add validation pattern for permission name

2025-11-10 15:35:49 +01:00 · 2018-09-26 14:03:08 +02:00
parent 538cd4fe72
commit 9b5848ea07
5 changed files with 28 additions and 9 deletions
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/ValidationConstraints.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/ValidationConstraints.java
@@ -0,0 +1,12 @@
+package sonia.scm.api.v2;
+
+public class ValidationConstraints {
+
+  /**
+   * A user or group name should not start with the @ character
+   * and it not contains whitespaces
+   * the characters: . - _ are allowed
+   */
+  public static final String USER_GROUP_PATTERN = "^[^@][A-z0-9\\.\\-_]|([A-z0-9\\.\\-_]*[A-z0-9\\.\\-_])?$";
+
+}
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/GroupDto.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/GroupDto.java
@@ -13,6 +13,8 @@ import java.time.Instant;
 import java.util.List;
 import java.util.Map;

+import static sonia.scm.api.v2.ValidationConstraints.USER_GROUP_PATTERN;
+
@Getter @Setter @NoArgsConstructor
 public class GroupDto extends HalRepresentation {

@@ -20,7 +22,7 @@ public class GroupDto extends HalRepresentation {
  private String description;
  @JsonInclude(JsonInclude.Include.NON_NULL)
  private Instant lastModified;
-  @Pattern(regexp = "^[A-z0-9\\.\\-_@]|[^ ]([A-z0-9\\.\\-_@ ]*[A-z0-9\\.\\-_@]|[^ ])?$")
+  @Pattern(regexp = USER_GROUP_PATTERN)
  private String name;
  @NotEmpty
  private String type;
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionDto.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionDto.java
@@ -4,15 +4,20 @@ import com.fasterxml.jackson.annotation.JsonInclude;
 import de.otto.edison.hal.HalRepresentation;
 import de.otto.edison.hal.Links;
 import lombok.Getter;
+import lombok.NoArgsConstructor;
 import lombok.Setter;
 import lombok.ToString;

-@Getter @Setter @ToString
+import javax.validation.constraints.Pattern;
+
+import static sonia.scm.api.v2.ValidationConstraints.USER_GROUP_PATTERN;
+
+@Getter @Setter @ToString @NoArgsConstructor
 public class PermissionDto extends HalRepresentation {

  public static final String GROUP_PREFIX = "@";

-  @JsonInclude(JsonInclude.Include.NON_NULL)
+  @Pattern(regexp = USER_GROUP_PATTERN)
  private String name;

  /**
@@ -28,9 +33,6 @@ public class PermissionDto extends HalRepresentation {

  private boolean groupPermission = false;

-  public PermissionDto() {
-  }
-
  public PermissionDto(String permissionName, boolean groupPermission) {
    name = permissionName;
    this.groupPermission = groupPermission;
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionRootResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionRootResource.java
@@ -16,6 +16,7 @@ import sonia.scm.repository.RepositoryPermissions;
 import sonia.scm.web.VndMediaType;

 import javax.inject.Inject;
+import javax.validation.Valid;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
@@ -70,7 +71,7 @@ public class PermissionRootResource {
  @TypeHint(TypeHint.NO_CONTENT.class)
  @Consumes(VndMediaType.PERMISSION)
  @Path("")
-  public Response create(@PathParam("namespace") String namespace, @PathParam("name") String name, PermissionDto permission) throws Exception {
+  public Response create(@PathParam("namespace") String namespace, @PathParam("name") String name,@Valid PermissionDto permission) throws Exception {
    log.info("try to add new permission: {}", permission);
    Repository repository = load(namespace, name);
    RepositoryPermissions.permissionWrite(repository).check();
@@ -156,7 +157,7 @@ public class PermissionRootResource {
  public Response update(@PathParam("namespace") String namespace,
                         @PathParam("name") String name,
                         @PathParam("permission-name") String permissionName,
-                         PermissionDto permission) throws NotFoundException, AlreadyExistsException {
+                         @Valid PermissionDto permission) throws NotFoundException, AlreadyExistsException {
    log.info("try to update the permission with name: {}. the modified permission is: {}", permissionName, permission);
    Repository repository = load(namespace, name);
    RepositoryPermissions.permissionWrite(repository).check();
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserDto.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserDto.java
@@ -13,6 +13,8 @@ import javax.validation.constraints.Pattern;
 import java.time.Instant;
 import java.util.Map;

+import static sonia.scm.api.v2.ValidationConstraints.USER_GROUP_PATTERN;
+
@NoArgsConstructor @Getter @Setter
 public class UserDto extends HalRepresentation {
  private boolean active;
@@ -24,7 +26,7 @@ public class UserDto extends HalRepresentation {
  private Instant lastModified;
  @NotEmpty @Email
  private String mail;
-  @Pattern(regexp = "^[A-z0-9\\.\\-_@]|[^ ]([A-z0-9\\.\\-_@ ]*[A-z0-9\\.\\-_@]|[^ ])?$")
+  @Pattern(regexp = USER_GROUP_PATTERN)
  private String name;
  @JsonInclude(JsonInclude.Include.NON_NULL)
  private String password;