validation for too long comment name added

6d8b9c9c · Piotr Gawron · dccafab3 · 6d8b9c9c · 6d8b9c9c · 6d8b9c9c
Commit 6d8b9c9c authored Jun 03, 2020 by Piotr Gawron
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,9 @@ minerva (14.0.13) stable; urgency=medium
    (#1260)
  * Bug fix: uploaded HGNC identifiers that looks like "HGNC:HGNC:1234" are
    changed to "HGNC:1234" (#1252)
+  * Bug fix: creating comment with too long name/email resulted in Internal
+    Server Error - now the proper error message is returned (#1245)
+  * Bug fix: user cannot put too long name in a comment dialog (#1245)

 -- Piotr Gawron <piotr.gawron@uni.lu>  Wed, 3 Jun 2020 17:00:00 +0200


--- a/frontend-js/src/main/js/gui/CommentDialog.js
+++ b/frontend-js/src/main/js/gui/CommentDialog.js
@@ -128,6 +128,7 @@ CommentDialog.prototype._createGui = function () {
  nameLabel.innerHTML = "Name:<br/>(Visible to moderators only)";
  var nameInput = document.createElement('input');
  nameInput.type = "text";
+  nameInput.maxLength = "255";

  table.appendChild(createRow([nameLabel, nameInput]));
  this.setNameInput(nameInput);
@@ -136,6 +137,7 @@ CommentDialog.prototype._createGui = function () {
  emailLabel.innerHTML = "Email:<br/>(Visible to moderators only)";
  var emailInput = document.createElement('input');
  emailInput.type = "text";
+  emailInput.maxLength = "255";

  table.appendChild(createRow([emailLabel, emailInput]));
  this.setEmailInput(emailInput);

--- a/rest-api/src/main/java/lcsb/mapviewer/api/projects/comments/CommentRestImpl.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/projects/comments/CommentRestImpl.java
@@ -282,6 +282,12 @@ public class CommentRestImpl extends BaseRestImpl {
    } else {
      throw new QueryException("Unknown type of commented object: " + elementType);
    }
+    if (name == null || name.length() > 255) {
+      throw new QueryException("name too long");
+    }
+    if (email == null || email.length() > 255) {
+      throw new QueryException("email too long");
+    }

    Comment comment = commentService.addComment(name, email, content, pointCoordinates, commentedObject, pinned,
        submodel, owner);

--- a/web/src/test/java/lcsb/mapviewer/web/CommentControllerIntegrationTest.java
+++ b/web/src/test/java/lcsb/mapviewer/web/CommentControllerIntegrationTest.java
@@ -4,7 +4,9 @@ import static org.junit.Assert.*;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

-import java.util.Arrays;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.*;

 import org.apache.http.client.entity.UrlEncodedFormEntity;
 import org.apache.http.message.BasicNameValuePair;
@@ -896,7 +898,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
    MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);

    ModelData submap = map.getSubmodels().iterator().next().getSubmodel();
-    
+
    Comment comment = createComment(submap);
    commentDao.add(comment);

@@ -910,8 +912,6 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
    assertEquals(true, comment.isDeleted());
  }

-
-  
  private Comment createReactionComment() {
    Comment comment = createComment(map);
    comment.setTableName(reaction.getClass());
@@ -925,4 +925,46 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
    comment.setTableId(element.getId());
    return comment;
  }
+
+  @Test
+  public void testInvalidInputWhenCreateComment() throws Exception {
+    MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
+
+    String invalidString = new String(new char[1024]).replace('\0', 'x');
+
+    for (String type: new String[] {"name", "email"}) {
+      String body = createContentBody(type, invalidString);
+
+      RequestBuilder request = post(
+          "/projects/" + TEST_PROJECT + "/comments/models/" + map.getId() + "/bioEntities/elements/" + element.getId())
+              .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+              .content(body)
+              .session(session);
+
+      mockMvc.perform(request)
+          .andExpect(status().isBadRequest());
+    }
+  }
+
+  private String createContentBody(String type, String value) throws IOException, UnsupportedEncodingException {
+    List<BasicNameValuePair> params = new ArrayList<>(Arrays.asList(
+        new BasicNameValuePair("name", "name"),
+        new BasicNameValuePair("email", "a@a.lu"),
+        new BasicNameValuePair("content", "tes content"),
+        new BasicNameValuePair("pinned", "true"),
+        new BasicNameValuePair("coordinates", "10,2"),
+        new BasicNameValuePair("modelId", map.getId().toString())));
+
+    BasicNameValuePair toRemove = null;
+    for (BasicNameValuePair basicNameValuePair : params) {
+      if (basicNameValuePair.getName().equals(type)) {
+        toRemove = basicNameValuePair;
+      }
+    }
+    params.remove(toRemove);
+    params.add(new BasicNameValuePair(type, value));
+
+    return EntityUtils.toString(new UrlEncodedFormEntity(params));
+  }
+
 }