diff --git a/src/main/java/org/codelibs/fess/app/web/admin/group/AdminGroupAction.java b/src/main/java/org/codelibs/fess/app/web/admin/group/AdminGroupAction.java index 495e4dfff..dfb7eceeb 100644 --- a/src/main/java/org/codelibs/fess/app/web/admin/group/AdminGroupAction.java +++ b/src/main/java/org/codelibs/fess/app/web/admin/group/AdminGroupAction.java @@ -16,6 +16,8 @@ package org.codelibs.fess.app.web.admin.group; import java.util.Base64; +import java.util.Map; +import java.util.function.Consumer; import javax.annotation.Resource; @@ -28,6 +30,7 @@ import org.codelibs.fess.app.service.GroupService; import org.codelibs.fess.app.web.CrudMode; import org.codelibs.fess.app.web.base.FessAdminAction; import org.codelibs.fess.es.user.exentity.Group; +import org.codelibs.fess.mylasta.action.FessMessages; import org.codelibs.fess.util.ComponentUtil; import org.codelibs.fess.util.RenderDataUtil; import org.dbflute.optional.OptionalEntity; @@ -36,6 +39,7 @@ import org.lastaflute.web.Execute; import org.lastaflute.web.response.HtmlResponse; import org.lastaflute.web.response.render.RenderData; import org.lastaflute.web.ruts.process.ActionRuntime; +import org.lastaflute.web.validation.VaMessenger; /** * @author shinsuke @@ -185,6 +189,7 @@ public class AdminGroupAction extends FessAdminAction { public HtmlResponse create(final CreateForm form) { verifyCrudMode(form.crudMode, CrudMode.CREATE); validate(form, messages -> {}, () -> asEditHtml()); + validateAttributes(form.attributes, v -> throwValidationError(v, () -> asEditHtml())); verifyToken(() -> asEditHtml()); getGroup(form).ifPresent( entity -> { @@ -207,6 +212,7 @@ public class AdminGroupAction extends FessAdminAction { public HtmlResponse update(final EditForm form) { verifyCrudMode(form.crudMode, CrudMode.EDIT); validate(form, messages -> {}, () -> asEditHtml()); + validateAttributes(form.attributes, v -> throwValidationError(v, () -> asEditHtml())); verifyToken(() -> asEditHtml()); getGroup(form).ifPresent( entity -> { @@ -290,6 +296,12 @@ public class AdminGroupAction extends FessAdminAction { } } + public static void validateAttributes(final Map attributes, final Consumer> throwError) { + ComponentUtil.getLdapManager().validateGroupAttributes(Long.class, attributes, s -> + throwError.accept(messages -> messages.addErrorsPropertyTypeLong("attributes." + s, + "attributes." + s))); + } + // =================================================================================== // JSP // ========= diff --git a/src/main/java/org/codelibs/fess/app/web/admin/user/AdminUserAction.java b/src/main/java/org/codelibs/fess/app/web/admin/user/AdminUserAction.java index 1912d7f8e..c36906962 100644 --- a/src/main/java/org/codelibs/fess/app/web/admin/user/AdminUserAction.java +++ b/src/main/java/org/codelibs/fess/app/web/admin/user/AdminUserAction.java @@ -18,6 +18,7 @@ package org.codelibs.fess.app.web.admin.user; import java.util.Base64; import java.util.HashMap; import java.util.Map; +import java.util.function.Consumer; import javax.annotation.Resource; @@ -35,6 +36,7 @@ import org.codelibs.fess.app.web.CrudMode; import org.codelibs.fess.app.web.base.FessAdminAction; import org.codelibs.fess.app.web.base.login.FessLoginAssist; import org.codelibs.fess.es.user.exentity.User; +import org.codelibs.fess.mylasta.action.FessMessages; import org.codelibs.fess.util.ComponentUtil; import org.codelibs.fess.util.RenderDataUtil; import org.dbflute.optional.OptionalEntity; @@ -44,6 +46,7 @@ import org.lastaflute.web.response.HtmlResponse; import org.lastaflute.web.response.render.RenderData; import org.lastaflute.web.ruts.process.ActionRuntime; import org.lastaflute.web.validation.VaErrorHook; +import org.lastaflute.web.validation.VaMessenger; /** * @author shinsuke @@ -208,6 +211,7 @@ public class AdminUserAction extends FessAdminAction { public HtmlResponse create(final CreateForm form) { verifyCrudMode(form.crudMode, CrudMode.CREATE); validate(form, messages -> {}, () -> asEditHtml()); + validateAttributes(form.attributes, v -> throwValidationError(v, () -> asEditHtml())); verifyPassword(form, () -> asEditHtml()); verifyToken(() -> asEditHtml()); getUser(form).ifPresent( @@ -231,6 +235,7 @@ public class AdminUserAction extends FessAdminAction { public HtmlResponse update(final EditForm form) { verifyCrudMode(form.crudMode, CrudMode.EDIT); validate(form, messages -> {}, () -> asEditHtml()); + validateAttributes(form.attributes, v -> throwValidationError(v, () -> asEditHtml())); verifyPassword(form, () -> asEditHtml()); verifyToken(() -> asEditHtml()); getUser(form).ifPresent( @@ -353,6 +358,12 @@ public class AdminUserAction extends FessAdminAction { form.confirmPassword = null; } + public static void validateAttributes(final Map attributes, final Consumer> throwError) { + ComponentUtil.getLdapManager().validateUserAttributes(Long.class, attributes, s -> + throwError.accept(messages -> messages.addErrorsPropertyTypeLong("attributes." + s, + "attributes." + s))); + } + // =================================================================================== // JSP // ========= diff --git a/src/main/java/org/codelibs/fess/app/web/api/admin/group/ApiAdminGroupAction.java b/src/main/java/org/codelibs/fess/app/web/api/admin/group/ApiAdminGroupAction.java index f2ccd88f9..f3ef6792d 100644 --- a/src/main/java/org/codelibs/fess/app/web/api/admin/group/ApiAdminGroupAction.java +++ b/src/main/java/org/codelibs/fess/app/web/api/admin/group/ApiAdminGroupAction.java @@ -16,6 +16,7 @@ package org.codelibs.fess.app.web.api.admin.group; import static org.codelibs.fess.app.web.admin.group.AdminGroupAction.getGroup; +import static org.codelibs.fess.app.web.admin.group.AdminGroupAction.validateAttributes; import java.util.List; import java.util.stream.Collectors; @@ -63,6 +64,7 @@ public class ApiAdminGroupAction extends FessApiAdminAction { @Execute public JsonResponse put$setting(final CreateBody body) { validateApi(body, messages -> {}); + validateAttributes(body.attributes, v -> throwValidationErrorApi(v)); body.crudMode = CrudMode.CREATE; final Group entity = getGroup(body).orElseGet(() -> { throwValidationErrorApi(messages -> { @@ -83,6 +85,7 @@ public class ApiAdminGroupAction extends FessApiAdminAction { @Execute public JsonResponse post$setting(final EditBody body) { validateApi(body, messages -> {}); + validateAttributes(body.attributes, v -> throwValidationErrorApi(v)); body.crudMode = CrudMode.EDIT; final Group entity = getGroup(body).orElseGet(() -> { throwValidationErrorApi(messages -> { diff --git a/src/main/java/org/codelibs/fess/app/web/api/admin/user/ApiAdminUserAction.java b/src/main/java/org/codelibs/fess/app/web/api/admin/user/ApiAdminUserAction.java index 126823c8e..3ada14757 100644 --- a/src/main/java/org/codelibs/fess/app/web/api/admin/user/ApiAdminUserAction.java +++ b/src/main/java/org/codelibs/fess/app/web/api/admin/user/ApiAdminUserAction.java @@ -16,6 +16,7 @@ package org.codelibs.fess.app.web.api.admin.user; import static org.codelibs.fess.app.web.admin.user.AdminUserAction.getUser; +import static org.codelibs.fess.app.web.admin.user.AdminUserAction.validateAttributes; import java.util.List; import java.util.stream.Collectors; @@ -82,6 +83,7 @@ public class ApiAdminUserAction extends FessApiAdminAction { @Execute public JsonResponse post$setting(final EditBody body) { validateApi(body, messages -> {}); + validateAttributes(body.attributes, v -> throwValidationErrorApi(v)); body.crudMode = CrudMode.EDIT; final User entity = getUser(body).orElseGet(() -> { throwValidationErrorApi(messages -> { diff --git a/src/main/java/org/codelibs/fess/ldap/LdapManager.java b/src/main/java/org/codelibs/fess/ldap/LdapManager.java index f79348536..81bff4658 100644 --- a/src/main/java/org/codelibs/fess/ldap/LdapManager.java +++ b/src/main/java/org/codelibs/fess/ldap/LdapManager.java @@ -24,11 +24,13 @@ import java.util.HashSet; import java.util.Hashtable; import java.util.List; import java.util.Locale; +import java.util.Map; import java.util.Set; import java.util.function.BiConsumer; import java.util.function.Consumer; import java.util.function.Supplier; import java.util.stream.Collectors; +import java.util.stream.Stream; import javax.annotation.PostConstruct; import javax.naming.Context; @@ -878,6 +880,25 @@ public class LdapManager { .ifPresent(s -> entry.put(new BasicAttribute(fessConfig.getLdapAttrHomeDirectory(), s))); } + public void validateUserAttributes(final Class type, final Map attributes, final Consumer consumer) { + if (type == Long.class) { + // Long type attributes + final String attrUidNumber = fessConfig.getLdapAttrUidNumber(); + final String attrGidNumber = fessConfig.getLdapAttrGidNumber(); + + Stream.of(attrUidNumber, attrGidNumber).forEach(attrName -> + OptionalUtil.ofNullable(attributes.get(attrName)).filter(StringUtil::isNotBlank).ifPresent(s -> { + try { + DfTypeUtil.toLong(s); + } catch (final NumberFormatException e) { + consumer.accept(attrName); + } + })); + } else { + // do nothing + } + } + public void delete(final User user) { if (!fessConfig.isLdapAdminEnabled(user.getName())) { return; @@ -1017,6 +1038,24 @@ public class LdapManager { .ifPresent(s -> entry.put(new BasicAttribute(fessConfig.getLdapAttrGidNumber(), s))); } + public void validateGroupAttributes(final Class type, final Map attributes, final Consumer consumer) { + if (type == Long.class) { + // Long type attributes + final String attrGidNumber = fessConfig.getLdapAttrGidNumber(); + + Stream.of(attrGidNumber).forEach(attrName -> + OptionalUtil.ofNullable(attributes.get(attrName)).filter(StringUtil::isNotBlank).ifPresent(s -> { + try { + DfTypeUtil.toLong(s); + } catch (final NumberFormatException e) { + consumer.accept(attrName); + } + })); + } else { + // do nothing + } + } + public void delete(final Group group) { if (!fessConfig.isLdapAdminEnabled()) { return; @@ -1071,7 +1110,7 @@ public class LdapManager { } protected void search(final String baseDn, final String filter, final String[] returningAttrs, - final Supplier> envSupplier, final SearcConsumer consumer) { + final Supplier> envSupplier, final SearchConsumer consumer) { try (DirContextHolder holder = getDirContext(envSupplier)) { final SearchControls controls = new SearchControls(); controls.setSearchScope(SearchControls.SUBTREE_SCOPE); @@ -1114,7 +1153,7 @@ public class LdapManager { } } - interface SearcConsumer { + interface SearchConsumer { void accept(List t) throws NamingException; } diff --git a/src/main/webapp/WEB-INF/view/admin/elevateword/admin_elevateword_download.jsp b/src/main/webapp/WEB-INF/view/admin/elevateword/admin_elevateword_download.jsp index a2cb10441..981c88f8b 100644 --- a/src/main/webapp/WEB-INF/view/admin/elevateword/admin_elevateword_download.jsp +++ b/src/main/webapp/WEB-INF/view/admin/elevateword/admin_elevateword_download.jsp @@ -78,7 +78,7 @@
-
diff --git a/src/main/webapp/WEB-INF/view/admin/esreq/admin_esreq.jsp b/src/main/webapp/WEB-INF/view/admin/esreq/admin_esreq.jsp index f01a62dc4..0134d5a48 100644 --- a/src/main/webapp/WEB-INF/view/admin/esreq/admin_esreq.jsp +++ b/src/main/webapp/WEB-INF/view/admin/esreq/admin_esreq.jsp @@ -55,8 +55,9 @@
+ +