From 003b9096c724138f9c206d379a97dcf81268ae1a Mon Sep 17 00:00:00 2001 From: Guillaume Jambet Date: Thu, 2 Nov 2017 15:26:13 +0100 Subject: [PATCH] SONAR-10040 add length validation to Users ws --- .../main/java/org/sonar/server/user/UserUpdater.java | 6 +++--- .../java/org/sonar/server/user/ws/CreateAction.java | 10 ++++++++-- .../java/org/sonar/server/user/ws/UpdateAction.java | 8 +++++++- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java index b87273aee3b..2ebf6122009 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java @@ -68,9 +68,9 @@ public class UserUpdater { private static final String EMAIL_PARAM = "Email"; private static final int LOGIN_MIN_LENGTH = 2; - private static final int LOGIN_MAX_LENGTH = 255; - private static final int EMAIL_MAX_LENGTH = 100; - private static final int NAME_MAX_LENGTH = 200; + public static final int LOGIN_MAX_LENGTH = 255; + public static final int EMAIL_MAX_LENGTH = 100; + public static final int NAME_MAX_LENGTH = 200; private final NewUserNotifier newUserNotifier; private final DbClient dbClient; diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/CreateAction.java index 7feb6dc48d9..b9f6c4fb7f2 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/CreateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/CreateAction.java @@ -38,6 +38,9 @@ import org.sonarqube.ws.client.user.CreateRequest; import static com.google.common.base.Strings.emptyToNull; import static org.sonar.core.util.Protobuf.setNullable; import static org.sonar.server.user.ExternalIdentity.SQ_AUTHORITY; +import static org.sonar.server.user.UserUpdater.EMAIL_MAX_LENGTH; +import static org.sonar.server.user.UserUpdater.LOGIN_MAX_LENGTH; +import static org.sonar.server.user.UserUpdater.NAME_MAX_LENGTH; import static org.sonar.server.ws.WsUtils.writeProtobuf; import static org.sonarqube.ws.client.user.UsersWsParameters.ACTION_CREATE; import static org.sonarqube.ws.client.user.UsersWsParameters.PARAM_EMAIL; @@ -75,8 +78,9 @@ public class CreateAction implements UsersWsAction { .setHandler(this); action.createParam(PARAM_LOGIN) - .setDescription("User login") .setRequired(true) + .setMaximumLength(LOGIN_MAX_LENGTH) + .setDescription("User login") .setExampleValue("myuser"); action.createParam(PARAM_PASSWORD) @@ -84,11 +88,13 @@ public class CreateAction implements UsersWsAction { .setExampleValue("mypassword"); action.createParam(PARAM_NAME) - .setDescription("User name") .setRequired(true) + .setMaximumLength(NAME_MAX_LENGTH) + .setDescription("User name") .setExampleValue("My Name"); action.createParam(PARAM_EMAIL) + .setMaximumLength(EMAIL_MAX_LENGTH) .setDescription("User email") .setExampleValue("myname@email.com"); diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/UpdateAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/UpdateAction.java index cd89f46d5dd..bfe70c52004 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/UpdateAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/UpdateAction.java @@ -38,6 +38,9 @@ import org.sonarqube.ws.client.user.UpdateRequest; import static com.google.common.base.Strings.emptyToNull; import static java.util.Collections.singletonList; +import static org.sonar.server.user.UserUpdater.EMAIL_MAX_LENGTH; +import static org.sonar.server.user.UserUpdater.LOGIN_MAX_LENGTH; +import static org.sonar.server.user.UserUpdater.NAME_MAX_LENGTH; import static org.sonar.server.ws.WsUtils.checkFound; import static org.sonarqube.ws.client.user.UsersWsParameters.ACTION_UPDATE; import static org.sonarqube.ws.client.user.UsersWsParameters.PARAM_EMAIL; @@ -73,15 +76,18 @@ public class UpdateAction implements UsersWsAction { .setResponseExample(getClass().getResource("update-example.json")); action.createParam(PARAM_LOGIN) - .setDescription("User login") .setRequired(true) + .setMaximumLength(LOGIN_MAX_LENGTH) + .setDescription("User login") .setExampleValue("myuser"); action.createParam(PARAM_NAME) + .setMaximumLength(NAME_MAX_LENGTH) .setDescription("User name") .setExampleValue("My Name"); action.createParam(PARAM_EMAIL) + .setMaximumLength(EMAIL_MAX_LENGTH) .setDescription("User email") .setExampleValue("myname@email.com"); -- 2.39.5