diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/ValidationConstraints.java b/scm-webapp/src/main/java/sonia/scm/api/v2/ValidationConstraints.java new file mode 100644 index 0000000000..4a77e24942 --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/api/v2/ValidationConstraints.java @@ -0,0 +1,12 @@ +package sonia.scm.api.v2; + +public class ValidationConstraints { + + /** + * A user or group name should not start with the @ character + * and it not contains whitespaces + * the characters: . - _ are allowed + */ + public static final String USER_GROUP_PATTERN = "^[^@][A-z0-9\\.\\-_]|([A-z0-9\\.\\-_]*[A-z0-9\\.\\-_])?$"; + +} diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/GroupDto.java b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/GroupDto.java index b847412a33..9589af122e 100644 --- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/GroupDto.java +++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/GroupDto.java @@ -13,6 +13,8 @@ import java.time.Instant; import java.util.List; import java.util.Map; +import static sonia.scm.api.v2.ValidationConstraints.USER_GROUP_PATTERN; + @Getter @Setter @NoArgsConstructor public class GroupDto extends HalRepresentation { @@ -20,7 +22,7 @@ public class GroupDto extends HalRepresentation { private String description; @JsonInclude(JsonInclude.Include.NON_NULL) private Instant lastModified; - @Pattern(regexp = "^[A-z0-9\\.\\-_@]|[^ ]([A-z0-9\\.\\-_@ ]*[A-z0-9\\.\\-_@]|[^ ])?$") + @Pattern(regexp = USER_GROUP_PATTERN) private String name; @NotEmpty private String type; diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionDto.java b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionDto.java index 581b2c24cd..82405a6ac2 100644 --- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionDto.java +++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionDto.java @@ -4,15 +4,20 @@ import com.fasterxml.jackson.annotation.JsonInclude; import de.otto.edison.hal.HalRepresentation; import de.otto.edison.hal.Links; import lombok.Getter; +import lombok.NoArgsConstructor; import lombok.Setter; import lombok.ToString; -@Getter @Setter @ToString +import javax.validation.constraints.Pattern; + +import static sonia.scm.api.v2.ValidationConstraints.USER_GROUP_PATTERN; + +@Getter @Setter @ToString @NoArgsConstructor public class PermissionDto extends HalRepresentation { public static final String GROUP_PREFIX = "@"; - @JsonInclude(JsonInclude.Include.NON_NULL) + @Pattern(regexp = USER_GROUP_PATTERN) private String name; /** @@ -28,9 +33,6 @@ public class PermissionDto extends HalRepresentation { private boolean groupPermission = false; - public PermissionDto() { - } - public PermissionDto(String permissionName, boolean groupPermission) { name = permissionName; this.groupPermission = groupPermission; diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionRootResource.java b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionRootResource.java index b7f6df8c2d..6559e3dba2 100644 --- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionRootResource.java +++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionRootResource.java @@ -16,6 +16,7 @@ import sonia.scm.repository.RepositoryPermissions; import sonia.scm.web.VndMediaType; import javax.inject.Inject; +import javax.validation.Valid; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; import javax.ws.rs.GET; @@ -70,7 +71,7 @@ public class PermissionRootResource { @TypeHint(TypeHint.NO_CONTENT.class) @Consumes(VndMediaType.PERMISSION) @Path("") - public Response create(@PathParam("namespace") String namespace, @PathParam("name") String name, PermissionDto permission) throws Exception { + public Response create(@PathParam("namespace") String namespace, @PathParam("name") String name,@Valid PermissionDto permission) throws Exception { log.info("try to add new permission: {}", permission); Repository repository = load(namespace, name); RepositoryPermissions.permissionWrite(repository).check(); @@ -156,7 +157,7 @@ public class PermissionRootResource { public Response update(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("permission-name") String permissionName, - PermissionDto permission) throws NotFoundException, AlreadyExistsException { + @Valid PermissionDto permission) throws NotFoundException, AlreadyExistsException { log.info("try to update the permission with name: {}. the modified permission is: {}", permissionName, permission); Repository repository = load(namespace, name); RepositoryPermissions.permissionWrite(repository).check(); diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserDto.java b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserDto.java index 4e4345445a..9dc5b850bd 100644 --- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserDto.java +++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserDto.java @@ -13,6 +13,8 @@ import javax.validation.constraints.Pattern; import java.time.Instant; import java.util.Map; +import static sonia.scm.api.v2.ValidationConstraints.USER_GROUP_PATTERN; + @NoArgsConstructor @Getter @Setter public class UserDto extends HalRepresentation { private boolean active; @@ -24,7 +26,7 @@ public class UserDto extends HalRepresentation { private Instant lastModified; @NotEmpty @Email private String mail; - @Pattern(regexp = "^[A-z0-9\\.\\-_@]|[^ ]([A-z0-9\\.\\-_@ ]*[A-z0-9\\.\\-_@]|[^ ])?$") + @Pattern(regexp = USER_GROUP_PATTERN) private String name; @JsonInclude(JsonInclude.Include.NON_NULL) private String password;