MOA-ID Configuration Tool Beta

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-08-08 15:50:28 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-08-08 15:50:28 +0200
commit: 2337072ac18b66e523818702ba6dce6b462472b1 (patch)
tree: 44482f07d89a6d7ffb57e014185b52a73e6f68d0 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
parent: f7c35a0214cb10cf6f7de031e9e5e73f40e4569d (diff)
download: moa-id-spss-2337072ac18b66e523818702ba6dce6b462472b1.tar.gz
moa-id-spss-2337072ac18b66e523818702ba6dce6b462472b1.tar.bz2
moa-id-spss-2337072ac18b66e523818702ba6dce6b462472b1.zip
1 files changed, 147 insertions, 0 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
new file mode 100644
index 000000000..8e6edf52a
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
@@ -0,0 +1,147 @@
+package at.gv.egovernment.moa.id.configuration.validation;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
+import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class UserDatabaseFormValidator {
+
+	private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class);
+	
+	public List<String> validate(UserDatabaseFrom form, long userID) {
+		List<String> errors = new ArrayList<String>();
+				
+		String check = form.getGivenName();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.warn("GivenName contains potentail XSS characters: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		} else {
+			log.warn("GivenName is empty");
+			errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty"));			
+		}
+		
+		
+		check = form.getFamilyName();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.warn("FamilyName contains potentail XSS characters: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		} else {
+			log.warn("FamilyName is empty");
+			errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty"));			
+		}
+
+		check = form.getInstitut();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.warn("Organisation contains potentail XSS characters: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		} else {
+			log.warn("Organisation is empty");
+			errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty"));			
+		}
+		
+		check = form.getMail();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (!ValidationHelper.isEmailAddressFormat(check)) {
+				log.warn("Mailaddress is not valid: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		} else {
+			log.warn("Mailaddress is empty");
+			errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty"));			
+		}
+		
+		check = form.getPhone();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.warn("Phonenumber contains potentail XSS characters: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		} else {
+			log.warn("Phonenumber is empty");
+			errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty"));			
+		}
+		
+		check = form.getUsername();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.warn("Username contains potentail XSS characters: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+				
+			} else {
+				UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check);
+				if (dbuser != null && userID != dbuser.getHjid()) {
+					log.warn("Username " + check + " exists in UserDatabase");
+					errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate"));
+					form.setUsername("");
+				}	
+			}
+		} else {
+			if (userID == -1) {
+				log.warn("Username is empty");
+				errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty"));
+			} else {
+				UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
+				if (dbuser == null) {
+					log.warn("Username is empty");
+					errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty"));
+				} else {
+					form.setUsername(dbuser.getUsername());
+				}
+			}
+		}
+		
+		check = form.getPassword();
+		if (MiscUtil.isEmpty(check)) {
+			if (userID == -1) {
+				log.warn("Password is empty");
+				errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty"));
+			} else {
+				UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
+				if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) {
+					log.warn("Password is empty");
+					errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty"));
+				}
+			}
+			
+		} else {
+			String key = AuthenticationHelper.generateKeyFormPassword(check);
+			if (key == null) {
+				errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid"));
+			}
+		}
+		
+		
+		
+		check = form.getBpk();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.warn("BPK contains potentail XSS characters: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		}
+		
+		return errors;
+		
+	}
+}
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-08-08 15:50:28 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-08-08 15:50:28 +0200
commit	2337072ac18b66e523818702ba6dce6b462472b1 (patch)
tree	44482f07d89a6d7ffb57e014185b52a73e6f68d0 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
parent	f7c35a0214cb10cf6f7de031e9e5e73f40e4569d (diff)
download	moa-id-spss-2337072ac18b66e523818702ba6dce6b462472b1.tar.gz moa-id-spss-2337072ac18b66e523818702ba6dce6b462472b1.tar.bz2 moa-id-spss-2337072ac18b66e523818702ba6dce6b462472b1.zip