diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java | 166 |
1 files changed, 86 insertions, 80 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java index 276b0b4c8..88e1e6cf5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java @@ -16,44 +16,50 @@ public class UserDatabaseFormValidator { private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class); - public List<String> validate(UserDatabaseFrom form, long userID) { + public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, boolean isMandateUser) { List<String> errors = new ArrayList<String>(); - - String check = form.getGivenName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("GivenName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); - } - } else { - log.warn("GivenName is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty")); - } + String check = null; - check = form.getFamilyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("FamilyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + if (!isPVP2Generated) { + check = form.getGivenName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("GivenName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("GivenName is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty")); + } + + + check = form.getFamilyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("FamilyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("FamilyName is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty")); } - } else { - log.warn("FamilyName is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty")); } - - check = form.getInstitut(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("Organisation contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + + if (!isMandateUser) { + check = form.getInstitut(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("Organisation contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("Organisation is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty")); } - } else { - log.warn("Organisation is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty")); } check = form.getMail(); @@ -80,67 +86,67 @@ public class UserDatabaseFormValidator { errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty")); } - check = form.getUsername(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("Username contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); - - } else { - UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check); - if (dbuser != null && userID != dbuser.getHjid()) { - log.warn("Username " + check + " exists in UserDatabase"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate")); - form.setUsername(""); - } - } - } else { - if (userID == -1) { - log.warn("Username is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); + if (form.isIsusernamepasswordallowed()) { + check = form.getUsername(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("Username contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + + } else { + UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check); + if (dbuser != null && userID != dbuser.getHjid()) { + log.warn("Username " + check + " exists in UserDatabase"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate")); + form.setUsername(""); + } + } } else { - UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); - if (dbuser == null) { + if (userID == -1) { log.warn("Username is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); } else { - form.setUsername(dbuser.getUsername()); + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); + if (dbuser == null) { + log.warn("Username is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); + } else { + form.setUsername(dbuser.getUsername()); + } } } - } - - check = form.getPassword(); - if (MiscUtil.isEmpty(check)) { - if (userID == -1) { - log.warn("Password is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); - } else { - UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); - if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { + check = form.getPassword(); + + if (MiscUtil.isEmpty(check)) { + if (userID == -1) { log.warn("Password is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); - } - } - - } else { - - if (check.equals(form.getPassword_second())) { - - String key = AuthenticationHelper.generateKeyFormPassword(check); - if (key == null) { - errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid")); + } else { + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); + if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { + log.warn("Password is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); + } } - } - else { - errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal")); + } else { + + if (check.equals(form.getPassword_second())) { + + String key = AuthenticationHelper.generateKeyFormPassword(check); + if (key == null) { + errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid")); + } + + } + else { + errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal")); + } } } - - - + check = form.getBpk(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { |