Merged in bugfix/forbid_empty_groups_users_at_global_permission (pull request #167)

disable add admin group/user button when entry is empty

scm-ui-components/packages/ui-components/src/forms/AddEntryToTableField.js

@@ -48,7 +48,7 @@ class AddEntryToTableField extends React.Component<Props, State> {
         <AddButton
           label={buttonLabel}
           action={this.addButtonClicked}
-          disabled={disabled}
+          disabled={disabled || this.state.entryToAdd ===""}
         />
       </div>
     );

scm-webapp/src/main/java/sonia/scm/api/v2/resources/ConfigDto.java

@@ -23,7 +23,9 @@ public class ConfigDto extends HalRepresentation {
   private boolean disableGroupingGrid;
   private String dateFormat;
   private boolean anonymousAccessEnabled;
+  @NoBlankStrings
   private Set<String> adminGroups;
+  @NoBlankStrings
   private Set<String> adminUsers;
   private String baseUrl;
   private boolean forceBaseUrl;

scm-webapp/src/main/java/sonia/scm/api/v2/resources/ConfigResource.java

@@ -9,6 +9,7 @@ import sonia.scm.util.ScmConfigurationUtil;
 import sonia.scm.web.VndMediaType;
 
 import javax.inject.Inject;
+import javax.validation.Valid;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.PUT;
@@ -71,7 +72,7 @@ public class ConfigResource {
     @ResponseCode(code = 500, condition = "internal server error")
   })
   @TypeHint(TypeHint.NO_CONTENT.class)
-  public Response update(ConfigDto configDto) {
+  public Response update(@Valid ConfigDto configDto) {
 
     // This *could* be moved to ScmConfiguration or ScmConfigurationUtil classes.
     // But to where to check? load() or store()? Leave it for now, SCMv1 legacy that can be cleaned up later.

scm-webapp/src/main/java/sonia/scm/api/v2/resources/NoBlankStrings.java

@@ -0,0 +1,26 @@
+package sonia.scm.api.v2.resources;
+
+import javax.validation.Constraint;
+import javax.validation.Payload;
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+@Target({FIELD, METHOD, PARAMETER, ANNOTATION_TYPE})
+@Retention(RUNTIME)
+@Constraint(validatedBy = NoBlankStringsValidator.class)
+@Documented
+public @interface NoBlankStrings {
+
+  String message() default "collection must not contain empty strings";
+
+  Class<?>[] groups() default {};
+
+  Class<? extends Payload>[] payload() default {};
+}

scm-webapp/src/main/java/sonia/scm/api/v2/resources/NoBlankStringsValidator.java

@@ -0,0 +1,23 @@
+package sonia.scm.api.v2.resources;
+
+import javax.validation.ConstraintValidator;
+import javax.validation.ConstraintValidatorContext;
+import java.util.Collection;
+
+public class NoBlankStringsValidator implements ConstraintValidator<NoBlankStrings, Collection> {
+
+  @Override
+  public void initialize(NoBlankStrings constraintAnnotation) {
+  }
+
+  @Override
+  public boolean isValid(Collection object, ConstraintValidatorContext constraintContext) {
+    if ( object == null || object.isEmpty()) {
+      return true;
+    }
+    return object.stream()
+      .map(x -> x.toString())
+      .map(s -> ((String) s).trim())
+      .noneMatch(s -> ((String) s).isEmpty());
+  }
+}

scm-webapp/src/test/java/sonia/scm/api/v2/resources/ConfigResourceTest.java

@@ -92,11 +92,7 @@ public class ConfigResourceTest {
   @Test
   @SubjectAware(username = "readWrite")
   public void shouldUpdateConfig() throws URISyntaxException, IOException {
-    URL url = Resources.getResource("sonia/scm/api/v2/config-test-update.json");
-    byte[] configJson = Resources.toByteArray(url);
-    MockHttpRequest request = MockHttpRequest.put("/" + ConfigResource.CONFIG_PATH_V2)
-      .contentType(VndMediaType.CONFIG)
-      .content(configJson);
+    MockHttpRequest request = post("sonia/scm/api/v2/config-test-update.json");
 
     MockHttpResponse response = new MockHttpResponse();
     dispatcher.invoke(request, response);
@@ -113,11 +109,7 @@ public class ConfigResourceTest {
   @Test
   @SubjectAware(username = "readOnly")
   public void shouldNotUpdateConfigWhenNotAuthorized() throws URISyntaxException, IOException {
-    URL url = Resources.getResource("sonia/scm/api/v2/config-test-update.json");
-    byte[] configJson = Resources.toByteArray(url);
-    MockHttpRequest request = MockHttpRequest.put("/" + ConfigResource.CONFIG_PATH_V2)
-      .contentType(VndMediaType.CONFIG)
-      .content(configJson);
+    MockHttpRequest request = post("sonia/scm/api/v2/config-test-update.json");
     MockHttpResponse response = new MockHttpResponse();
 
     thrown.expectMessage("Subject does not have permission [configuration:write:global]");
@@ -125,6 +117,36 @@ public class ConfigResourceTest {
     dispatcher.invoke(request, response);
   }
 
+  @Test
+  @SubjectAware(username = "readWrite")
+  public void shouldFailForEmptyAdminUsers() throws URISyntaxException, IOException {
+    MockHttpRequest request = post("sonia/scm/api/v2/config-test-empty-admin-user.json");
+
+    MockHttpResponse response = new MockHttpResponse();
+    dispatcher.invoke(request, response);
+
+    assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
+  }
+
+  @Test
+  @SubjectAware(username = "readWrite")
+  public void shouldFailForEmptyAdminGroups() throws URISyntaxException, IOException {
+    MockHttpRequest request = post("sonia/scm/api/v2/config-test-empty-admin-group.json");
+
+    MockHttpResponse response = new MockHttpResponse();
+    dispatcher.invoke(request, response);
+
+    assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
+  }
+
+  private MockHttpRequest post(String resourceName) throws IOException, URISyntaxException {
+    URL url = Resources.getResource(resourceName);
+    byte[] configJson = Resources.toByteArray(url);
+    return MockHttpRequest.put("/" + ConfigResource.CONFIG_PATH_V2)
+      .contentType(VndMediaType.CONFIG)
+      .content(configJson);
+  }
+
   private static ScmConfiguration createConfiguration() {
     ScmConfiguration scmConfiguration = new ScmConfiguration();
     scmConfiguration.setProxyPassword("heartOfGold");

scm-webapp/src/test/java/sonia/scm/api/v2/resources/NoBlankStringsValidatorTest.java

@@ -0,0 +1,28 @@
+package sonia.scm.api.v2.resources;
+
+import org.junit.jupiter.api.Test;
+
+import java.util.Arrays;
+import java.util.Collections;
+
+import static java.util.Collections.emptySet;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+class NoBlankStringsValidatorTest {
+
+  @Test
+  void shouldAcceptNonEmptyElements() {
+    assertTrue(new NoBlankStringsValidator().isValid(Arrays.asList("not", "empty"), null));
+  }
+
+  @Test
+  void shouldFailForEmptyElements() {
+    assertFalse(new NoBlankStringsValidator().isValid(Arrays.asList("one", "", "three"), null));
+  }
+
+  @Test
+  void shouldAcceptEmptyList() {
+    assertTrue(new NoBlankStringsValidator().isValid(emptySet(), null));
+  }
+}

scm-webapp/src/test/resources/sonia/scm/api/v2/config-test-empty-admin-group.json

@@ -0,0 +1,3 @@
+{
+  "adminGroups": [""]
+}

scm-webapp/src/test/resources/sonia/scm/api/v2/config-test-empty-admin-user.json

@@ -0,0 +1,3 @@
+{
+  "adminUsers": [""]
+}