src/main/java/org/eclipse/openk/portal/controller/InputDataValuator.java - openk-coremodules/org.eclipse.openk-coremodules.authandauth - Git at Google

 /**
 ******************************************************************************
 * Copyright © 2017-2018 PTA GmbH.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 *
 *     http://www.eclipse.org/legal/epl-v10.html
 *
 ******************************************************************************
 */
 package org.eclipse.openk.portal.controller;

 import org.apache.log4j.Logger;
 import org.eclipse.openk.portal.common.Globals;
 import org.eclipse.openk.portal.common.JsonGeneratorBase;
 import org.eclipse.openk.portal.exceptions.PortalBadRequest;
 import org.eclipse.openk.portal.exceptions.PortalUnauthorized;
 import org.eclipse.openk.portal.viewmodel.LoginCredentials;

 public class InputDataValuator {
     private static final Logger LOGGER = Logger.getLogger(InputDataValuator.class.getName());

     private static final String WHITELIST = "[^a-zA-ZäÄöÖüÜß?0-9().,-:;_+=!%§&/'#<>\" ]";

     private void checkCredentialsRaw(String credentials) throws PortalUnauthorized {
         if (credentials == null || credentials.isEmpty()) {
             throw new PortalUnauthorized("No credentials provided");
         }
         if (credentials.length() > Globals.MAX_CREDENTIALS_LENGTH) {
             LOGGER.warn("MaxLength of credentials exceeded");

             throw new PortalUnauthorized("Invalid credentials");
         }
     }

     public void checkCredentials(String credentials) throws PortalUnauthorized {
         checkCredentialsRaw(credentials);

         LoginCredentials obj;
         try {
             obj = JsonGeneratorBase.getGson().fromJson(credentials, LoginCredentials.class);
         } catch (Exception e) { // NOSONAR
             obj = null;
         }
         if (obj == null || obj.getUserName() == null || obj.getUserName().isEmpty()) {
             LOGGER.warn("Invalid credentials provided. ");
             throw new PortalUnauthorized("Invalid credentials");
         }
     }

     private void checkWhitelistChars(String txt) throws PortalBadRequest { // NOSONAR 24.09.2018: There's a great possibility that we need a whitebox-charecter check for security reasons again. Because of this, we leave this code
         checkWhitelistChars(txt, false);
     }

     private void checkWhitelistChars(String txt, boolean logTextOnError) throws PortalBadRequest {
         // empty String is ok
         if (txt == null || txt.isEmpty()) {
             return;
         }
         String tx2 = txt.replaceAll(WHITELIST, "");
         if (!tx2.equals(txt)) {
             LOGGER.warn("Invalid text not matching whitelist" + (logTextOnError ? ":" + txt : ""));
             throw new PortalBadRequest("Invalid text data");
         }
     }
 }
	/**
	******************************************************************************
	* Copyright © 2017-2018 PTA GmbH.
	* All rights reserved. This program and the accompanying materials
	* are made available under the terms of the Eclipse Public License v1.0
	* which accompanies this distribution, and is available at
	*
	* http://www.eclipse.org/legal/epl-v10.html
	*
	******************************************************************************
	*/
	package org.eclipse.openk.portal.controller;

	import org.apache.log4j.Logger;
	import org.eclipse.openk.portal.common.Globals;
	import org.eclipse.openk.portal.common.JsonGeneratorBase;
	import org.eclipse.openk.portal.exceptions.PortalBadRequest;
	import org.eclipse.openk.portal.exceptions.PortalUnauthorized;
	import org.eclipse.openk.portal.viewmodel.LoginCredentials;

	public class InputDataValuator {
	private static final Logger LOGGER = Logger.getLogger(InputDataValuator.class.getName());

	private static final String WHITELIST = "[^a-zA-ZäÄöÖüÜß?0-9().,-:;_+=!%§&/'#<>\" ]";

	private void checkCredentialsRaw(String credentials) throws PortalUnauthorized {
	if (credentials == null \|\| credentials.isEmpty()) {
	throw new PortalUnauthorized("No credentials provided");
	}
	if (credentials.length() > Globals.MAX_CREDENTIALS_LENGTH) {
	LOGGER.warn("MaxLength of credentials exceeded");

	throw new PortalUnauthorized("Invalid credentials");
	}
	}

	public void checkCredentials(String credentials) throws PortalUnauthorized {
	checkCredentialsRaw(credentials);

	LoginCredentials obj;
	try {
	obj = JsonGeneratorBase.getGson().fromJson(credentials, LoginCredentials.class);
	} catch (Exception e) { // NOSONAR
	obj = null;
	}
	if (obj == null \|\| obj.getUserName() == null \|\| obj.getUserName().isEmpty()) {
	LOGGER.warn("Invalid credentials provided. ");
	throw new PortalUnauthorized("Invalid credentials");
	}
	}

	private void checkWhitelistChars(String txt) throws PortalBadRequest { // NOSONAR 24.09.2018: There's a great possibility that we need a whitebox-charecter check for security reasons again. Because of this, we leave this code
	checkWhitelistChars(txt, false);
	}

	private void checkWhitelistChars(String txt, boolean logTextOnError) throws PortalBadRequest {
	// empty String is ok
	if (txt == null \|\| txt.isEmpty()) {
	return;
	}
	String tx2 = txt.replaceAll(WHITELIST, "");
	if (!tx2.equals(txt)) {
	LOGGER.warn("Invalid text not matching whitelist" + (logTextOnError ? ":" + txt : ""));
	throw new PortalBadRequest("Invalid text data");
	}
	}
	}