aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--juick-server/src/main/java/com/juick/server/api/Messages.java6
-rw-r--r--juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java22
-rw-r--r--juick-server/src/test/java/com/juick/server/tests/ServerTests.java27
3 files changed, 55 insertions, 0 deletions
diff --git a/juick-server/src/main/java/com/juick/server/api/Messages.java b/juick-server/src/main/java/com/juick/server/api/Messages.java
index d7c07391..db6463dd 100644
--- a/juick-server/src/main/java/com/juick/server/api/Messages.java
+++ b/juick-server/src/main/java/com/juick/server/api/Messages.java
@@ -24,10 +24,12 @@ import com.juick.server.Utils;
import com.juick.server.component.MessageReadEvent;
import com.juick.server.helpers.CommandResult;
import com.juick.server.util.HttpBadRequestException;
+import com.juick.server.util.HttpNotFoundException;
import com.juick.server.util.UserUtils;
import com.juick.service.MessagesService;
import com.juick.service.TagService;
import com.juick.service.UserService;
+import com.juick.service.security.entities.JuickUser;
import org.apache.commons.io.IOUtils;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.http.HttpStatus;
@@ -167,6 +169,10 @@ public class Messages {
if (!messagesService.canViewThread(mid, visitor.getUid())) {
return FORBIDDEN;
} else {
+ JuickUser juickUser = new JuickUser(userService.getUserByName(msg.getUser().getName()));
+ if (!juickUser.isEnabled()) {
+ throw new HttpNotFoundException();
+ }
msg.setRecommendations(new HashSet<>(messagesService.getMessageRecommendations(msg.getMid())));
List<com.juick.Message> replies = messagesService.getReplies(visitor, mid);
if (!visitor.isAnonymous()) {
diff --git a/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java b/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java
index 807f4a9d..125e4f63 100644
--- a/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java
+++ b/juick-server/src/main/java/com/juick/service/MessagesServiceImpl.java
@@ -20,6 +20,8 @@ package com.juick.service;
import com.juick.*;
import com.juick.server.helpers.PrivacyOpts;
import com.juick.server.helpers.ResponseReply;
+import com.juick.server.util.HttpNotFoundException;
+import com.juick.service.security.entities.JuickUser;
import com.juick.util.MessageUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
@@ -649,6 +651,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
.addValue("privacy", privacy)
.addValue("before", before);
+ JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new));
+ if (!juickUser.isEnabled()) {
+ throw new HttpNotFoundException();
+ }
+
return getNamedParameterJdbcTemplate().queryForList(
"SELECT message_id FROM messages WHERE user_id = :uid" +
(before > 0 ?
@@ -667,6 +674,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
.addValue("privacy", privacy)
.addValue("before", before);
+ JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new));
+ if (!juickUser.isEnabled()) {
+ throw new HttpNotFoundException();
+ }
+
return getNamedParameterJdbcTemplate().queryForList(
"SELECT messages.message_id FROM messages_tags INNER JOIN messages " +
" USING (message_id) WHERE messages.user_id = :uid AND messages_tags.tag_id = :tid " +
@@ -685,6 +697,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
.addValue("privacy", privacy)
.addValue("daysback", daysback);
+ JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new));
+ if (!juickUser.isEnabled()) {
+ throw new HttpNotFoundException();
+ }
+
return getNamedParameterJdbcTemplate().queryForList(
"SELECT message_id FROM messages WHERE user_id = :uid" +
(daysback > 0 ?
@@ -703,6 +720,11 @@ public class MessagesServiceImpl extends BaseJdbcService implements MessagesServ
.addValue("privacy", privacy)
.addValue("before", before);
+ JuickUser juickUser = new JuickUser(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new));
+ if (!juickUser.isEnabled()) {
+ throw new HttpNotFoundException();
+ }
+
return getNamedParameterJdbcTemplate().queryForList(
"SELECT message_id FROM " +
"(SELECT message_id FROM favorites " +
diff --git a/juick-server/src/test/java/com/juick/server/tests/ServerTests.java b/juick-server/src/test/java/com/juick/server/tests/ServerTests.java
index 9f573e82..88cdd24c 100644
--- a/juick-server/src/test/java/com/juick/server/tests/ServerTests.java
+++ b/juick-server/src/test/java/com/juick/server/tests/ServerTests.java
@@ -1225,6 +1225,7 @@ public class ServerTests {
assertThat(getStatus.get().getInbound().size(), is(0));
ConnectionIn test = new ConnectionIn(server, new Socket("localhost", server.getServerPort()));
test.from.add(Jid.of("test"));
+ server.getInConnections().clear();
server.addConnectionIn(test);
assertThat(getStatus.get().getInbound().size(), is(1));
}
@@ -1255,4 +1256,30 @@ public class ServerTests {
// uid, name, xmlns, xmlns:user
assertThat(attrs.getLength(), is(4));
}
+ @Test
+ public void bannedUserBlogandPostShouldReturn404() throws Exception {
+ String userName = "isilmine";
+ String userPassword = "secret";
+ String msgText = "автор этого поста был забанен";
+
+ User isilmine = userService.getUserByUID(userService.createUser(userName, userPassword)).orElseThrow(IllegalStateException::new);
+ int mid = messagesService.createMessage(isilmine.getUid(), msgText, null, null);
+ mockMvc.perform(get(String.format("/thread?mid=%d", mid)).with(httpBasic(ugnichName, ugnichPassword)))
+ .andExpect(status().isOk());
+ jdbcTemplate.update("UPDATE users SET banned=1 WHERE id=?", isilmine.getUid());
+ mockMvc.perform(get(String.format("/thread?mid=%d", mid)).with(httpBasic(ugnichName, ugnichPassword)))
+ .andExpect(status().isNotFound());
+ mockMvc.perform(get("/messages?uname=isilmine").with(httpBasic(ugnichName, ugnichPassword)))
+ .andExpect(status().isNotFound());
+ }
+
+ @Test
+ public void emptyPasswordMeansUserIsDisabled() throws Exception {
+ String userName = "oldschooluser";
+ String userPassword = "";
+
+ userService.createUser(userName, userPassword);
+
+ mockMvc.perform(get("/auth").with(httpBasic(userName, userPassword))).andExpect(status().isUnauthorized());
+ }
}