Refactor of image ContentType validation

matisovaa · matisovaa · commit 201709358372 · 2026-03-30T13:43:58.000+02:00
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/UploadDownloadPanelFactory.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/UploadDownloadPanelFactory.java
@@ -9,7 +9,6 @@
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.io.Serializable;
-import java.util.Arrays;
 import java.util.List;
 import java.util.Objects;
 
@@ -25,9 +24,12 @@
 import com.evolveum.midpoint.prism.path.ItemPath;
 import com.evolveum.midpoint.util.DOMUtil;
 import com.evolveum.midpoint.web.component.input.UploadDownloadPanel;
+import com.evolveum.midpoint.web.component.input.validator.FileValidatorFactory;
 import com.evolveum.midpoint.web.component.prism.InputPanel;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
 
+import static com.evolveum.midpoint.common.MimeTypeUtil.MIME_IMAGE_JPEG;
+
 /**
  * @author katkav
  */
@@ -93,11 +95,16 @@ public List<String> getAllowedUploadContentTypes() {
                 ItemPath path = panelCtx.getValueWrapperModel().getObject().getParent().getPath();
 
                 if (Objects.equals(path, ItemPath.create(FocusType.F_JPEG_PHOTO))) {
-                    return Arrays.asList("image/*");
+                    return FileValidatorFactory.ALLOWED_UPLOAD_IMAGE_CONTENT_TYPES;
                 }
 
                 return super.getAllowedUploadContentTypes();
             }
+
+            @Override
+            public String getDownloadContentType() {
+                return MIME_IMAGE_JPEG;
+            }
         };
 
         return panel;
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/input/UploadDownloadPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/input/UploadDownloadPanel.java
@@ -33,6 +33,8 @@
 import com.evolveum.midpoint.web.component.AjaxSubmitButton;
 import com.evolveum.midpoint.web.component.prism.InputPanel;
 import com.evolveum.midpoint.web.component.util.VisibleBehaviour;
+import com.evolveum.midpoint.web.component.input.validator.ContentTypeFileValidator;
+import com.evolveum.midpoint.web.component.input.validator.FileValidatorFactory;
 
 /**
  * @author shood
@@ -65,13 +67,6 @@ public List<String> getAllowedUploadContentTypes() {
         return allowedUploadContentTypes;
     }
 
-    public void setAllowedUploadContentTypes(List<String> allowedUploadContentTypes) {
-        if (allowedUploadContentTypes == null) {
-            allowedUploadContentTypes = new ArrayList<>();
-        }
-        this.allowedUploadContentTypes = allowedUploadContentTypes;
-    }
-
     @Override
     protected void onInitialize() {
         super.onInitialize();
@@ -119,42 +114,23 @@ protected void onError(AjaxRequestTarget target) {
         fileUpload.add((IValidator<List<FileUpload>>) validatable -> {
 
             List<FileUpload> list = validatable.getValue();
-            if (list == null) {
+            if (list == null || list.isEmpty()) {
                 return;
             }
 
             if (getAllowedUploadContentTypes().isEmpty()) {
                 return;
             }
 
-            String label = fileUpload.getLabel() != null ? fileUpload.getLabel().getObject() : fileUpload.getId();
+            final String label = fileUpload.getLabel() != null ? fileUpload.getLabel().getObject() : fileUpload.getId();
+            final List<MimeType> allowedTypes = FileValidatorFactory.getMimeTypes(getAllowedUploadContentTypes());
 
             try {
-                List<MimeType> allowedTypes = getAllowedUploadContentTypes().stream()
-                        .map(s -> {
-                            try {
-                                return new MimeType(s);
-                            } catch (MimeTypeParseException ex) {
-                                return null;
-                            }
-                        })
-                        .filter(m -> m != null)
-                        .toList();
-
                 for (FileUpload fu : list) {
-                    String contentType = fu.getContentType();
-                    MimeType mime = new MimeType(contentType);
-
-                    boolean matched = false;
-                    for (MimeType allowed : allowedTypes) {
-                        if (allowed.match(mime)) {
-                            matched = true;
-                            break;
-                        }
-                    }
-
-                    if (!matched) {
-                        String msg = getPageBase().getString("UploadDownloadPanel.validationContentNotAllowed", label, contentType);
+                    final ContentTypeFileValidator contentTypeFileValidator = new ContentTypeFileValidator(allowedTypes);
+                    final String deniedContentType = contentTypeFileValidator.validate(fu);
+                    if (!"".equals(deniedContentType)) {
+                        String msg = getPageBase().getString("UploadDownloadPanel.validationContentNotAllowed", label, deniedContentType);
                         validatable.error(new ValidationError(msg));
                     }
                 }
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/input/validator/ContentTypeFileValidator.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/input/validator/ContentTypeFileValidator.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2010-2026 Evolveum and contributors
+ *
+ * Licensed under the EUPL-1.2 or later.
+ */
+
+package com.evolveum.midpoint.web.component.input.validator;
+
+import jakarta.activation.MimeType;
+import jakarta.activation.MimeTypeParseException;
+import org.apache.wicket.markup.html.form.upload.FileUpload;
+
+import java.util.List;
+
+/**
+ * @author matisovaa
+ *
+ */
+public class ContentTypeFileValidator {
+    private final List<MimeType> allowedTypes;
+
+    public ContentTypeFileValidator(List<MimeType> allowedTypes) {
+        this.allowedTypes = allowedTypes;
+    }
+
+    public String validate(final FileUpload fileUpload) throws MimeTypeParseException {
+        String contentType = fileUpload.getContentType();
+        MimeType fileMime = new MimeType(contentType);
+
+        for (MimeType allowed : allowedTypes) {
+            if (allowed.match(fileMime)) {
+                return "";
+            }
+        }
+
+        return contentType;
+    }
+}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/input/validator/FileValidatorFactory.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/input/validator/FileValidatorFactory.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2010-2026 Evolveum and contributors
+ *
+ * Licensed under the EUPL-1.2 or later.
+ */
+
+package com.evolveum.midpoint.web.component.input.validator;
+
+import jakarta.activation.MimeType;
+import jakarta.activation.MimeTypeParseException;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Objects;
+
+import static com.evolveum.midpoint.common.MimeTypeUtil.MIME_IMAGE_JPEG;
+import static com.evolveum.midpoint.common.MimeTypeUtil.MIME_IMAGE_PNG;
+
+/**
+ * @author matisovaa
+ *
+ */
+public class FileValidatorFactory {
+    public static final List<String> ALLOWED_UPLOAD_IMAGE_CONTENT_TYPES = Arrays.asList(MIME_IMAGE_JPEG, MIME_IMAGE_PNG);
+
+    public static List<MimeType> getMimeTypes(final List<String> stringMimeTypes) {
+        return stringMimeTypes.stream()
+                .map(s -> {
+                    try {
+                        return new MimeType(s);
+                    } catch (MimeTypeParseException ex) {
+                        return null;
+                    }
+                })
+                .filter(Objects::nonNull)
+                .toList();
+    }
+}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/WorkItemDetailsPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/WorkItemDetailsPanel.java
@@ -61,6 +61,8 @@
 import com.evolveum.prism.xml.ns._public.types_3.ChangeTypeType;
 import com.evolveum.prism.xml.ns._public.types_3.ObjectDeltaType;
 
+import static com.evolveum.midpoint.common.MimeTypeUtil.MIME_IMAGE_JPEG;
+
 /**
  * Created by honchar
  */
@@ -318,7 +320,7 @@ public InputStream getInputStream() {
 
             @Override
             public String getDownloadContentType() {
-                return "image/jpeg";
+                return MIME_IMAGE_JPEG;
             }
 
         };
diff --git a/gui/admin-gui/src/test/java/com/evolveum/midpoint/web/component/FileValidatorTest.java b/gui/admin-gui/src/test/java/com/evolveum/midpoint/web/component/FileValidatorTest.java
@@ -0,0 +1,151 @@
+/*
+ * Copyright (C) 2010-2026 Evolveum and contributors
+ *
+ * Licensed under the EUPL-1.2 or later.
+ */
+
+package com.evolveum.midpoint.web.component;
+
+import org.apache.commons.fileupload2.core.FileItem;
+import org.apache.commons.fileupload2.core.FileItemHeaders;
+import org.apache.commons.fileupload2.core.FileItemHeadersProvider;
+import org.apache.wicket.markup.html.form.upload.FileUpload;
+import org.springframework.test.context.ActiveProfiles;
+import org.testng.annotations.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.charset.Charset;
+import java.nio.file.Path;
+
+import static com.evolveum.midpoint.common.MimeTypeUtil.*;
+
+import com.evolveum.midpoint.web.component.input.validator.ContentTypeFileValidator;
+import com.evolveum.midpoint.web.component.input.validator.FileValidatorFactory;
+
+import static org.testng.Assert.assertEquals;
+
+/**
+ * @author matisovaa
+ *
+ */
+@ActiveProfiles("test")
+public class FileValidatorTest {
+
+    @Test
+    public void test4299ContentTypeFileValidator_validJPEG() throws Exception {
+        final FileUpload fu = new FileUpload(this.getFileItem(MIME_IMAGE_JPEG));
+        final ContentTypeFileValidator contentTypeFileValidator =
+                new ContentTypeFileValidator(FileValidatorFactory.getMimeTypes(FileValidatorFactory.ALLOWED_UPLOAD_IMAGE_CONTENT_TYPES));
+        final String deniedContentType = contentTypeFileValidator.validate(fu);
+        assertEquals(deniedContentType, "");
+    }
+
+    @Test
+    public void test4299ContentTypeFileValidator_validPNG() throws Exception {
+        final FileUpload fu = new FileUpload(this.getFileItem(MIME_IMAGE_PNG));
+        final ContentTypeFileValidator contentTypeFileValidator =
+                new ContentTypeFileValidator(FileValidatorFactory.getMimeTypes(FileValidatorFactory.ALLOWED_UPLOAD_IMAGE_CONTENT_TYPES));
+        final String deniedContentType = contentTypeFileValidator.validate(fu);
+        assertEquals(deniedContentType, "");
+    }
+
+    @Test
+    public void test4299ContentTypeFileValidator_invalid() throws Exception {
+        final FileUpload fu = new FileUpload(this.getFileItem(MIME_APPLICATION_XML));
+        final ContentTypeFileValidator contentTypeFileValidator =
+                new ContentTypeFileValidator(FileValidatorFactory.getMimeTypes(FileValidatorFactory.ALLOWED_UPLOAD_IMAGE_CONTENT_TYPES));
+        final String deniedContentType = contentTypeFileValidator.validate(fu);
+        assertEquals(deniedContentType, MIME_APPLICATION_XML);
+    }
+
+    private FileItem getFileItem(final String contentType) {
+        return new FileItem() {
+            @Override
+            public FileItem delete() throws IOException {
+                return null;
+            }
+
+            @Override
+            public byte[] get() throws IOException {
+                return new byte[0];
+            }
+
+            @Override
+            public String getContentType() {
+                return contentType;
+            }
+
+            @Override
+            public String getFieldName() {
+                return "";
+            }
+
+            @Override
+            public InputStream getInputStream() throws IOException {
+                return null;
+            }
+
+            @Override
+            public String getName() {
+                return "";
+            }
+
+            @Override
+            public OutputStream getOutputStream() throws IOException {
+                return null;
+            }
+
+            @Override
+            public long getSize() {
+                return 0;
+            }
+
+            @Override
+            public String getString() throws IOException {
+                return "";
+            }
+
+            @Override
+            public String getString(Charset charset) throws IOException {
+                return "";
+            }
+
+            @Override
+            public boolean isFormField() {
+                return false;
+            }
+
+            @Override
+            public boolean isInMemory() {
+                return false;
+            }
+
+            @Override
+            public FileItem setFieldName(String s) {
+                return null;
+            }
+
+            @Override
+            public FileItem setFormField(boolean b) {
+                return null;
+            }
+
+            @Override
+            public FileItem write(Path path) throws IOException {
+                return null;
+            }
+
+            @Override
+            public FileItemHeaders getHeaders() {
+                return null;
+            }
+
+            @Override
+            public FileItemHeadersProvider setHeaders(FileItemHeaders fileItemHeaders) {
+                return null;
+            }
+        };
+    }
+}
