/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation; import java.util.ArrayList; import java.util.List; import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUserConfiguration; import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; public class UserDatabaseFormValidator { private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class); public List validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, boolean isMandateUser, HttpServletRequest request) { List errors = new ArrayList(); String check = null; FileBasedUserConfiguration newConfigRead = null; try { newConfigRead = ConfigurationProvider.getInstance().getUserManagement(); } catch (ConfigurationException e) { log.error("MOA-ID-Configuration initialization FAILED.", e); errors.add("Internal Server Error"); return errors; } if (!isPVP2Generated) { check = form.getGivenName(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.warn("GivenName contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); } } else { log.warn("GivenName is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty", request)); } check = form.getFamilyName(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.warn("FamilyName contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); } } else { log.warn("FamilyName is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty", request)); } } if (!isMandateUser) { check = form.getInstitut(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.warn("Organisation contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); } } else { log.warn("Organisation is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); } } check = form.getMail(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.isEmailAddressFormat(check)) { log.warn("Mailaddress is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); } } else { log.warn("Mailaddress is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); } check = form.getPhone(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.warn("Phonenumber contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); } } else { log.warn("Phonenumber is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); } if (form.isIsusernamepasswordallowed()) { check = form.getUsername(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.warn("Username contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); } else { UserDatabase dbuser = newConfigRead.getUserWithUserName(check); if (dbuser != null && !dbuser.getHjid().equals(String.valueOf(userID ))) { log.warn("Username " + check + " exists in UserDatabase"); errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate", request)); form.setUsername(""); } } } else { if (userID == -1) { log.warn("Username is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); } else { UserDatabase dbuser = newConfigRead.getUserWithID(userID); if (dbuser == null) { log.warn("Username is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); } else { form.setUsername(dbuser.getUsername()); } } } check = form.getPassword(); if (MiscUtil.isEmpty(check)) { if (userID == -1) { log.warn("Password is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); } else { UserDatabase dbuser = newConfigRead.getUserWithID(userID); if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { log.warn("Password is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); } } } else { if (check.equals(form.getPassword_second())) { String key = AuthenticationHelper.generateKeyFormPassword(check); if (key == null) { errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); } } else { errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal", request)); } } } check = form.getBpk(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.warn("BPK contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid", new Object[] {ValidationHelper.getNotValidIdentityLinkSignerCharacters()}, request )); } } return errors; } }