api.admin.group;
import static org.codelibs.fess.app.web.admin.group.AdminGroupAction.getGroup;
import static org.codelibs.fess.app.web.admin.group.AdminGroupAction.validateAttributes;
import java.util.List;
import java.util.stream.Collectors;
@ -63,6 +64,7 @@ public class ApiAdminGroupAction extends FessApiAdminAction {
@Execute
public JsonResponse<ApiResult> put$setting(final CreateBody body) {
validateApi(body, messages -> {});
validateAttributes(body.attributes, v -> throwValidationErrorApi(v));
body.crudMode = CrudMode.CREATE;
final Group entity = getGroup(body).orElseGet(() -> {
throwValidationErrorApi(messages -> {
@ -83,6 +85,7 @@ public class ApiAdminGroupAction extends FessApiAdminAction {
@Execute
public JsonResponse<ApiResult> post$setting(final EditBody body) {
validateApi(body, messages -> {});
validateAttributes(body.attributes, v -> throwValidationErrorApi(v));
body.crudMode = CrudMode.EDIT;
final Group entity = getGroup(body).orElseGet(() -> {
throwValidationErrorApi(messages -> {

2
src/main/java/org/codelibs/fess/app/web/api/admin/user/ApiAdminUserAction.java
View file

@ -16,6 +16,7 @@
package org.codelibs.fess.app.web.api.admin.user;
import static org.codelibs.fess.app.web.admin.user.AdminUserAction.getUser;
import static org.codelibs.fess.app.web.admin.user.AdminUserAction.validateAttributes;
import java.util.List;
import java.util.stream.Collectors;
@ -82,6 +83,7 @@ public class ApiAdminUserAction extends FessApiAdminAction {
@Execute
public JsonResponse<ApiResult> post$setting(final EditBody body) {
validateApi(body, messages -> {});
validateAttributes(body.attributes, v -> throwValidationErrorApi(v));
body.crudMode = CrudMode.EDIT;
final User entity = getUser(body).orElseGet(() -> {
throwValidationErrorApi(messages -> {

43
src/main/java/org/codelibs/fess/ldap/LdapManager.java
View file

@ -24,11 +24,13 @@ import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.PostConstruct;
import javax.naming.Context;
@ -878,6 +880,25 @@ public class LdapManager {
.ifPresent(s -> entry.put(new BasicAttribute(fessConfig.getLdapAttrHomeDirectory(), s)));
}
public void validateUserAttributes(final Class<?> type, final Map<String, String> attributes, final Consumer<String> consumer) {
if (type == Long.class) {
// Long type attributes
final String attrUidNumber = fessConfig.getLdapAttrUidNumber();
final String attrGidNumber = fessConfig.getLdapAttrGidNumber();
Stream.of(attrUidNumber, attrGidNumber).forEach(attrName ->
OptionalUtil.ofNullable(attributes.get(attrName)).filter(StringUtil::isNotBlank).ifPresent(s -> {
try {
DfTypeUtil.toLong(s);
} catch (final NumberFormatException e) {
consumer.accept(attrName);
}
}));
} else {
// do nothing
}
}
public void delete(final User user) {
if (!fessConfig.isLdapAdminEnabled(user.getName())) {
return;
@ -1017,6 +1038,24 @@ public class LdapManager {
.ifPresent(s -> entry.put(new BasicAttribute(fessConfig.getLdapAttrGidNumber(), s)));
}
public void validateGroupAttributes(final Class<?> type, final Map<String, String> attributes, final Consumer<String> consumer) {
if (type == Long.class) {
// Long type attributes
final String attrGidNumber = fessConfig.getLdapAttrGidNumber();
Stream.of(attrGidNumber).forEach(attrName ->
OptionalUtil.ofNullable(attributes.get(attrName)).filter(StringUtil::isNotBlank).ifPresent(s -> {
try {
DfTypeUtil.toLong(s);
} catch (final NumberFormatException e) {
consumer.accept(attrName);
}
}));
} else {
// do nothing
}
}
public void delete(final Group group) {
if (!fessConfig.isLdapAdminEnabled()) {
return;
@ -1071,7 +1110,7 @@ public class LdapManager {
}
protected void search(final String baseDn, final String filter, final String[] returningAttrs,
final Supplier<Hashtable<String, String>> envSupplier, final SearcConsumer consumer) {
final Supplier<Hashtable<String, String>> envSupplier, final SearchConsumer consumer) {
try (DirContextHolder holder = getDirContext(envSupplier)) {
final SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
@ -1114,7 +1153,7 @@ public class LdapManager {
}
}
interface SearcConsumer {
interface SearchConsumer {
void accept(List<SearchResult> t) throws NamingException;
}

2
src/main/webapp/WEB-INF/view/admin/elevateword/admin_elevateword_download.jsp
View file

@ -78,7 +78,7 @@
<la:errors/>
</div>
<div class="form-group row">
<label for="name" class="col-sm-12 text-sm-right col-form-label"><la:message
<label class="col-sm-12 text-sm-right col-form-label"><la:message
key="labels.elevate_word_file"/></label>
</div>
</div>

5
src/main/webapp/WEB-INF/view/admin/esreq/admin_esreq.jsp
View file

@ -55,8 +55,9 @@
<div class="form-group row">
<label for="requestFile"> <la:message
key="labels.esreq_request_file"/>
</label> <input type="file" name="requestFile"
class="form-control"/>
</label>
<input id="requestFile" type="file" name="requestFile"
class="form-control-file"/>
</div>
<button type="submit" class="btn btn-success" name="upload">
<em class="fa fa-upload"></em>

4
src/main/webapp/WEB-INF/view/admin/group/admin_group_edit.jsp
View file

@ -62,11 +62,11 @@
</div>
</div>
<div class="form-group row">
<label for="gidNumber" class="col-sm-3 text-sm-right col-form-label"><la:message
<label for="attributes.gidNumber" class="col-sm-3 text-sm-right col-form-label"><la:message
key="labels.group_gidNumber"/></label>
<div class="col-sm-9">
<la:errors property="attributes.gidNumber"/>
<la:text property="attributes.gidNumber" styleClass="form-control"/>
<input type="number" id="attributes.gidNumber" name="attributes.gidNumber" class="form-control"/>
</div>
</div>
</div>

4
src/main/webapp/WEB-INF/view/admin/plugin/admin_plugin_installplugin.jsp
View file

@ -69,10 +69,10 @@
<div role="tabpanel" class="tab-pane" id="local">
<div class="card-body">
<div class="form-group row">
<label for="name" class="col-md-3 text-sm-right col-form-label"><la:message
<label for="jarFile" class="col-md-3 text-sm-right col-form-label"><la:message
key="labels.plugin_jar_file"/></label>
<div class="col-md-9 text-sm-right col-form-label">
<input type="file" name="jarFile" class="form-control-file"/>
<input id="jarFile" type="file" name="jarFile" class="form-control-file"/>
</div>
</div>
</div>

2
src/main/webapp/WEB-INF/view/admin/storage/admin_storage.jsp
View file

@ -85,7 +85,7 @@
<label for="name" class="col-sm-3 text-sm-right col-form-label"><la:message
key="labels.storage_folder_name"/></label>
<div class="form-inline col-sm-9">
<input type="text" name="name" class="form-control"/>
<input id="name" type="text" name="name" class="form-control"/>
</div>
</div>
</div>

4
src/main/webapp/WEB-INF/view/admin/user/admin_user_edit.jsp
View file

@ -358,7 +358,7 @@
key="labels.user_uidNumber"/></label>
<div class="col-sm-9">
<la:errors property="attributes.uidNumber"/>
<la:text styleId="attributes.uidNumber" property="attributes.uidNumber" styleClass="form-control"/>
<input type="number" id="attributes.uidNumber" name="attributes.uidNumber" class="form-control"/>
</div>
</div>
<div class="form-group row">
@ -366,7 +366,7 @@
key="labels.user_gidNumber"/></label>
<div class="col-sm-9">
<la:errors property="attributes.gidNumber"/>
<la:text styleId="attributes.gidNumber" property="attributes.gidNumber" styleClass="form-control"/>
<input type="number" id="attributes.gidNumber" name="attributes.gidNumber" class="form-control"/>
</div>
</div>
<div class="form-group row">