aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java312
1 files changed, 154 insertions, 158 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
index f0594c38d..13708c257 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
@@ -27,8 +27,6 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
@@ -38,163 +36,161 @@ import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class UserDatabaseFormValidator {
- private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class);
-
- public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated,
- boolean isMandateUser, HttpServletRequest request) {
- List<String> errors = new ArrayList<String>();
-
- String check = null;
- FileBasedUserConfiguration newConfigRead = null;
- try {
- newConfigRead = ConfigurationProvider.getInstance().getUserManagement();
-
- } catch (ConfigurationException e) {
- log.error("MOA-ID-Configuration initialization FAILED.", e);
- errors.add("Internal Server Error");
- return errors;
-
- }
-
- if (!isPVP2Generated) {
- check = form.getGivenName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("GivenName contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- } else {
- log.warn("GivenName is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty", request));
- }
-
-
- check = form.getFamilyName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("FamilyName contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- } else {
- log.warn("FamilyName is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty", request));
- }
- }
-
- if (!isMandateUser) {
- check = form.getInstitut();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("Organisation contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- } else {
- log.warn("Organisation is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty", request));
- }
- }
-
- check = form.getMail();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.isEmailAddressFormat(check)) {
- log.warn("Mailaddress is not valid: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- } else {
- log.warn("Mailaddress is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty", request));
- }
-
- check = form.getPhone();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("Phonenumber contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- } else {
- log.warn("Phonenumber is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty", request));
- }
-
- if (form.isIsusernamepasswordallowed()) {
- check = form.getUsername();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("Username contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
-
- } else {
- UserDatabase dbuser = newConfigRead.getUserWithUserName(check);
- if (dbuser != null && !dbuser.getHjid().equals(String.valueOf(userID ))) {
- log.warn("Username " + check + " exists in UserDatabase");
- errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate", request));
- form.setUsername("");
- }
- }
- } else {
- if (userID == -1) {
- log.warn("Username is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request));
- } else {
- UserDatabase dbuser = newConfigRead.getUserWithID(userID);
- if (dbuser == null) {
- log.warn("Username is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request));
- } else {
- form.setUsername(dbuser.getUsername());
- }
- }
- }
-
- check = form.getPassword();
-
- if (MiscUtil.isEmpty(check)) {
- if (userID == -1) {
- log.warn("Password is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request));
- } else {
- UserDatabase dbuser = newConfigRead.getUserWithID(userID);
- if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) {
- log.warn("Password is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request));
- }
- }
-
- } else {
-
- if (check.equals(form.getPassword_second())) {
-
- String key = AuthenticationHelper.generateKeyFormPassword(check);
- if (key == null) {
- errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid", request));
- }
-
- }
- else {
- errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal", request));
- }
- }
- }
-
- check = form.getBpk();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
- log.warn("BPK contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid",
- new Object[] {ValidationHelper.getNotValidIdentityLinkSignerCharacters()}, request ));
- }
- }
-
- return errors;
-
- }
+ public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated,
+ boolean isMandateUser, HttpServletRequest request) {
+ final List<String> errors = new ArrayList<>();
+
+ String check = null;
+ FileBasedUserConfiguration newConfigRead = null;
+ try {
+ newConfigRead = ConfigurationProvider.getInstance().getUserManagement();
+
+ } catch (final ConfigurationException e) {
+ log.error("MOA-ID-Configuration initialization FAILED.", e);
+ errors.add("Internal Server Error");
+ return errors;
+
+ }
+
+ if (!isPVP2Generated) {
+ check = form.getGivenName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("GivenName contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ } else {
+ log.warn("GivenName is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty", request));
+ }
+
+ check = form.getFamilyName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("FamilyName contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ } else {
+ log.warn("FamilyName is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty", request));
+ }
+ }
+
+ if (!isMandateUser) {
+ check = form.getInstitut();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("Organisation contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ } else {
+ log.warn("Organisation is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty", request));
+ }
+ }
+
+ check = form.getMail();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isEmailAddressFormat(check)) {
+ log.warn("Mailaddress is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ } else {
+ log.warn("Mailaddress is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty", request));
+ }
+
+ check = form.getPhone();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("Phonenumber contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ } else {
+ log.warn("Phonenumber is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty", request));
+ }
+
+ if (form.isIsusernamepasswordallowed()) {
+ check = form.getUsername();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("Username contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+
+ } else {
+ final UserDatabase dbuser = newConfigRead.getUserWithUserName(check);
+ if (dbuser != null && !dbuser.getHjid().equals(String.valueOf(userID))) {
+ log.warn("Username " + check + " exists in UserDatabase");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate", request));
+ form.setUsername("");
+ }
+ }
+ } else {
+ if (userID == -1) {
+ log.warn("Username is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request));
+ } else {
+ final UserDatabase dbuser = newConfigRead.getUserWithID(userID);
+ if (dbuser == null) {
+ log.warn("Username is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request));
+ } else {
+ form.setUsername(dbuser.getUsername());
+ }
+ }
+ }
+
+ check = form.getPassword();
+
+ if (MiscUtil.isEmpty(check)) {
+ if (userID == -1) {
+ log.warn("Password is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request));
+ } else {
+ final UserDatabase dbuser = newConfigRead.getUserWithID(userID);
+ if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) {
+ log.warn("Password is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request));
+ }
+ }
+
+ } else {
+
+ if (check.equals(form.getPassword_second())) {
+
+ final String key = AuthenticationHelper.generateKeyFormPassword(check);
+ if (key == null) {
+ errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid", request));
+ }
+
+ } else {
+ errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal", request));
+ }
+ }
+ }
+
+ check = form.getBpk();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.warn("BPK contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid",
+ new Object[] { ValidationHelper.getNotValidIdentityLinkSignerCharacters() }, request));
+ }
+ }
+
+ return errors;
+
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-02 12:31:23 +0000