From 29f01a4975f637c26fbcd0b43a9c844d7d3d2e54 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 15:57:30 +0100
Subject: fetch requested attributes from configuration

---
 .../webgui/validation/task/impl/GeneralSTORKConfigurationTask.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'id/moa-id-webgui')

diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
index c6086583a..1747e2207 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
@@ -210,6 +210,7 @@ public static final List<String> KEYWHITELIST;
 			for(String key : attributeList.keySet()) {
 				if (key.endsWith(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME)) {
 					String value = attributeList.get(key);
+					value = value.replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
 					if (!validatedAttributes.contains(value)) {
 						if (ValidationHelper.containsPotentialCSSCharacter(value, true)) {
 							log.warn("default attributes contains potentail XSS characters: " + value);
@@ -219,7 +220,7 @@ public static final List<String> KEYWHITELIST;
 									LanguageHelper.getErrorString("validation.stork.requestedattributes",
 											new Object[] {ValidationHelper.getPotentialCSSCharacter(true)})));
 						}
-						if(!value.toLowerCase().matches("^[a-z0-9]*$")) {
+						if(!value.toLowerCase().matches("^[A-Za-z]*$")) {
 							log.warn("default attributes do not match the requested format : " + value);
 							errors.add(new ValidationObjectIdentifier(
 									MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, 
-- 
cgit v1.2.3