Add validation to numericals of ldap attributes (#2402)

src/main/java/org/codelibs/fess/app/web/admin/group/AdminGroupAction.java

@@ -16,6 +16,8 @@
 package org.codelibs.fess.app.web.admin.group;
 
 import java.util.Base64;
+import java.util.Map;
+import java.util.function.Consumer;
 
 import javax.annotation.Resource;
 
@@ -28,6 +30,7 @@ import org.codelibs.fess.app.service.GroupService;
 import org.codelibs.fess.app.web.CrudMode;
 import org.codelibs.fess.app.web.base.FessAdminAction;
 import org.codelibs.fess.es.user.exentity.Group;
+import org.codelibs.fess.mylasta.action.FessMessages;
 import org.codelibs.fess.util.ComponentUtil;
 import org.codelibs.fess.util.RenderDataUtil;
 import org.dbflute.optional.OptionalEntity;
@@ -36,6 +39,7 @@ import org.lastaflute.web.Execute;
 import org.lastaflute.web.response.HtmlResponse;
 import org.lastaflute.web.response.render.RenderData;
 import org.lastaflute.web.ruts.process.ActionRuntime;
+import org.lastaflute.web.validation.VaMessenger;
 
 /**
  * @author shinsuke
@@ -185,6 +189,7 @@ public class AdminGroupAction extends FessAdminAction {
     public HtmlResponse create(final CreateForm form) {
         verifyCrudMode(form.crudMode, CrudMode.CREATE);
         validate(form, messages -> {}, () -> asEditHtml());
+        validateAttributes(form.attributes, v -> throwValidationError(v, () -> asEditHtml()));
         verifyToken(() -> asEditHtml());
         getGroup(form).ifPresent(
                 entity -> {
@@ -207,6 +212,7 @@ public class AdminGroupAction extends FessAdminAction {
     public HtmlResponse update(final EditForm form) {
         verifyCrudMode(form.crudMode, CrudMode.EDIT);
         validate(form, messages -> {}, () -> asEditHtml());
+        validateAttributes(form.attributes, v -> throwValidationError(v, () -> asEditHtml()));
         verifyToken(() -> asEditHtml());
         getGroup(form).ifPresent(
                 entity -> {
@@ -290,6 +296,12 @@ public class AdminGroupAction extends FessAdminAction {
         }
     }
 
+    public static void validateAttributes(final Map<String, String> attributes, final Consumer<VaMessenger<FessMessages>> throwError) {
+        ComponentUtil.getLdapManager().validateGroupAttributes(Long.class, attributes, s ->
+                        throwError.accept(messages -> messages.addErrorsPropertyTypeLong("attributes." + s,
+                                "attributes." + s)));
+    }
+
     // ===================================================================================
     //                                                                              JSP
     //                                                                           =========

src/main/java/org/codelibs/fess/app/web/admin/user/AdminUserAction.java

@@ -18,6 +18,7 @@ package org.codelibs.fess.app.web.admin.user;
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.function.Consumer;
 
 import javax.annotation.Resource;
 
@@ -35,6 +36,7 @@ import org.codelibs.fess.app.web.CrudMode;
 import org.codelibs.fess.app.web.base.FessAdminAction;
 import org.codelibs.fess.app.web.base.login.FessLoginAssist;
 import org.codelibs.fess.es.user.exentity.User;
+import org.codelibs.fess.mylasta.action.FessMessages;
 import org.codelibs.fess.util.ComponentUtil;
 import org.codelibs.fess.util.RenderDataUtil;
 import org.dbflute.optional.OptionalEntity;
@@ -44,6 +46,7 @@ import org.lastaflute.web.response.HtmlResponse;
 import org.lastaflute.web.response.render.RenderData;
 import org.lastaflute.web.ruts.process.ActionRuntime;
 import org.lastaflute.web.validation.VaErrorHook;
+import org.lastaflute.web.validation.VaMessenger;
 
 /**
  * @author shinsuke
@@ -208,6 +211,7 @@ public class AdminUserAction extends FessAdminAction {
     public HtmlResponse create(final CreateForm form) {
         verifyCrudMode(form.crudMode, CrudMode.CREATE);
         validate(form, messages -> {}, () -> asEditHtml());
+        validateAttributes(form.attributes, v -> throwValidationError(v, () -> asEditHtml()));
         verifyPassword(form, () -> asEditHtml());
         verifyToken(() -> asEditHtml());
         getUser(form).ifPresent(
@@ -231,6 +235,7 @@ public class AdminUserAction extends FessAdminAction {
     public HtmlResponse update(final EditForm form) {
         verifyCrudMode(form.crudMode, CrudMode.EDIT);
         validate(form, messages -> {}, () -> asEditHtml());
+        validateAttributes(form.attributes, v -> throwValidationError(v, () -> asEditHtml()));
         verifyPassword(form, () -> asEditHtml());
         verifyToken(() -> asEditHtml());
         getUser(form).ifPresent(
@@ -353,6 +358,12 @@ public class AdminUserAction extends FessAdminAction {
         form.confirmPassword = null;
     }
 
+    public static void validateAttributes(final Map<String, String> attributes, final Consumer<VaMessenger<FessMessages>> throwError) {
+        ComponentUtil.getLdapManager().validateUserAttributes(Long.class, attributes, s ->
+                throwError.accept(messages -> messages.addErrorsPropertyTypeLong("attributes." + s,
+                        "attributes." + s)));
+    }
+
     // ===================================================================================
     //                                                                              JSP
     //                                                                           =========

src/main/java/org/codelibs/fess/app/web/api/admin/group/ApiAdminGroupAction.java

@@ -16,6 +16,7 @@
 package org.codelibs.fess.app.web.api.admin.group;
 
 import static org.codelibs.fess.app.web.admin.group.AdminGroupAction.getGroup;
+import static org.codelibs.fess.app.web.admin.group.AdminGroupAction.validateAttributes;
 
 import java.util.List;
 import java.util.stream.Collectors;
@@ -63,6 +64,7 @@ public class ApiAdminGroupAction extends FessApiAdminAction {
     @Execute
     public JsonResponse<ApiResult> put$setting(final CreateBody body) {
         validateApi(body, messages -> {});
+        validateAttributes(body.attributes, v -> throwValidationErrorApi(v));
         body.crudMode = CrudMode.CREATE;
         final Group entity = getGroup(body).orElseGet(() -> {
             throwValidationErrorApi(messages -> {
@@ -83,6 +85,7 @@ public class ApiAdminGroupAction extends FessApiAdminAction {
     @Execute
     public JsonResponse<ApiResult> post$setting(final EditBody body) {
         validateApi(body, messages -> {});
+        validateAttributes(body.attributes, v -> throwValidationErrorApi(v));
         body.crudMode = CrudMode.EDIT;
         final Group entity = getGroup(body).orElseGet(() -> {
             throwValidationErrorApi(messages -> {

src/main/java/org/codelibs/fess/app/web/api/admin/user/ApiAdminUserAction.java

@@ -16,6 +16,7 @@
 package org.codelibs.fess.app.web.api.admin.user;
 
 import static org.codelibs.fess.app.web.admin.user.AdminUserAction.getUser;
+import static org.codelibs.fess.app.web.admin.user.AdminUserAction.validateAttributes;
 
 import java.util.List;
 import java.util.stream.Collectors;
@@ -82,6 +83,7 @@ public class ApiAdminUserAction extends FessApiAdminAction {
     @Execute
     public JsonResponse<ApiResult> post$setting(final EditBody body) {
         validateApi(body, messages -> {});
+        validateAttributes(body.attributes, v -> throwValidationErrorApi(v));
         body.crudMode = CrudMode.EDIT;
         final User entity = getUser(body).orElseGet(() -> {
             throwValidationErrorApi(messages -> {

src/main/java/org/codelibs/fess/ldap/LdapManager.java

@@ -24,11 +24,13 @@ import java.util.HashSet;
 import java.util.Hashtable;
 import java.util.List;
 import java.util.Locale;
+import java.util.Map;
 import java.util.Set;
 import java.util.function.BiConsumer;
 import java.util.function.Consumer;
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 
 import javax.annotation.PostConstruct;
 import javax.naming.Context;
@@ -878,6 +880,25 @@ public class LdapManager {
                 .ifPresent(s -> entry.put(new BasicAttribute(fessConfig.getLdapAttrHomeDirectory(), s)));
     }
 
+    public void validateUserAttributes(final Class<?> type, final Map<String, String> attributes, final Consumer<String> consumer) {
+        if (type == Long.class) {
+            // Long type attributes
+            final String attrUidNumber = fessConfig.getLdapAttrUidNumber();
+            final String attrGidNumber = fessConfig.getLdapAttrGidNumber();
+
+            Stream.of(attrUidNumber, attrGidNumber).forEach(attrName ->
+                        OptionalUtil.ofNullable(attributes.get(attrName)).filter(StringUtil::isNotBlank).ifPresent(s -> {
+                            try {
+                                DfTypeUtil.toLong(s);
+                            } catch (final NumberFormatException e) {
+                                consumer.accept(attrName);
+                            }
+                        }));
+        } else {
+            // do nothing
+        }
+    }
+
     public void delete(final User user) {
         if (!fessConfig.isLdapAdminEnabled(user.getName())) {
             return;
@@ -1017,6 +1038,24 @@ public class LdapManager {
                 .ifPresent(s -> entry.put(new BasicAttribute(fessConfig.getLdapAttrGidNumber(), s)));
     }
 
+    public void validateGroupAttributes(final Class<?> type, final Map<String, String> attributes, final Consumer<String> consumer) {
+        if (type == Long.class) {
+            // Long type attributes
+            final String attrGidNumber = fessConfig.getLdapAttrGidNumber();
+
+            Stream.of(attrGidNumber).forEach(attrName ->
+                OptionalUtil.ofNullable(attributes.get(attrName)).filter(StringUtil::isNotBlank).ifPresent(s -> {
+                    try {
+                        DfTypeUtil.toLong(s);
+                    } catch (final NumberFormatException e) {
+                        consumer.accept(attrName);
+                    }
+                }));
+        } else {
+            // do nothing
+        }
+    }
+
     public void delete(final Group group) {
         if (!fessConfig.isLdapAdminEnabled()) {
             return;
@@ -1071,7 +1110,7 @@ public class LdapManager {
     }
 
     protected void search(final String baseDn, final String filter, final String[] returningAttrs,
-            final Supplier<Hashtable<String, String>> envSupplier, final SearcConsumer consumer) {
+            final Supplier<Hashtable<String, String>> envSupplier, final SearchConsumer consumer) {
         try (DirContextHolder holder = getDirContext(envSupplier)) {
             final SearchControls controls = new SearchControls();
             controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
@@ -1114,7 +1153,7 @@ public class LdapManager {
         }
     }
 
-    interface SearcConsumer {
+    interface SearchConsumer {
         void accept(List<SearchResult> t) throws NamingException;
     }
 

src/main/webapp/WEB-INF/view/admin/elevateword/admin_elevateword_download.jsp

@@ -78,7 +78,7 @@
                                     <la:errors/>
                                 </div>
                                 <div class="form-group row">
-                                    <label for="name" class="col-sm-12 text-sm-right col-form-label"><la:message
+                                    <label class="col-sm-12 text-sm-right col-form-label"><la:message
                                             key="labels.elevate_word_file"/></label>
                                 </div>
                             </div>

src/main/webapp/WEB-INF/view/admin/esreq/admin_esreq.jsp

@@ -55,8 +55,9 @@
                                                 <div class="form-group row">
                                                     <label for="requestFile"> <la:message
                                                             key="labels.esreq_request_file"/>
-                                                    </label> <input type="file" name="requestFile"
-                                                                    class="form-control"/>
+                                                    </label>
+                                                    <input id="requestFile" type="file" name="requestFile"
+                                                                    class="form-control-file"/>
                                                 </div>
                                                 <button type="submit" class="btn btn-success" name="upload">
                                                     <em class="fa fa-upload"></em>

src/main/webapp/WEB-INF/view/admin/group/admin_group_edit.jsp

@@ -62,11 +62,11 @@
                                     </div>
                                 </div>
                                 <div class="form-group row">
-                                    <label for="gidNumber" class="col-sm-3 text-sm-right col-form-label"><la:message
+                                    <label for="attributes.gidNumber" class="col-sm-3 text-sm-right col-form-label"><la:message
                                             key="labels.group_gidNumber"/></label>
                                     <div class="col-sm-9">
                                         <la:errors property="attributes.gidNumber"/>
-                                        <la:text property="attributes.gidNumber" styleClass="form-control"/>
+                                        <input type="number" id="attributes.gidNumber" name="attributes.gidNumber" class="form-control"/>
                                     </div>
                                 </div>
                             </div>

src/main/webapp/WEB-INF/view/admin/plugin/admin_plugin_installplugin.jsp

@@ -69,10 +69,10 @@
                                 <div role="tabpanel" class="tab-pane" id="local">
                                     <div class="card-body">
                                         <div class="form-group row">
-                                            <label for="name" class="col-md-3 text-sm-right col-form-label"><la:message
+                                            <label for="jarFile" class="col-md-3 text-sm-right col-form-label"><la:message
                                                     key="labels.plugin_jar_file"/></label>
                                             <div class="col-md-9 text-sm-right col-form-label">
-                                                <input type="file" name="jarFile" class="form-control-file"/>
+                                                <input id="jarFile" type="file" name="jarFile" class="form-control-file"/>
                                             </div>
                                         </div>
                                     </div>

src/main/webapp/WEB-INF/view/admin/storage/admin_storage.jsp

@@ -85,7 +85,7 @@
                                                         <label for="name" class="col-sm-3 text-sm-right col-form-label"><la:message
                                                                 key="labels.storage_folder_name"/></label>
                                                         <div class="form-inline col-sm-9">
-                                                           <input type="text" name="name" class="form-control"/>
+                                                           <input id="name" type="text" name="name" class="form-control"/>
                                                         </div>
                                                     </div>
                                                 </div>

src/main/webapp/WEB-INF/view/admin/user/admin_user_edit.jsp

@@ -358,7 +358,7 @@
                                                 key="labels.user_uidNumber"/></label>
                                         <div class="col-sm-9">
                                             <la:errors property="attributes.uidNumber"/>
-                                            <la:text styleId="attributes.uidNumber" property="attributes.uidNumber" styleClass="form-control"/>
+                                            <input type="number" id="attributes.uidNumber" name="attributes.uidNumber" class="form-control"/>
                                         </div>
                                     </div>
                                     <div class="form-group row">
@@ -366,7 +366,7 @@
                                                 key="labels.user_gidNumber"/></label>
                                         <div class="col-sm-9">
                                             <la:errors property="attributes.gidNumber"/>
-                                            <la:text styleId="attributes.gidNumber" property="attributes.gidNumber" styleClass="form-control"/>
+                                            <input type="number" id="attributes.gidNumber" name="attributes.gidNumber" class="form-control"/>
                                         </div>
                                     </div>
                                     <div class="form-group row">