Skip to content

Commit c1bbdc3

Browse files
knyshknysh
committed
added project_id parameter validation
1 parent f7c72c7 commit c1bbdc3

30 files changed

+116
-90
lines changed

src/main/java/main/controllers/AuditController.java

Lines changed: 4 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -46,15 +46,7 @@ public AuditController(UserDto user) {
4646
@Override
4747
public List<AuditDto> get(AuditDto searchTemplate) throws AqualityException {
4848
List<AuditDto> audits = auditDao.searchAll(searchTemplate);
49-
Integer projectId;
50-
try {
51-
projectId = searchTemplate.getId() == null
52-
? searchTemplate.getProject_id()
53-
: audits.get(0).getProject_id();
54-
} catch (IndexOutOfBoundsException e) {
55-
throw new AqualityException("The Audit you trying to access is not present!");
56-
}
57-
if (baseUser.isFromGlobalManagement() || baseUser.getProjectUser(projectId).isViewer()) {
49+
if (baseUser.isFromGlobalManagement() || baseUser.getProjectUser(searchTemplate.getProject_id()).isViewer()) {
5850
return completeAudits(audits);
5951
} else {
6052
throw new AqualityPermissionsException("Account is not allowed to view Audits.", baseUser);
@@ -81,15 +73,9 @@ public List<AuditStatisticDto> get(AuditStatisticDto template) throws AqualityEx
8173
}
8274
}
8375

84-
public List<AuditAttachmentDto> get(AuditAttachmentDto searchTemplate) throws AqualityException {
76+
public List<AuditAttachmentDto> get(AuditAttachmentDto searchTemplate, Integer projectId) throws AqualityException {
8577
AuditDto audit = new AuditDto();
8678
audit.setId(searchTemplate.getAudit_id());
87-
Integer projectId;
88-
try {
89-
projectId = auditDao.searchAll(audit).get(0).getProject_id();
90-
} catch (IndexOutOfBoundsException e) {
91-
throw new AqualityException("The Audit you trying to access is not present!");
92-
}
9379
if (baseUser.isFromGlobalManagement() || baseUser.getProjectUser(projectId).isViewer()) {
9480
return auditAttachmentsDao.searchAll(searchTemplate);
9581
} else {
@@ -168,10 +154,10 @@ public boolean delete(AuditDto template) throws AqualityException {
168154
}
169155
}
170156

171-
public boolean delete(AuditAttachmentDto template) throws AqualityException {
157+
public boolean delete(AuditAttachmentDto template, Integer projectId) throws AqualityException {
172158
if (baseUser.isAuditor() || baseUser.isAuditAdmin()) {
173159
FileUtils fileUtils = new FileUtils();
174-
List<AuditAttachmentDto> attachments = get(template);
160+
List<AuditAttachmentDto> attachments = get(template, projectId);
175161
List<String> pathes = new ArrayList<>();
176162
pathes.add(attachments.get(0).getPath());
177163
fileUtils.removeFiles(pathes);

src/main/java/main/controllers/Project/Test2SuiteController.java

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -36,13 +36,9 @@ public boolean delete(Test2SuiteDto template, Integer projectId) throws Aquality
3636
}
3737
}
3838

39-
public List<Test2SuiteDto> get(Test2SuiteDto template, Integer projectId) throws AqualityException {
40-
return test2SuiteDao.searchAll(template);
41-
}
42-
4339
@Override
44-
public List<Test2SuiteDto> get(Test2SuiteDto entity) throws AqualityException {
45-
return get(entity, null);
40+
public List<Test2SuiteDto> get(Test2SuiteDto template) throws AqualityException {
41+
return test2SuiteDao.searchAll(template);
4642
}
4743

4844
@Override

src/main/java/main/controllers/Project/TestController.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,7 @@ private List<TestDto> fillTests(List<TestDto> tests, boolean withChildren) throw
132132
for (TestSuiteDto testSuite : testSuites) {
133133
Test2SuiteDto test2Suite = new Test2SuiteDto();
134134
test2Suite.setSuite_id(testSuite.getId());
135-
test2Suites.addAll(test2SuiteController.get(test2Suite, projectId));
135+
test2Suites.addAll(test2SuiteController.get(test2Suite));
136136
}
137137

138138

@@ -161,7 +161,7 @@ private List<TestDto> fillTests(List<TestDto> tests, boolean withChildren) throw
161161
private void updateSuites(TestDto test) throws AqualityException {
162162
Test2SuiteDto test2SuiteDto = new Test2SuiteDto();
163163
test2SuiteDto.setTest_id(test.getId());
164-
List<Test2SuiteDto> oldSuites = test2SuiteController.get(test2SuiteDto, test.getProject_id());
164+
List<Test2SuiteDto> oldSuites = test2SuiteController.get(test2SuiteDto);
165165
if (test.getSuites() != null && test.getSuites().size() > 0) {
166166
for (TestSuiteDto newSuite : test.getSuites()) {
167167
Test2SuiteDto alreadyExists = oldSuites.stream().filter(x -> Objects.equals(x.getSuite_id(), newSuite.getId())).findAny().orElse(null);

src/main/java/main/view/Audits/AuditAttachmentsServlet.java

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@
1313
import javax.servlet.annotation.WebServlet;
1414
import javax.servlet.http.HttpServletRequest;
1515
import javax.servlet.http.HttpServletResponse;
16-
import java.io.File;
1716
import java.nio.charset.StandardCharsets;
1817
import java.util.ArrayList;
1918
import java.util.List;
@@ -27,16 +26,17 @@ public class AuditAttachmentsServlet extends BaseServlet implements IGet, IPost,
2726
public void doGet(HttpServletRequest req, HttpServletResponse resp){
2827
setGetResponseHeaders(resp);
2928
try {
29+
Integer projectId = validateAndGetProjectId(req);
3030
Session session = createSession(req);
31-
if (req.getParameterMap().containsKey("audit_id") && req.getParameterMap().containsKey("project_id")) {
31+
if (req.getParameterMap().containsKey("audit_id")) {
3232
AuditAttachmentDto auditAttachmentDtoTemplate = new AuditAttachmentDto();
3333
auditAttachmentDtoTemplate.setAudit_id(Integer.parseInt(req.getParameter("audit_id")));
34-
List<AuditAttachmentDto> attachments = session.getAuditController().get(auditAttachmentDtoTemplate);
34+
List<AuditAttachmentDto> attachments = session.getAuditController().get(auditAttachmentDtoTemplate, projectId);
3535
setJSONContentType(resp);
3636
resp.getWriter().write(mapper.serialize(attachments));
3737
} else {
3838
resp.setStatus(400);
39-
setErrorHeader(resp, "You have no specify Audit ID or Audit Project ID!");
39+
setErrorHeader(resp, "You have no specify Audit ID!");
4040
}
4141
}catch (Exception e) {
4242
handleException(resp, e);
@@ -47,11 +47,12 @@ public void doGet(HttpServletRequest req, HttpServletResponse resp){
4747
public void doDelete(HttpServletRequest req, HttpServletResponse resp) {
4848
setPostResponseHeaders(resp);
4949
try {
50+
Integer projectId = validateAndGetProjectId(req);
5051
Session session = createSession(req);
5152
if (req.getParameterMap().containsKey("id")) {
5253
AuditAttachmentDto auditAttachmentDtoTemplate = new AuditAttachmentDto();
5354
auditAttachmentDtoTemplate.setId(Integer.parseInt(req.getParameter("id")));
54-
session.getAuditController().delete(auditAttachmentDtoTemplate);
55+
session.getAuditController().delete(auditAttachmentDtoTemplate, projectId);
5556
} else {
5657
setAuthorizationProblem(resp);
5758
}

src/main/java/main/view/Audits/AuditCommentServlet.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ public class AuditCommentServlet extends BaseServlet implements IPost {
1616
@Override
1717
public void doPost(HttpServletRequest req, HttpServletResponse resp){
1818
try {
19+
validateAndGetProjectId(req);
1920
setPostResponseHeaders(resp);
2021
setEncoding(resp);
2122
Session session = createSession(req);

src/main/java/main/view/Audits/AuditDownloadAttachmentServlet.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,15 +20,16 @@ public class AuditDownloadAttachmentServlet extends BaseServlet implements IGet
2020
public void doGet(HttpServletRequest req, HttpServletResponse resp){
2121
setGetResponseHeaders(resp);
2222
try {
23+
Integer projectId = validateAndGetProjectId(req);
2324
Session session = createSession(req);
24-
if (req.getParameterMap().containsKey("id") && req.getParameterMap().containsKey("project_id")) {
25+
if (req.getParameterMap().containsKey("id")) {
2526
AuditAttachmentDto auditAttachmentDto = new AuditAttachmentDto();
2627
auditAttachmentDto.setId(Integer.parseInt(req.getParameter("id")));
27-
List<AuditAttachmentDto> auditAttachments = session.getAuditController().get(auditAttachmentDto);
28+
List<AuditAttachmentDto> auditAttachments = session.getAuditController().get(auditAttachmentDto, projectId);
2829
processResponse(resp, auditAttachments.get(0).getPath());
2930
} else {
3031
resp.setStatus(400);
31-
setErrorHeader(resp, "You have no specify Attachment ID or Project ID");
32+
setErrorHeader(resp, "You have no specify Attachment ID");
3233
}
3334
}catch (Exception e) {
3435
handleException(resp, e);

src/main/java/main/view/Audits/AuditorServlet.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ public void doPost(HttpServletRequest req, HttpServletResponse resp){
2020
setEncoding(resp);
2121

2222
try {
23+
validateAndGetProjectId(req);
2324
Session session = createSession(req);
2425
String requestedJson = getRequestJson(req);
2526
List<AuditorDto> auditors = mapper.mapObjects(AuditorDto.class, requestedJson);

src/main/java/main/view/Audits/GetAuditsServlet.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ public void doPost(HttpServletRequest req, HttpServletResponse resp){
2020
setEncoding(resp);
2121

2222
try {
23+
validateAndGetProjectId(req);
2324
Session session = createSession(req);
2425
String requestedJson = getRequestJson(req);
2526
AuditDto audit = mapper.mapObject(AuditDto.class, requestedJson);

src/main/java/main/view/BaseServlet.java

Lines changed: 36 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@
55
import main.exceptions.AqualityQueryParameterException;
66
import main.model.dto.DtoMapperGeneral;
77
import org.jetbrains.annotations.NotNull;
8-
import org.jetbrains.annotations.Nullable;
98

109
import javax.naming.AuthenticationException;
1110
import javax.servlet.ServletContext;
@@ -14,16 +13,16 @@
1413
import javax.servlet.http.HttpServletResponse;
1514
import java.io.*;
1615
import java.net.URLDecoder;
17-
import java.sql.SQLException;
1816
import java.util.Objects;
1917
import java.util.logging.Logger;
2018

2119
import static java.nio.charset.StandardCharsets.*;
2220
import static javax.ws.rs.core.MediaType.*;
2321

24-
public class BaseServlet extends HttpServlet{
22+
public class BaseServlet extends HttpServlet {
2523
protected static Logger log = Logger.getLogger(BaseServlet.class.getName());
2624
protected DtoMapperGeneral mapper = new DtoMapperGeneral();
25+
protected static final String PROJECT_ID_KEY = "project_id";
2726

2827
protected Session createSession(HttpServletRequest req) throws AqualityException, AuthenticationException {
2928
String importToken = getStringQueryParameter(req, "importToken");
@@ -47,7 +46,7 @@ private String replacer(String value) {
4746
return data;
4847
}
4948

50-
protected String getRequestJson(@NotNull HttpServletRequest req){
49+
protected String getRequestJson(@NotNull HttpServletRequest req) {
5150
try {
5251
req.setCharacterEncoding(UTF_8.toString());
5352
} catch (UnsupportedEncodingException e) {
@@ -66,23 +65,39 @@ protected String getRequestJson(@NotNull HttpServletRequest req){
6665
return replacer(sb.toString());
6766
}
6867

69-
protected String getStringQueryParameter(@NotNull HttpServletRequest req, String name){
68+
protected String getStringQueryParameter(@NotNull HttpServletRequest req, String name) {
7069
return (req.getParameterMap().containsKey(name) && !req.getParameter(name).equals(""))
7170
? req.getParameter(name)
7271
: null;
7372
}
7473

75-
protected Integer getIntegerQueryParameter(@NotNull HttpServletRequest req, String name){
74+
protected Integer getIntegerQueryParameter(@NotNull HttpServletRequest req, String name) {
7675
return (req.getParameterMap().containsKey(name) && !req.getParameter(name).equals(""))
7776
? Integer.parseInt(req.getParameter(name))
7877
: null;
7978
}
8079

81-
protected Boolean getBooleanQueryParameter(@NotNull HttpServletRequest req, String name){
80+
protected Integer validateAndGetProjectId(@NotNull HttpServletRequest req) throws AqualityException {
81+
return getProjectId(req, true);
82+
}
83+
84+
protected Integer getProjectId(@NotNull HttpServletRequest req, Boolean withValidation) throws AqualityException {
85+
86+
Integer projectId = (req.getParameterMap().containsKey(PROJECT_ID_KEY) && !req.getParameter(PROJECT_ID_KEY).isEmpty())
87+
? getIntegerQueryParameter(req, PROJECT_ID_KEY)
88+
: null;
89+
if (projectId == null && withValidation) {
90+
throw new AqualityException("Project id is not defined!");
91+
}
92+
93+
return projectId;
94+
}
95+
96+
protected Boolean getBooleanQueryParameter(@NotNull HttpServletRequest req, String name) {
8297
return (req.getParameterMap().containsKey(name) && !req.getParameter(name).equals("")) && Boolean.parseBoolean(req.getParameter(name));
8398
}
8499

85-
protected void setPostResponseHeaders(@NotNull HttpServletResponse resp){
100+
protected void setPostResponseHeaders(@NotNull HttpServletResponse resp) {
86101
resp.addHeader("Access-Control-Allow-Methods", "Post");
87102
resp.addHeader("Access-Control-Allow-Origin", "*");
88103
resp.addHeader("Access-Control-Allow-Headers", "Authorization");
@@ -91,15 +106,15 @@ protected void setPostResponseHeaders(@NotNull HttpServletResponse resp){
91106
resp.addHeader("Access-Control-Allow-Headers", "ErrorMessage");
92107
}
93108

94-
protected void setEncoding(@NotNull HttpServletResponse resp){
109+
protected void setEncoding(@NotNull HttpServletResponse resp) {
95110
resp.setCharacterEncoding(UTF_8.name());
96111
}
97112

98-
protected void setJSONContentType(@NotNull HttpServletResponse resp){
113+
protected void setJSONContentType(@NotNull HttpServletResponse resp) {
99114
resp.setContentType(APPLICATION_JSON);
100115
}
101116

102-
protected void setDeleteResponseHeaders(@NotNull HttpServletResponse resp){
117+
protected void setDeleteResponseHeaders(@NotNull HttpServletResponse resp) {
103118
resp.addHeader("Access-Control-Allow-Methods", "Delete");
104119
resp.addHeader("Access-Control-Allow-Origin", "*");
105120
resp.addHeader("Access-Control-Allow-Headers", "Authorization");
@@ -108,7 +123,7 @@ protected void setDeleteResponseHeaders(@NotNull HttpServletResponse resp){
108123
resp.addHeader("Access-Control-Allow-Headers", "ErrorMessage");
109124
}
110125

111-
protected void setGetResponseHeaders(@NotNull HttpServletResponse resp){
126+
protected void setGetResponseHeaders(@NotNull HttpServletResponse resp) {
112127
resp.addHeader("Access-Control-Allow-Methods", "Get");
113128
resp.addHeader("Access-Control-Allow-Origin", "*");
114129
resp.addHeader("Access-Control-Allow-Headers", "Authorization");
@@ -119,7 +134,7 @@ protected void setGetResponseHeaders(@NotNull HttpServletResponse resp){
119134
resp.addHeader("Access-Control-Allow-Headers", "Content-Disposition");
120135
}
121136

122-
protected void setOptionsResponseHeaders(@NotNull HttpServletResponse resp){
137+
protected void setOptionsResponseHeaders(@NotNull HttpServletResponse resp) {
123138
resp.addHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE");
124139
resp.addHeader("Access-Control-Allow-Origin", "*");
125140
resp.addHeader("Access-Control-Allow-Headers", "Authorization, authorization, ErrorMessage, Disposition");
@@ -129,23 +144,23 @@ protected void setOptionsResponseHeaders(@NotNull HttpServletResponse resp){
129144
resp.setStatus(204);
130145
}
131146

132-
private void setAuthorizationProblem(@NotNull HttpServletResponse resp, @NotNull Exception e){
147+
private void setAuthorizationProblem(@NotNull HttpServletResponse resp, @NotNull Exception e) {
133148
resp.setStatus(401);
134149
resp.addHeader("ErrorMessage", !Objects.equals(e.getMessage(), "") ? e.getMessage() : "Are you sure you logged in?");
135150
}
136151

137-
protected void setAuthorizationProblem(@NotNull HttpServletResponse resp){
152+
protected void setAuthorizationProblem(@NotNull HttpServletResponse resp) {
138153
resp.setStatus(401);
139154
resp.addHeader("ErrorMessage", "Are you sure you logged in?");
140155
}
141156

142-
protected void setErrorHeader(@NotNull HttpServletResponse resp, String errorMessage){
157+
protected void setErrorHeader(@NotNull HttpServletResponse resp, String errorMessage) {
143158
resp.addHeader("ErrorMessage", errorMessage);
144159
}
145160

146161
private String getSessionId(@NotNull HttpServletRequest req) throws AqualityException, AuthenticationException {
147162
String header = req.getHeader("Authorization");
148-
if(header != null){
163+
if (header != null) {
149164
validateAuthHeader(header);
150165
String[] strings = header.split(" ");
151166
return strings[1];
@@ -154,7 +169,7 @@ private String getSessionId(@NotNull HttpServletRequest req) throws AqualityExce
154169
}
155170

156171
private void validateAuthHeader(String header) throws AqualityException {
157-
if(!header.toLowerCase().startsWith("basic ".toLowerCase())){
172+
if (!header.toLowerCase().startsWith("basic ".toLowerCase())) {
158173
throw new AqualityException("Use Basic Authorization Header! (Should start with 'Basic ')");
159174
}
160175
}
@@ -188,14 +203,14 @@ protected void processResponse(HttpServletResponse response, String filePath) {
188203
}
189204
}
190205

191-
protected void handleException(HttpServletResponse resp, @NotNull Exception e){
206+
protected void handleException(HttpServletResponse resp, @NotNull Exception e) {
192207
e.printStackTrace();
193-
switch (e.getClass().getSimpleName()){
208+
switch (e.getClass().getSimpleName()) {
194209
case "UnsupportedOperationException":
195210
setNotImplementedFunction(resp, e);
196211
return;
197212
case "AuthenticationException":
198-
setAuthorizationProblem(resp,e);
213+
setAuthorizationProblem(resp, e);
199214
return;
200215
case "AqualityPermissionsException":
201216
case "AqualityException":

src/main/java/main/view/Project/AssignSuiteServlet.java

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,12 @@ public class AssignSuiteServlet extends BaseServlet {
1414
public void doPost(HttpServletRequest req, HttpServletResponse resp) {
1515
setPostResponseHeaders(resp);
1616
try {
17+
Integer projectId = validateAndGetProjectId(req);
1718
Session session = createSession(req);
1819
Test2SuiteDto test2Suite = new Test2SuiteDto();
1920
test2Suite.setSuite_id(Integer.parseInt(req.getParameter("suiteId")));
2021
test2Suite.setTest_id(Integer.parseInt(req.getParameter("testId")));
21-
session.controllerFactory.getHandler(test2Suite).create(test2Suite, Integer.parseInt(req.getParameter("project_id")));
22+
session.controllerFactory.getHandler(test2Suite).create(test2Suite, projectId);
2223
} catch (Exception e) {
2324
handleException(resp, e);
2425
}
@@ -28,11 +29,12 @@ public void doPost(HttpServletRequest req, HttpServletResponse resp) {
2829
public void doDelete(HttpServletRequest req, HttpServletResponse resp) {
2930
setDeleteResponseHeaders(resp);
3031
try {
32+
Integer projectId = validateAndGetProjectId(req);
3133
Session session = createSession(req);
3234
Test2SuiteDto test2Suite = new Test2SuiteDto();
3335
test2Suite.setSuite_id(Integer.parseInt(req.getParameter("suiteId")));
3436
test2Suite.setTest_id(Integer.parseInt(req.getParameter("testId")));
35-
session.controllerFactory.getHandler(test2Suite).delete(test2Suite, Integer.parseInt(req.getParameter("project_id")));
37+
session.controllerFactory.getHandler(test2Suite).delete(test2Suite, projectId);
3638
} catch (Exception e) {
3739
handleException(resp, e);
3840
}

0 commit comments

Comments
 (0)