Validate buitinUser before save transaction #5515

Without this submitting an invalid username (e.g. 'a') would cause a messy 500 error.
IQSS · Feb 21, 2019 · 24fd317 · 24fd317
1 parent f96bef3
commit 24fd317
Showing 1 changed file with 20 additions and 4 deletions.
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/ChangeUserIdentifierCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/ChangeUserIdentifierCommand.java
@@ -9,7 +9,6 @@
 import edu.harvard.iq.dataverse.RoleAssignment;
 import edu.harvard.iq.dataverse.authorization.AuthenticatedUserLookup;
 import edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUser;
-import edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUserServiceBean;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
 import edu.harvard.iq.dataverse.engine.command.AbstractVoidCommand;
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
@@ -18,7 +17,11 @@
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 import edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException;
 import java.util.List;
-import javax.ejb.EJB;
+import java.util.Set;
+import javax.validation.ConstraintViolation;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
 
 /**
  *
@@ -44,9 +47,23 @@ public ChangeUserIdentifierCommand(DataverseRequest aRequest, AuthenticatedUser
     }
 
     @Override
-    public void executeImpl(CommandContext ctxt) throws CommandException {              
+    public void executeImpl(CommandContext ctxt) throws CommandException {     
         au.setUserIdentifier(newIdentifier);
         bu.setUserName(newIdentifier);
+
+        //Validate the BuiltinUser change. Username validations are there.
+        ValidatorFactory factory = Validation.buildDefaultValidatorFactory();
+        Validator validator = factory.getValidator();
+        Set<ConstraintViolation<BuiltinUser>> violations = validator.validate(bu);
+        int numViolations = violations.size();
+        if (numViolations > 0) {
+            StringBuilder logMsg = new StringBuilder();
+            for (ConstraintViolation<?> violation : violations) {
+                logMsg.append(" Invalid value: <<<").append(violation.getInvalidValue()).append(">>> for ").append(violation.getPropertyPath()).append(" at ").append(violation.getLeafBean()).append(" - ").append(violation.getMessage());
+            }
+            throw new IllegalCommandException("Validation of submitted data failed. Details: " + logMsg, this);
+        }
+
         AuthenticatedUserLookup aul = au.getAuthenticatedUserLookup();
         aul.setPersistentUserId(newIdentifier);
 
@@ -58,5 +75,4 @@ public void executeImpl(CommandContext ctxt) throws CommandException {
             }
         }
     }
-
 }