Commit edeb95e8 authored by Piotr Gawron's avatar Piotr Gawron

Merge branch '1245-add-comment' into 'devel_14.0.x'

validation for too long comment name added

See merge request !1157
parents dccafab3 6d8b9c9c
Pipeline #27547 passed with stage
in 16 minutes and 32 seconds
......@@ -3,6 +3,9 @@ minerva (14.0.13) stable; urgency=medium
(#1260)
* Bug fix: uploaded HGNC identifiers that looks like "HGNC:HGNC:1234" are
changed to "HGNC:1234" (#1252)
* Bug fix: creating comment with too long name/email resulted in Internal
Server Error - now the proper error message is returned (#1245)
* Bug fix: user cannot put too long name in a comment dialog (#1245)
-- Piotr Gawron <piotr.gawron@uni.lu> Wed, 3 Jun 2020 17:00:00 +0200
......
......@@ -128,6 +128,7 @@ CommentDialog.prototype._createGui = function () {
nameLabel.innerHTML = "Name:<br/>(Visible to moderators only)";
var nameInput = document.createElement('input');
nameInput.type = "text";
nameInput.maxLength = "255";
table.appendChild(createRow([nameLabel, nameInput]));
this.setNameInput(nameInput);
......@@ -136,6 +137,7 @@ CommentDialog.prototype._createGui = function () {
emailLabel.innerHTML = "Email:<br/>(Visible to moderators only)";
var emailInput = document.createElement('input');
emailInput.type = "text";
emailInput.maxLength = "255";
table.appendChild(createRow([emailLabel, emailInput]));
this.setEmailInput(emailInput);
......
......@@ -282,6 +282,12 @@ public class CommentRestImpl extends BaseRestImpl {
} else {
throw new QueryException("Unknown type of commented object: " + elementType);
}
if (name == null || name.length() > 255) {
throw new QueryException("name too long");
}
if (email == null || email.length() > 255) {
throw new QueryException("email too long");
}
Comment comment = commentService.addComment(name, email, content, pointCoordinates, commentedObject, pinned,
submodel, owner);
......
......@@ -4,7 +4,9 @@ import static org.junit.Assert.*;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import java.util.Arrays;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.*;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.message.BasicNameValuePair;
......@@ -896,7 +898,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
ModelData submap = map.getSubmodels().iterator().next().getSubmodel();
Comment comment = createComment(submap);
commentDao.add(comment);
......@@ -910,8 +912,6 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
assertEquals(true, comment.isDeleted());
}
private Comment createReactionComment() {
Comment comment = createComment(map);
comment.setTableName(reaction.getClass());
......@@ -925,4 +925,46 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
comment.setTableId(element.getId());
return comment;
}
@Test
public void testInvalidInputWhenCreateComment() throws Exception {
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
String invalidString = new String(new char[1024]).replace('\0', 'x');
for (String type: new String[] {"name", "email"}) {
String body = createContentBody(type, invalidString);
RequestBuilder request = post(
"/projects/" + TEST_PROJECT + "/comments/models/" + map.getId() + "/bioEntities/elements/" + element.getId())
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.content(body)
.session(session);
mockMvc.perform(request)
.andExpect(status().isBadRequest());
}
}
private String createContentBody(String type, String value) throws IOException, UnsupportedEncodingException {
List<BasicNameValuePair> params = new ArrayList<>(Arrays.asList(
new BasicNameValuePair("name", "name"),
new BasicNameValuePair("email", "a@a.lu"),
new BasicNameValuePair("content", "tes content"),
new BasicNameValuePair("pinned", "true"),
new BasicNameValuePair("coordinates", "10,2"),
new BasicNameValuePair("modelId", map.getId().toString())));
BasicNameValuePair toRemove = null;
for (BasicNameValuePair basicNameValuePair : params) {
if (basicNameValuePair.getName().equals(type)) {
toRemove = basicNameValuePair;
}
}
params.remove(toRemove);
params.add(new BasicNameValuePair(type, value));
return EntityUtils.toString(new UrlEncodedFormEntity(params));
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment