diff options
4 files changed, 83 insertions, 49 deletions
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Users.java b/juick-api/src/main/java/com/juick/api/controllers/Users.java index 75dea5f5..396a716c 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Users.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Users.java @@ -5,6 +5,7 @@ import com.juick.api.util.HttpForbiddenException; import com.juick.api.util.HttpNotFoundException; import com.juick.service.UserService; import com.juick.util.UserUtils; +import com.juick.util.WebUtils; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -15,12 +16,9 @@ import org.springframework.web.bind.annotation.ResponseBody; import javax.inject.Inject; import java.security.Principal; import java.util.ArrayList; -import java.util.Arrays; -import java.util.Iterator; import java.util.List; /** - * * @author ugnich */ @Controller @@ -32,39 +30,27 @@ public class Users { @RequestMapping(value = "/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List<User> doGetUsers( - @RequestParam(value = "uname", required = false) String[] punames, - @RequestParam(value = "jid", required = false) String[] pjids) { + @RequestParam(value = "uname", required = false) List<String> unames, + @RequestParam(value = "jid", required = false) List<String> jids) { List<com.juick.User> users = new ArrayList<>(); - if (punames != null) { - ArrayList<String> unames = new ArrayList<>(Arrays.asList(punames)); - Iterator<String> i = unames.iterator(); - while (i.hasNext()) { - if (!i.next().matches("^[a-zA-Z0-9\\-]{2,16}$")) { - i.remove(); - } - } - if (!unames.isEmpty() && unames.size() < 20) { + if (unames != null) { + unames.removeIf(WebUtils::isNotUserName); + + if (!unames.isEmpty() && unames.size() < 20) users.addAll(userService.getUsersByName(unames)); - } } - if (pjids != null) { - List<String> jids = new ArrayList<>(Arrays.asList(pjids)); - Iterator<String> ii = jids.iterator(); - while (ii.hasNext()) { - if (!ii.next().matches("^[a-zA-Z0-9\\-\\_\\@\\.]{6,64}$")) { - ii.remove(); - } - } - if (!jids.isEmpty() && jids.size() < 20) { + if (jids != null) { + jids.removeIf(WebUtils::isNotJid); + + if (!jids.isEmpty() && jids.size() < 20) users.addAll(userService.getUsersByJID(jids)); - } } - if (!users.isEmpty()) { + if (!users.isEmpty()) return users; - } + throw new HttpNotFoundException(); } diff --git a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java index 66cd6048..9425a819 100644 --- a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java +++ b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java @@ -30,8 +30,7 @@ import org.springframework.web.context.WebApplicationContext; import javax.inject.Inject; import javax.servlet.http.Cookie; -import java.util.Collections; -import java.util.Optional; +import java.util.*; import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.is; @@ -105,15 +104,15 @@ public class MessagesTests { @Test public void testAllUnAuthorized() throws Exception { + when(userService.getUserByName(null)) + .thenReturn(new User()); + mockMvc.perform(get("/")) .andExpect(status().is4xxClientError()); mockMvc.perform(get("/home")) .andExpect(status().is4xxClientError()); - mockMvc.perform(get("/messages")) - .andExpect(status().is4xxClientError()); - mockMvc.perform(get("/thread")) .andExpect(status().is4xxClientError()); @@ -229,22 +228,30 @@ public class MessagesTests { .andExpect(header().string("Access-Control-Allow-Methods", "POST,GET,PUT,OPTIONS,DELETE")) .andExpect(header().string("Access-Control-Allow-Headers", "X-PINGOTHER, Content-Type")); } + @Test public void anonymousApis() throws Exception { String ugnichName = "ugnich"; String uginchPassword = "MyPassw0rd!"; String freefdName = "freefd"; String freefdPassword = "MyPassw0rd!"; + User ugnich = getUser(1, ugnichName, uginchPassword); User freefd = getUser(2, freefdName, freefdPassword); - when(userService.getFullyUserByName(ugnichName)) - .thenReturn(ugnich); - when(userService.getFullyUserByName(freefdName)) - .thenReturn(freefd); + + List<String> users = new ArrayList<>(2); + users.add(ugnichName); + users.add(freefdName); + + when(userService.getUsersByName(users)) + .thenReturn(Arrays.asList(ugnich, freefd)); + mockMvc.perform(get("/messages")) .andExpect(status().isOk()); + mockMvc.perform(get("/users") - .param("uname", "ugnich").param("uname", "freefd")) + .param("uname", "ugnich") + .param("uname", "freefd")) .andExpect(status().isOk()) .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8)) .andExpect(jsonPath("$", hasSize(2))); diff --git a/juick-server/src/main/java/com/juick/util/WebUtils.java b/juick-server/src/main/java/com/juick/util/WebUtils.java new file mode 100644 index 00000000..8e240c5d --- /dev/null +++ b/juick-server/src/main/java/com/juick/util/WebUtils.java @@ -0,0 +1,45 @@ +package com.juick.util; + +import java.util.regex.Pattern; + +/** + * Created by aalexeev on 11/28/16. + */ +public class WebUtils { + private WebUtils() { + throw new IllegalStateException(); + } + + private static final Pattern USER_NAME_PATTERN = Pattern.compile("[a-zA-Z-_\\d]{2,16}"); + + private static final Pattern POST_NUMBER_PATTERN = Pattern.compile("-?\\d+"); + + private static final Pattern JID_PATTERN = Pattern.compile("^[a-zA-Z0-9\\\\-\\\\_\\\\@\\\\.]{6,64}$"); + + + public static boolean isPostNumber(final String aString) { + return aString != null && POST_NUMBER_PATTERN.matcher(aString).matches(); + } + + public static boolean isNotPostNumber(final String aString) { + return !isPostNumber(aString); + } + + public static boolean isUserName(final String aString) { + return aString != null && USER_NAME_PATTERN.matcher(aString).matches(); + } + + public static boolean isNotUserName(final String aString) { + return !isUserName(aString); + } + + public static boolean isJid(final String aString) { + return aString != null && JID_PATTERN.matcher(aString).matches(); + } + + public static boolean isNotJid(final String aString) { + return !isJid(aString); + } + + +} diff --git a/juick-spring-www/src/main/java/com/juick/www/controllers/ShowMessageController.java b/juick-spring-www/src/main/java/com/juick/www/controllers/ShowMessageController.java index 59ab52c2..e95bd7cf 100644 --- a/juick-spring-www/src/main/java/com/juick/www/controllers/ShowMessageController.java +++ b/juick-spring-www/src/main/java/com/juick/www/controllers/ShowMessageController.java @@ -3,6 +3,7 @@ package com.juick.www.controllers; import com.juick.User; import com.juick.service.MessagesService; import com.juick.service.UserService; +import com.juick.util.WebUtils; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.math.NumberUtils; import org.springframework.stereotype.Controller; @@ -12,17 +13,12 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import javax.inject.Inject; -import java.util.regex.Pattern; /** * Created by aalexeev on 11/21/16. */ @Controller public class ShowMessageController { - private static final Pattern USER_NAME_PATTERN = Pattern.compile("[a-zA-Z-_\\d]{2,16}"); - - private static final Pattern POST_NUMBER_PATTERN = Pattern.compile("-?\\d+"); - @Inject private UserService userService; @Inject @@ -48,7 +44,7 @@ public class ShowMessageController { } if (before == 0) { - boolean isPostNumber = POST_NUMBER_PATTERN.matcher(anything).matches(); + boolean isPostNumber = WebUtils.isPostNumber(anything); int messageId = isPostNumber ? NumberUtils.toInt(anything) : 0; @@ -84,7 +80,7 @@ public class ShowMessageController { int before, Model model) { // Check validity of user name before quering from database - if (!USER_NAME_PATTERN.matcher(userName).matches()) { + if (WebUtils.isNotUserName(userName)) { model.addAttribute("userName", userName); return "userNotFound"; } @@ -103,7 +99,7 @@ public class ShowMessageController { @PathVariable String userName, Model model) { // Check validity of user name before quering from database - if (!USER_NAME_PATTERN.matcher(userName).matches()) { + if (WebUtils.isNotUserName(userName)) { model.addAttribute("userName", userName); return "userNotFound"; } @@ -122,7 +118,7 @@ public class ShowMessageController { @PathVariable String userName, Model model) { // Check validity of user name before quering from database - if (!USER_NAME_PATTERN.matcher(userName).matches()) { + if (WebUtils.isNotUserName(userName)) { model.addAttribute("userName", userName); return "userNotFound"; } @@ -141,7 +137,7 @@ public class ShowMessageController { @PathVariable String userName, Model model) { // Check validity of user name before quering from database - if (!USER_NAME_PATTERN.matcher(userName).matches()) { + if (WebUtils.isNotUserName(userName)) { model.addAttribute("userName", userName); return "userNotFound"; } @@ -161,13 +157,13 @@ public class ShowMessageController { @PathVariable String postNumber, Model model) { // Check validity of post number before quering from database - if (!POST_NUMBER_PATTERN.matcher(postNumber).matches()) { + if (WebUtils.isNotPostNumber(postNumber)) { model.addAttribute("messageId", postNumber); return "postNotFound"; } // Check validity of user name before quering from database - if (!USER_NAME_PATTERN.matcher(userName).matches()) { + if (WebUtils.isNotUserName(userName)) { model.addAttribute("userName", userName); return "userNotFound"; } |