Validate groups and users in backend, too

2025-11-08 14:35:45 +01:00 · 2019-01-31 11:39:16 +01:00
parent 77a1b9b55d
commit 225fb0a705
4 changed files with 53 additions and 1 deletions
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/ConfigDto.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/ConfigDto.java
@@ -23,7 +23,9 @@ public class ConfigDto extends HalRepresentation {
  private boolean disableGroupingGrid;
  private String dateFormat;
  private boolean anonymousAccessEnabled;
+  @NoBlankStrings
  private Set<String> adminGroups;
+  @NoBlankStrings
  private Set<String> adminUsers;
  private String baseUrl;
  private boolean forceBaseUrl;
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/ConfigResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/ConfigResource.java
@@ -9,6 +9,7 @@ import sonia.scm.util.ScmConfigurationUtil;
 import sonia.scm.web.VndMediaType;

 import javax.inject.Inject;
+import javax.validation.Valid;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.PUT;
@@ -71,7 +72,7 @@ public class ConfigResource {
    @ResponseCode(code = 500, condition = "internal server error")
  })
  @TypeHint(TypeHint.NO_CONTENT.class)
-  public Response update(ConfigDto configDto) {
+  public Response update(@Valid ConfigDto configDto) {

    // This *could* be moved to ScmConfiguration or ScmConfigurationUtil classes.
    // But to where to check? load() or store()? Leave it for now, SCMv1 legacy that can be cleaned up later.
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/NoBlankStrings.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/NoBlankStrings.java
@@ -0,0 +1,26 @@
+package sonia.scm.api.v2.resources;
+
+import javax.validation.Constraint;
+import javax.validation.Payload;
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+@Target({FIELD, METHOD, PARAMETER, ANNOTATION_TYPE})
+@Retention(RUNTIME)
+@Constraint(validatedBy = NoBlankStringsValidator.class)
+@Documented
+public @interface NoBlankStrings {
+
+  String message() default "collection must not contain empty strings";
+
+  Class<?>[] groups() default {};
+
+  Class<? extends Payload>[] payload() default {};
+}
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/NoBlankStringsValidator.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/NoBlankStringsValidator.java
@@ -0,0 +1,23 @@
+package sonia.scm.api.v2.resources;
+
+import javax.validation.ConstraintValidator;
+import javax.validation.ConstraintValidatorContext;
+import java.util.Collection;
+
+public class NoBlankStringsValidator implements ConstraintValidator<NoBlankStrings, Collection> {
+
+  @Override
+  public void initialize(NoBlankStrings constraintAnnotation) {
+  }
+
+  @Override
+  public boolean isValid(Collection object, ConstraintValidatorContext constraintContext) {
+    if ( object == null || object.isEmpty()) {
+      return true;
+    }
+    return object.stream()
+      .map(x -> x.toString())
+      .map(s -> ((String) s).trim())
+      .noneMatch(s -> ((String) s).isEmpty());
+  }
+}