Commit 86d7e896 authored by Piotr Gawron's avatar Piotr Gawron
Browse files

Merge branch '951-restrict-version-to-20-characters' into 'master'

Resolve "restrict Version to 20 characters"

Closes #951

See merge request minerva/core!934
parents df0c0099 d8df8d01
Pipeline #13938 passed with stage
in 14 minutes and 24 seconds
......@@ -6,6 +6,7 @@ minerva (14.0.0~beta.2) unstable; urgency=low
* Bug fix: removing overlays as curator in admin panel fixed (#944)
* Bug fix: information about deprecated column is more clear about column
names (#838)
* Bug fix: version of the project is limited to 20 characters (#951)
-- Piotr Gawron <piotr.gawron@uni.lu> Mon, 16 Sep 2019 21:00:00 +0200
......
......@@ -261,14 +261,13 @@ public class ProjectRestImpl extends BaseRestImpl {
stringValue = (String) value;
}
if (fieldName.equalsIgnoreCase("version")) {
if (value != null && ((String) value).length() > 20) {
throw new QueryException("version is too long (>20 characters)");
}
project.setVersion((String) value);
} else if (fieldName.equalsIgnoreCase("id")) {
try {
int id = Integer.parseInt(stringValue);
if (id != project.getId()) {
throw new QueryException("Invalid id: " + stringValue);
}
} catch (NumberFormatException e) {
int id = parseInteger(stringValue, "id");
if (id != project.getId()) {
throw new QueryException("Invalid id: " + stringValue);
}
} else if (fieldName.equalsIgnoreCase("projectId")) {
......@@ -277,7 +276,7 @@ public class ProjectRestImpl extends BaseRestImpl {
}
} else if (fieldName.equalsIgnoreCase("name")) {
if (value != null && ((String) value).length() > 255) {
throw new QueryException("name is too long");
throw new QueryException("name is too long (>255 characters)");
}
project.setName((String) value);
} else if (fieldName.equalsIgnoreCase("notifyEmail")) {
......@@ -387,6 +386,9 @@ public class ProjectRestImpl extends BaseRestImpl {
params.sbgnFormat(getFirstValue(data.get("sbgn")));
params.semanticZoomContainsMultipleLayouts(getFirstValue(data.get("semantic-zoom-contains-multiple-layouts")));
params.version(getFirstValue(data.get("version")));
if (params.getVersion() != null && params.getVersion().length() > 20) {
throw new QueryException("version is too long (>20 characters)");
}
params.annotations(getFirstValue(data.get("annotate")));
params.setUser(user);
MapCanvasType mapCanvasType;
......
......@@ -34,8 +34,6 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
private static final String TEST_PROJECT = "test_project";
private static final String CURATOR_PASSWORD = "test_pass";
private static final String CURATOR_LOGIN = "test_user";
private static final String ADMIN_PASSWORD = "admin_pass";
private static final String ADMIN_LOGIN = "admin_user";
Logger logger = LogManager.getLogger();
@Autowired
private IUserService userService;
......@@ -44,18 +42,15 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
private ProjectDao projectDao;
private User curator;
private User admin;
@Before
public void setup() {
curator = createCurator(CURATOR_LOGIN, CURATOR_PASSWORD);
admin = createAdmin(ADMIN_LOGIN, ADMIN_PASSWORD);
}
@Test
public void testGetAllProjectsAsAdmin() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
createProject(TEST_PROJECT);
RequestBuilder request = get("/projects/")
......@@ -136,7 +131,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
public void testGrantPrivilege() throws Exception {
createProject(TEST_PROJECT);
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
String body = "[{"
+ "\"privilegeType\":\"" + PrivilegeType.READ_PROJECT + "\", "
......@@ -158,7 +153,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
Project project = createProject(TEST_PROJECT);
userService.grantUserPrivilege(curator, PrivilegeType.READ_PROJECT, project.getProjectId());
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
String body = "[{"
+ "\"privilegeType\":\"" + PrivilegeType.READ_PROJECT + "\", "
......@@ -177,7 +172,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testGetNonExistingProject() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
RequestBuilder request = get("/projects/*/")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
......@@ -189,7 +184,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testUpdateProject() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
Project project = createProject(TEST_PROJECT);
String content = "{\"project\":{\"version\":\"xxx\"}}";
......@@ -206,9 +201,25 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
}
@Test
public void testUpdateProjectWithTooLongVersion() throws Exception {
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
createProject(TEST_PROJECT);
String content = "{\"project\":{\"version\":\"12345678901234567890123456\"}}";
RequestBuilder request = patch("/projects/" + TEST_PROJECT + "/")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.content(content)
.session(session);
mockMvc.perform(request)
.andExpect(status().isBadRequest());
}
@Test
public void testUpdateProjectWithUndefinedProjectId() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
String content = "{\"project\":{\"version\":\"xxx\"}}";
......@@ -223,7 +234,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testGrantPrivilegeForUndefinedProject() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
String body = "[{"
+ "\"privilegeType\":\"" + PrivilegeType.READ_PROJECT + "\", "
......@@ -240,7 +251,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testRevokePrivilegeForUndefinedProject() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
String body = "[{"
+ "\"privilegeType\":\"" + PrivilegeType.READ_PROJECT + "\", "
......@@ -257,7 +268,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testRemoveProjectForUndefinedProjectId() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
RequestBuilder request = delete("/projects/*/")
.session(session);
......@@ -268,7 +279,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testGetStatisticsForUndefinedProjectId() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
RequestBuilder request = get("/projects/*/statistics")
.session(session);
......@@ -279,7 +290,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testDownloadSourceForUndefinedProjectId() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
RequestBuilder request = get("/projects/*:downloadSource")
.session(session);
......@@ -290,7 +301,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testGetLogsForUndefinedProjectId() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
RequestBuilder request = get("/projects/*/logs/")
.session(session);
......@@ -301,7 +312,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testGetSubmapConnectionsForUndefinedProjectId() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
RequestBuilder request = get("/projects/*/submapConnections/")
.session(session);
......
......@@ -130,6 +130,35 @@ public class ProjectControllerIntegrationTestWithoutTransaction extends Controll
}
}
@Test
public void addProjectWithTooLongVersion() throws Exception {
User admin = userService.getUserByLogin(BUILT_IN_ADMIN_LOGIN);
UploadedFileEntry fileEntry = createFileInSeparateThread(
new String(Files.readAllBytes(Paths.get("./src/test/resources/generic.xml")), "UTF-8"),
admin);
try {
String invalidVersion = "12345678901234567890123456";
String body = EntityUtils.toString(new UrlEncodedFormEntity(Arrays.asList(
new BasicNameValuePair("file-id", String.valueOf(fileEntry.getId())),
new BasicNameValuePair("mapCanvasType", "OPEN_LAYERS"),
new BasicNameValuePair("version", invalidVersion),
new BasicNameValuePair("parser",
"lcsb.mapviewer.converter.model.celldesigner.CellDesignerXmlParser"))));
RequestBuilder request = post("/projects/" + TEST_PROJECT)
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.content(body)
.session(createSession(BUILT_IN_ADMIN_LOGIN, BUILT_IN_ADMIN_PASSWORD));
mockMvc.perform(request).andExpect(status().isBadRequest());
} finally {
removeFileInSeparateThread(fileEntry);
removeProjectInSeparateThread(TEST_PROJECT);
}
}
@Test
public void modifyProjectWithTooLongName() throws Exception {
createProjectInSeparateThread(TEST_PROJECT);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment