SONAR-10040 add length validation to Users ws

author: Guillaume Jambet <guillaume.jambet@sonarsource.com> 2017-11-02 15:26:13 +0100
committer: Guillaume Jambet <guillaume.jambet@gmail.com> 2017-11-08 13:51:31 +0100
commit: 003b9096c724138f9c206d379a97dcf81268ae1a (patch)
tree: 18430df03ddf54c3eba81a836edf5e30f4e96218 /server
parent: 763476fc5561cdebaa13393b123464178dd9a1f1 (diff)
download: sonarqube-003b9096c724138f9c206d379a97dcf81268ae1a.tar.gz
sonarqube-003b9096c724138f9c206d379a97dcf81268ae1a.zip
3 files changed, 18 insertions, 6 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java
index b87273aee3b..2ebf6122009 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java
@@ -68,9 +68,9 @@ public class UserUpdater {
   private static final String EMAIL_PARAM = "Email";
 
   private static final int LOGIN_MIN_LENGTH = 2;
-  private static final int LOGIN_MAX_LENGTH = 255;
-  private static final int EMAIL_MAX_LENGTH = 100;
-  private static final int NAME_MAX_LENGTH = 200;
+  public static final int LOGIN_MAX_LENGTH = 255;
+  public static final int EMAIL_MAX_LENGTH = 100;
+  public static final int NAME_MAX_LENGTH = 200;
 
   private final NewUserNotifier newUserNotifier;
   private final DbClient dbClient;
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/CreateAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/CreateAction.java
index 7feb6dc48d9..b9f6c4fb7f2 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/CreateAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/CreateAction.java
@@ -38,6 +38,9 @@ import org.sonarqube.ws.client.user.CreateRequest;
 import static com.google.common.base.Strings.emptyToNull;
 import static org.sonar.core.util.Protobuf.setNullable;
 import static org.sonar.server.user.ExternalIdentity.SQ_AUTHORITY;
+import static org.sonar.server.user.UserUpdater.EMAIL_MAX_LENGTH;
+import static org.sonar.server.user.UserUpdater.LOGIN_MAX_LENGTH;
+import static org.sonar.server.user.UserUpdater.NAME_MAX_LENGTH;
 import static org.sonar.server.ws.WsUtils.writeProtobuf;
 import static org.sonarqube.ws.client.user.UsersWsParameters.ACTION_CREATE;
 import static org.sonarqube.ws.client.user.UsersWsParameters.PARAM_EMAIL;
@@ -75,8 +78,9 @@ public class CreateAction implements UsersWsAction {
       .setHandler(this);
 
     action.createParam(PARAM_LOGIN)
-      .setDescription("User login")
       .setRequired(true)
+      .setMaximumLength(LOGIN_MAX_LENGTH)
+      .setDescription("User login")
       .setExampleValue("myuser");
 
     action.createParam(PARAM_PASSWORD)
@@ -84,11 +88,13 @@ public class CreateAction implements UsersWsAction {
       .setExampleValue("mypassword");
 
     action.createParam(PARAM_NAME)
-      .setDescription("User name")
       .setRequired(true)
+      .setMaximumLength(NAME_MAX_LENGTH)
+      .setDescription("User name")
       .setExampleValue("My Name");
 
     action.createParam(PARAM_EMAIL)
+      .setMaximumLength(EMAIL_MAX_LENGTH)
       .setDescription("User email")
       .setExampleValue("myname@email.com");
 
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/UpdateAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/UpdateAction.java
index cd89f46d5dd..bfe70c52004 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/UpdateAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/UpdateAction.java
@@ -38,6 +38,9 @@ import org.sonarqube.ws.client.user.UpdateRequest;
 
 import static com.google.common.base.Strings.emptyToNull;
 import static java.util.Collections.singletonList;
+import static org.sonar.server.user.UserUpdater.EMAIL_MAX_LENGTH;
+import static org.sonar.server.user.UserUpdater.LOGIN_MAX_LENGTH;
+import static org.sonar.server.user.UserUpdater.NAME_MAX_LENGTH;
 import static org.sonar.server.ws.WsUtils.checkFound;
 import static org.sonarqube.ws.client.user.UsersWsParameters.ACTION_UPDATE;
 import static org.sonarqube.ws.client.user.UsersWsParameters.PARAM_EMAIL;
@@ -73,15 +76,18 @@ public class UpdateAction implements UsersWsAction {
       .setResponseExample(getClass().getResource("update-example.json"));
 
     action.createParam(PARAM_LOGIN)
-      .setDescription("User login")
       .setRequired(true)
+      .setMaximumLength(LOGIN_MAX_LENGTH)
+      .setDescription("User login")
       .setExampleValue("myuser");
 
     action.createParam(PARAM_NAME)
+      .setMaximumLength(NAME_MAX_LENGTH)
       .setDescription("User name")
       .setExampleValue("My Name");
 
     action.createParam(PARAM_EMAIL)
+      .setMaximumLength(EMAIL_MAX_LENGTH)
       .setDescription("User email")
       .setExampleValue("myname@email.com");
author	Guillaume Jambet <guillaume.jambet@sonarsource.com>	2017-11-02 15:26:13 +0100
committer	Guillaume Jambet <guillaume.jambet@gmail.com>	2017-11-08 13:51:31 +0100
commit	003b9096c724138f9c206d379a97dcf81268ae1a (patch)
tree	18430df03ddf54c3eba81a836edf5e30f4e96218 /server
parent	763476fc5561cdebaa13393b123464178dd9a1f1 (diff)
download	sonarqube-003b9096c724138f9c206d379a97dcf81268ae1a.tar.gz sonarqube-003b9096c724138f9c206d379a97dcf81268ae1a.zip