Index: lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java =================================================================== RCS file: /usr/local/cvsroot/lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java,v diff -u -r1.18 -r1.19 --- lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java 3 Sep 2013 10:55:52 -0000 1.18 +++ lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java 9 Apr 2014 15:54:16 -0000 1.19 @@ -41,6 +41,7 @@ import org.apache.poi.hssf.usermodel.HSSFSheet; import org.apache.poi.hssf.usermodel.HSSFWorkbook; import org.apache.poi.poifs.filesystem.POIFSFileSystem; +import org.apache.struts.action.ActionMessage; import org.apache.struts.upload.FormFile; import org.lamsfoundation.lams.admin.AdminConstants; import org.lamsfoundation.lams.themes.Theme; @@ -58,6 +59,7 @@ import org.lamsfoundation.lams.util.HashUtil; import org.lamsfoundation.lams.util.LanguageUtil; import org.lamsfoundation.lams.util.MessageService; +import org.lamsfoundation.lams.util.ValidationUtil; import org.lamsfoundation.lams.util.audit.IAuditService; import org.lamsfoundation.lams.web.session.SessionManager; import org.lamsfoundation.lams.web.util.AttributeNames; @@ -243,11 +245,19 @@ String[] args = new String[1]; String name = parseStringCell(row.getCell(NAME)); - if (name==null || name=="") { - rowResult.add(messageService.getMessage("error.name.required")); - hasError = true; - return null; + + //validate organisation name + if (StringUtils.isBlank(name)) { + rowResult.add(messageService.getMessage("error.name.required")); + hasError = true; + return null; + + } else if (!ValidationUtil.isOrgNameValid(name)) { + rowResult.add(messageService.getMessage("error.orgname.invalid.characters")); + hasError = true; + return null; } + org.setName(name); org.setCode(parseStringCell(row.getCell(CODE))); org.setDescription(parseStringCell(row.getCell(DESCRIPTION))); @@ -469,123 +479,149 @@ } } - /* - * gathers error messages for each cell as required, unless it's the login field in which case, - * flags whole row as empty. - */ - private User parseUser(HSSFRow row, int rowIndex) { - User user = new User(); - String[] args = new String[1]; - - String login = parseStringCell(row.getCell(LOGIN)); - if (login==null || login=="") { - rowResult.add(messageService.getMessage("error.login.required")); - hasError = true; - return null; - } else if (service.getUserByLogin(login)!=null) { - args[0] = "("+login+")"; - rowResult.add(messageService.getMessage("error.login.unique", args)); - hasError = true; - return null; - } + /* + * gathers error messages for each cell as required, unless it's the login field in which case, flags whole row as + * empty. + */ + private User parseUser(HSSFRow row, int rowIndex) { + User user = new User(); + String[] args = new String[1]; - user.setLogin(login); - - String password = HashUtil.sha1(parseStringCell(row.getCell(PASSWORD))); - user.setPassword(password); - - user.setTitle(parseStringCell(row.getCell(TITLE))); - - String fname = parseStringCell(row.getCell(FIRST_NAME)); - if (fname==null || fname=="") { - rowResult.add(messageService.getMessage("error.firstname.required")); - hasError = true; - } else { - user.setFirstName(fname); - } - - String lname = parseStringCell(row.getCell(LAST_NAME)); - if (lname==null || lname=="") { - rowResult.add(messageService.getMessage("error.lastname.required")); - hasError = true; - } else { - user.setLastName(lname); - } - - String authMethodName = parseStringCell(row.getCell(AUTH_METHOD)); - AuthenticationMethod authMethod = getAuthMethod(authMethodName); - if (authMethod==null) { - args[0] = "("+authMethodName+")"; - rowResult.add(messageService.getMessage("error.authmethod.invalid", args)); - hasError = true; - } else { - user.setAuthenticationMethod(authMethod); - } - - String email = parseStringCell(row.getCell(EMAIL)); - if (email==null || email=="") { - rowResult.add(messageService.getMessage("error.email.required")); - hasError = true; - } else { - Pattern p = Pattern.compile(".+@.+\\.[a-z]+"); - Matcher m = p.matcher(email); - if (!m.matches()) { - rowResult.add(messageService.getMessage("error.valid.email.required")); - hasError = true; - } - user.setEmail(email); - } - - String flashId = parseStringCell(row.getCell(FLASH_THEME)); - Theme flashTheme = getFlashTheme(flashId); - if (flashTheme==null) { - args[0] = "("+flashId+")"; - rowResult.add(messageService.getMessage("error.flash.theme.invalid", args)); - hasError = true; - } else { - user.setFlashTheme(flashTheme); - } + String login = parseStringCell(row.getCell(LOGIN)); + // login validation + if (StringUtils.isBlank(login)) { + rowResult.add(messageService.getMessage("error.login.required")); + hasError = true; + return null; + + } else if (!ValidationUtil.isUserNameValid(login)) { + rowResult.add(messageService.getMessage("error.login.invalid.characters")); + hasError = true; + return null; + + } else if (service.getUserByLogin(login) != null) { + args[0] = "(" + login + ")"; + rowResult.add(messageService.getMessage("error.login.unique", args)); + hasError = true; + return null; + } + user.setLogin(login); - String htmlId = parseStringCell(row.getCell(HTML_THEME)); - Theme htmlTheme = getHtmlTheme(htmlId); - if (htmlTheme==null) { - args[0] = "("+htmlId+")"; - rowResult.add(messageService.getMessage("error.html.theme.invalid", args)); - hasError = true; - } else { - user.setHtmlTheme(htmlTheme); - } - - String localeId = parseStringCell(row.getCell(LOCALE)); - SupportedLocale locale = getLocale(localeId); - if (locale==null) { - args[0] = "("+localeId+")"; - rowResult.add(messageService.getMessage("error.locale.invalid", args)); - hasError = true; - } else { - user.setLocale(locale); - } - - user.setAddressLine1(parseStringCell(row.getCell(ADDRESS1))); - user.setAddressLine2(parseStringCell(row.getCell(ADDRESS2))); - user.setAddressLine3(parseStringCell(row.getCell(ADDRESS3))); - user.setCity(parseStringCell(row.getCell(CITY))); - user.setState(parseStringCell(row.getCell(STATE))); - user.setPostcode(parseStringCell(row.getCell(POSTCODE))); - user.setCountry(parseStringCell(row.getCell(COUNTRY))); - user.setDayPhone(parseStringCell(row.getCell(DAY_PHONE))); - user.setEveningPhone(parseStringCell(row.getCell(EVE_PHONE))); - user.setMobilePhone(parseStringCell(row.getCell(MOB_PHONE))); - user.setFax(parseStringCell(row.getCell(FAX))); - user.setDisabledFlag(false); - user.setCreateDate(new Date()); - user.setTimeZone(user.getTimeZone()); - user.setTutorialsDisabled(false); - user.setFirstLogin(true); - - return (hasError ? null : user); + String password = HashUtil.sha1(parseStringCell(row.getCell(PASSWORD))); + // password validation + if (StringUtils.isBlank(password)) { + rowResult.add(messageService.getMessage("error.password.required")); + hasError = true; + return null; } + user.setPassword(password); + + user.setTitle(parseStringCell(row.getCell(TITLE))); + + String firstName = parseStringCell(row.getCell(FIRST_NAME)); + // first name validation + if (StringUtils.isBlank(firstName)) { + rowResult.add(messageService.getMessage("error.firstname.required")); + hasError = true; + } else if (!ValidationUtil.isFirstLastNameValid(firstName)) { + rowResult.add(messageService.getMessage("error.firstname.invalid.characters")); + hasError = true; + + } else { + user.setFirstName(firstName); + } + + String lastName = parseStringCell(row.getCell(LAST_NAME)); + //last name validation + if (StringUtils.isBlank(lastName)) { + rowResult.add(messageService.getMessage("error.lastname.required")); + hasError = true; + + } else if (!ValidationUtil.isFirstLastNameValid(lastName)) { + rowResult.add(messageService.getMessage("error.lastname.invalid.characters")); + hasError = true; + + } else { + user.setLastName(lastName); + } + + String authMethodName = parseStringCell(row.getCell(AUTH_METHOD)); + AuthenticationMethod authMethod = getAuthMethod(authMethodName); + //auth method validation + if (authMethod == null) { + args[0] = "(" + authMethodName + ")"; + rowResult.add(messageService.getMessage("error.authmethod.invalid", args)); + hasError = true; + + } else { + user.setAuthenticationMethod(authMethod); + } + + String email = parseStringCell(row.getCell(EMAIL)); + //user email validation + if (StringUtils.isBlank(email)) { + rowResult.add(messageService.getMessage("error.email.required")); + hasError = true; + + } else if (!ValidationUtil.isEmailValid(email)) { + rowResult.add(messageService.getMessage("error.valid.email.required")); + hasError = true; + + } else { + user.setEmail(email); + } + + String flashId = parseStringCell(row.getCell(FLASH_THEME)); + Theme flashTheme = getFlashTheme(flashId); + if (flashTheme == null) { + args[0] = "(" + flashId + ")"; + rowResult.add(messageService.getMessage("error.flash.theme.invalid", args)); + hasError = true; + } else { + user.setFlashTheme(flashTheme); + } + + String htmlId = parseStringCell(row.getCell(HTML_THEME)); + Theme htmlTheme = getHtmlTheme(htmlId); + if (htmlTheme == null) { + args[0] = "(" + htmlId + ")"; + rowResult.add(messageService.getMessage("error.html.theme.invalid", args)); + hasError = true; + } else { + user.setHtmlTheme(htmlTheme); + } + + String localeId = parseStringCell(row.getCell(LOCALE)); + SupportedLocale locale = getLocale(localeId); + if (locale == null) { + args[0] = "(" + localeId + ")"; + rowResult.add(messageService.getMessage("error.locale.invalid", args)); + hasError = true; + } else { + user.setLocale(locale); + } + + user.setAddressLine1(parseStringCell(row.getCell(ADDRESS1))); + user.setAddressLine2(parseStringCell(row.getCell(ADDRESS2))); + user.setAddressLine3(parseStringCell(row.getCell(ADDRESS3))); + user.setCity(parseStringCell(row.getCell(CITY))); + user.setState(parseStringCell(row.getCell(STATE))); + user.setPostcode(parseStringCell(row.getCell(POSTCODE))); + user.setCountry(parseStringCell(row.getCell(COUNTRY))); + user.setDayPhone(parseStringCell(row.getCell(DAY_PHONE))); + user.setEveningPhone(parseStringCell(row.getCell(EVE_PHONE))); + user.setMobilePhone(parseStringCell(row.getCell(MOB_PHONE))); + user.setFax(parseStringCell(row.getCell(FAX))); + user.setDisabledFlag(false); + user.setCreateDate(new Date()); + user.setTimeZone(user.getTimeZone()); + user.setTutorialsDisabled(false); + user.setFirstLogin(true); + + return (hasError ? null : user); + } + /* * the methods below return legible data from individual cells */ Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/ServerSaveAction.java =================================================================== RCS file: /usr/local/cvsroot/lams_admin/src/java/org/lamsfoundation/lams/admin/web/ServerSaveAction.java,v diff -u -r1.7 -r1.8 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/ServerSaveAction.java 1 Jul 2009 02:39:08 -0000 1.7 +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/ServerSaveAction.java 9 Apr 2014 15:54:16 -0000 1.8 @@ -50,6 +50,7 @@ import org.lamsfoundation.lams.usermanagement.service.IUserManagementService; import org.lamsfoundation.lams.util.LanguageUtil; import org.lamsfoundation.lams.util.MessageService; +import org.lamsfoundation.lams.util.ValidationUtil; import org.lamsfoundation.lams.web.session.SessionManager; import org.lamsfoundation.lams.web.util.AttributeNames; @@ -97,11 +98,17 @@ Organisation org = null; UserDTO user = (UserDTO) SessionManager.getSession().getAttribute(AttributeNames.USER); if ((Boolean) serverOrgMapForm.get("newOrg")) { + String orgName = serverOrgMapForm.getString("orgName"); if (StringUtils.trimToNull(orgName) == null) { - errors.add("orgId", new ActionMessage("error.required", messageService - .getMessage("sysadmin.organisation"))); + errors.add("orgId", + new ActionMessage("error.required", messageService.getMessage("sysadmin.organisation"))); + + } else if (!ValidationUtil.isOrgNameValid(orgName)) { + errors.add("orgId", new ActionMessage("error.orgname.invalid.characters")); + } else { + org = new Organisation(); org.setName(orgName); org.setParentOrganisation(userService.getRootOrganisation()); @@ -116,6 +123,7 @@ serverOrgMapForm.set("newOrg", false); serverOrgMapForm.set("orgName", null); } + } else { Integer orgId = (Integer) serverOrgMapForm.get("orgId"); if (orgId.equals(-1)) { Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/UserSaveAction.java =================================================================== RCS file: /usr/local/cvsroot/lams_admin/src/java/org/lamsfoundation/lams/admin/web/UserSaveAction.java,v diff -u -r1.37 -r1.38 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/UserSaveAction.java 14 Jan 2014 15:53:03 -0000 1.37 +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/UserSaveAction.java 9 Apr 2014 15:54:16 -0000 1.38 @@ -43,12 +43,14 @@ import org.apache.struts.action.DynaActionForm; import org.lamsfoundation.lams.admin.AdminConstants; import org.lamsfoundation.lams.admin.service.AdminServiceProxy; +import org.lamsfoundation.lams.integration.UserInfoValidationException; import org.lamsfoundation.lams.themes.Theme; import org.lamsfoundation.lams.usermanagement.AuthenticationMethod; import org.lamsfoundation.lams.usermanagement.SupportedLocale; import org.lamsfoundation.lams.usermanagement.User; import org.lamsfoundation.lams.usermanagement.service.IUserManagementService; import org.lamsfoundation.lams.util.HashUtil; +import org.lamsfoundation.lams.util.ValidationUtil; /** * @author Jun-Dir Liew @@ -107,13 +109,12 @@ user = (User) UserSaveAction.service.findById(User.class, userId); } - // (dyna)form validation - String login = userForm.getString("login"); - if (login != null) { - login = login.trim(); - } - if ((login == null) || (login.length() == 0)) { + // login validation + String login = (userForm.get("login") == null) ? null : userForm.getString("login").trim(); + if (StringUtils.isBlank(login)) { errors.add("login", new ActionMessage("error.login.required")); + } else if (!ValidationUtil.isUserNameValid(login)) { + errors.add("login", new ActionMessage("error.login.invalid.characters")); } else { userForm.set("login", login); User existingUser = UserSaveAction.service.getUserByLogin(login); @@ -128,29 +129,40 @@ } } - if (!StringUtils.equals((String) userForm.get("password"), ((String) userForm.get("password2")))) { + //password validation + String password = (userForm.get("password") == null) ? null : (String) userForm.get("password"); + if (!StringUtils.equals(password, ((String) userForm.get("password2")))) { errors.add("password", new ActionMessage("error.newpassword.mismatch")); } - if ((userForm.get("password") == null) || (userForm.getString("password").trim().length() == 0)) { + if (StringUtils.isBlank(password)) { passwordChanged = false; if (!edit) { errors.add("password", new ActionMessage("error.password.required")); } } - if ((userForm.get("firstName") == null) || (userForm.getString("firstName").trim().length() == 0)) { + + //first name validation + String firstName = (userForm.get("firstName") == null) ? null : (String) userForm.get("firstName"); + if (StringUtils.isBlank(firstName)) { errors.add("firstName", new ActionMessage("error.firstname.required")); + } else if (!ValidationUtil.isFirstLastNameValid(firstName)) { + errors.add("firstName", new ActionMessage("error.firstname.invalid.characters")); } - if ((userForm.get("lastName") == null) || (userForm.getString("lastName").trim().length() == 0)) { + + //last name validation + String lastName = (userForm.get("lastName") == null) ? null : (String) userForm.get("lastName"); + if (StringUtils.isBlank(lastName)) { errors.add("lastName", new ActionMessage("error.lastname.required")); + } else if (!ValidationUtil.isFirstLastNameValid(lastName)) { + errors.add("lastName", new ActionMessage("error.lastname.invalid.characters")); } - if ((userForm.get("email") == null) || (userForm.getString("email").trim().length() == 0)) { + + //user email validation + String userEmail = (userForm.get("email") == null) ? null : (String) userForm.get("email"); + if (StringUtils.isBlank(userEmail)) { errors.add("email", new ActionMessage("error.email.required")); - } else { - Pattern p = Pattern.compile(".+@.+\\.[a-z]+"); - Matcher m = p.matcher(userForm.getString("email")); - if (!m.matches()) { - errors.add("email", new ActionMessage("error.valid.email.required")); - } + } else if (!ValidationUtil.isEmailValid(userEmail)) { + errors.add("email", new ActionMessage("error.valid.email.required")); } if (errors.isEmpty()) { Index: lams_central/src/java/org/lamsfoundation/lams/webservice/RegisterServiceSoapBindingImpl.java =================================================================== RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/webservice/RegisterServiceSoapBindingImpl.java,v diff -u -r1.17 -r1.18 --- lams_central/src/java/org/lamsfoundation/lams/webservice/RegisterServiceSoapBindingImpl.java 8 Jan 2010 01:49:15 -0000 1.17 +++ lams_central/src/java/org/lamsfoundation/lams/webservice/RegisterServiceSoapBindingImpl.java 9 Apr 2014 15:54:14 -0000 1.18 @@ -13,10 +13,12 @@ import org.apache.axis.MessageContext; import org.apache.axis.transport.http.HTTPConstants; +import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.lamsfoundation.lams.integration.ExtCourseClassMap; import org.lamsfoundation.lams.integration.ExtServerOrgMap; import org.lamsfoundation.lams.integration.ExtUserUseridMap; +import org.lamsfoundation.lams.integration.UserInfoValidationException; import org.lamsfoundation.lams.integration.security.Authenticator; import org.lamsfoundation.lams.integration.service.IIntegrationService; import org.lamsfoundation.lams.lesson.Lesson; @@ -31,6 +33,7 @@ import org.lamsfoundation.lams.usermanagement.UserOrganisationRole; import org.lamsfoundation.lams.usermanagement.service.IUserManagementService; import org.lamsfoundation.lams.util.LanguageUtil; +import org.lamsfoundation.lams.util.ValidationUtil; import org.springframework.web.context.support.WebApplicationContextUtils; /** @@ -111,6 +114,13 @@ public int createOrganisation(String name, String code, String description, String owner, String serverId, String datetime, String hash) throws java.rmi.RemoteException { try { + // validate organisation name + if (StringUtils.isNotBlank(name) && !ValidationUtil.isOrgNameValid(name)) { + throw new UserInfoValidationException("Can't create organisation due to validation error: " + + "organisation name cannot contain any of these characters < > ^ * @ % $. External serverId:" + + serverId + ", orgName:" + name); + } + Organisation org = new Organisation(); org.setName(name); org.setCode(code); Index: lams_common/src/java/org/lamsfoundation/lams/integration/service/IntegrationService.java =================================================================== RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/integration/service/IntegrationService.java,v diff -u -r1.32 -r1.33 --- lams_common/src/java/org/lamsfoundation/lams/integration/service/IntegrationService.java 9 Apr 2014 11:57:57 -0000 1.32 +++ lams_common/src/java/org/lamsfoundation/lams/integration/service/IntegrationService.java 9 Apr 2014 15:54:12 -0000 1.33 @@ -158,6 +158,16 @@ // update external course name if if has changed String requestedCourseName = prefix ? buildName(serverMap.getPrefix(), extCourseName) : extCourseName; if (extCourseName != null && !org.getName().equals(requestedCourseName)) { + + //validate org name + if (!ValidationUtil.isOrgNameValid(requestedCourseName)) { + throw new UserInfoValidationException( + "Can't create organisation due to validation error: " + + "organisation name cannot contain any of these characters < > ^ * @ % $. External server:" + + serverMap.getServerid() + ", orgId:" + extCourseId + ", orgName:" + + requestedCourseName); + } + org.setName(requestedCourseName); service.updateOrganisationandWorkspaceNames(org); } Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/Organisation.java =================================================================== RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/usermanagement/Organisation.java,v diff -u -r1.23 -r1.24 --- lams_common/src/java/org/lamsfoundation/lams/usermanagement/Organisation.java 2 Aug 2013 08:43:19 -0000 1.23 +++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/Organisation.java 9 Apr 2014 15:54:12 -0000 1.24 @@ -105,34 +105,6 @@ private String orderedLessonIds; - /** full constructor */ - public Organisation(String name, String description, Organisation parentOrganisation, Date createDate, - User createdBy, Workspace workspace, OrganisationType organisationType, Set userOrganisations, - Set childOrganisations, Set lessons, Boolean courseAdminCanAddNewUsers, - Boolean courseAdminCanBrowseAllUsers, Boolean courseAdminCanChangeStatusOfCourse, - Boolean courseAdminCanCreateGuestAccounts, Boolean enableCourseNotifications, String orderedLessonIds, - Boolean enableGradebookForLearners, Boolean enableGradebookForMonitors, Boolean enableSingleActivityLessons) { - this.name = name; - this.description = description; - this.parentOrganisation = parentOrganisation; - this.createDate = createDate; - this.createdBy = createdBy; - this.workspace = workspace; - this.organisationType = organisationType; - this.userOrganisations = userOrganisations; - this.childOrganisations = childOrganisations; - this.lessons = lessons; - this.courseAdminCanAddNewUsers = courseAdminCanAddNewUsers; - this.courseAdminCanBrowseAllUsers = courseAdminCanBrowseAllUsers; - this.courseAdminCanChangeStatusOfCourse = courseAdminCanChangeStatusOfCourse; - this.courseAdminCanCreateGuestAccounts = courseAdminCanCreateGuestAccounts; - this.enableCourseNotifications = enableCourseNotifications; - this.orderedLessonIds = orderedLessonIds; - this.enableGradebookForLearners = enableGradebookForLearners; - this.enableGradebookForMonitors = enableGradebookForMonitors; - this.enableSingleActivityLessons = enableSingleActivityLessons; - } - /** default constructor */ public Organisation() { this.courseAdminCanAddNewUsers = Boolean.FALSE; @@ -145,37 +117,6 @@ this.enableSingleActivityLessons = Boolean.FALSE; } - /** minimal constructor */ - public Organisation(Date createDate, User createdBy, Workspace workspace, OrganisationType organisationType, - Set userOrganisations, Set lessons) { - this.createDate = createDate; - this.createdBy = createdBy; - this.workspace = workspace; - this.organisationType = organisationType; - this.userOrganisations = userOrganisations; - this.lessons = lessons; - - // mandatory fields in the db - this.courseAdminCanAddNewUsers = Boolean.FALSE; - this.courseAdminCanBrowseAllUsers = Boolean.FALSE; - this.courseAdminCanChangeStatusOfCourse = Boolean.FALSE; - this.courseAdminCanCreateGuestAccounts = Boolean.FALSE; - this.enableCourseNotifications = Boolean.FALSE; - this.enableGradebookForLearners = Boolean.FALSE; - this.enableGradebookForMonitors = Boolean.FALSE; - this.enableSingleActivityLessons = Boolean.FALSE; - } - - public Organisation(String name, String description, Date createDate, User createdBy, - OrganisationType organisationType) { - super(); - this.name = name; - this.description = description; - this.createDate = createDate; - this.createdBy = createdBy; - this.organisationType = organisationType; - } - public Integer getOrganisationId() { return this.organisationId; }