[OPENMEETINGS-2762] Invitation hash check is more strict

apache · Mar 28, 2023 · a28dea8 · a28dea8
1 parent 6a10c74
commit a28dea8
Show file tree

Hide file tree

Showing 17 changed files with 114 additions and 87 deletions.
diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/calendar/AppointmentDao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/calendar/AppointmentDao.java
@@ -19,6 +19,7 @@
 package org.apache.openmeetings.db.dao.calendar;
 
 import static java.util.UUID.randomUUID;
+import static org.apache.openmeetings.db.util.DaoHelper.only;
 import static org.apache.openmeetings.db.util.DaoHelper.UNSUPPORTED;
 import static org.apache.openmeetings.util.OpenmeetingsVariables.CONFIG_CALENDAR_ROOM_CAPACITY;
 import static org.apache.openmeetings.util.OpenmeetingsVariables.PARAM_USER_ID;
@@ -75,15 +76,13 @@ public class AppointmentDao implements IDataProviderDao<Appointment>{
 	// -----------------------------------------------------------------------------------------------
 	@Override
 	public Appointment get(Long id) {
-		List<Appointment> list = em.createNamedQuery("getAppointmentById", Appointment.class)
-				.setParameter("id", id).getResultList();
-		return list.size() == 1 ? list.get(0) : null;
+		return only(em.createNamedQuery("getAppointmentById", Appointment.class)
+				.setParameter("id", id).getResultList());
 	}
 
 	public Appointment getAny(Long id) {
-		List<Appointment> list = em.createNamedQuery("getAppointmentByIdAny", Appointment.class)
-				.setParameter("id", id).getResultList();
-		return list.size() == 1 ? list.get(0) : null;
+		return only(em.createNamedQuery("getAppointmentByIdAny", Appointment.class)
+				.setParameter("id", id).getResultList());
 	}
 
 	public List<Appointment> get() {

diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/calendar/MeetingMemberDao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/calendar/MeetingMemberDao.java
@@ -18,6 +18,8 @@
  */
 package org.apache.openmeetings.db.dao.calendar;
 
+import static org.apache.openmeetings.db.util.DaoHelper.only;
+
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -39,9 +41,8 @@ public class MeetingMemberDao {
 	private EntityManager em;
 
 	public MeetingMember get(Long id) {
-		List<MeetingMember> list = em.createNamedQuery("getMeetingMemberById", MeetingMember.class)
-				.setParameter("id", id).getResultList();
-		return list.size() == 1 ? list.get(0) : null;
+		return only(em.createNamedQuery("getMeetingMemberById", MeetingMember.class)
+				.setParameter("id", id).getResultList());
 	}
 
 	public List<MeetingMember> get() {

diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/calendar/OmCalendarDao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/calendar/OmCalendarDao.java
@@ -18,6 +18,7 @@
  */
 package org.apache.openmeetings.db.dao.calendar;
 
+import static org.apache.openmeetings.db.util.DaoHelper.only;
 import static org.apache.openmeetings.db.util.DaoHelper.UNSUPPORTED;
 import static org.apache.openmeetings.util.OpenmeetingsVariables.PARAM_USER_ID;
 
@@ -53,9 +54,8 @@ public List<OmCalendar> get() {
 	 */
 	@Override
 	public OmCalendar get(Long calId) {
-		List<OmCalendar> list = em.createNamedQuery("getCalendarbyId", OmCalendar.class)
-				.setParameter("calId", calId).getResultList();
-		return list.size() == 1 ? list.get(0) : null;
+		return only(em.createNamedQuery("getCalendarbyId", OmCalendar.class)
+				.setParameter("calId", calId).getResultList());
 	}
 
 	/**

diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/file/FileItemDao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/file/FileItemDao.java
@@ -18,6 +18,7 @@
  */
 package org.apache.openmeetings.db.dao.file;
 
+import static org.apache.openmeetings.db.util.DaoHelper.only;
 import static org.apache.openmeetings.db.util.DaoHelper.setLimits;
 
 import java.io.File;
@@ -103,10 +104,9 @@ public FileItem get(Long id) {
 	public FileItem get(String externalId, String externalType) {
 		log.debug("get started");
 
-		List<FileItem> list = em.createNamedQuery("getFileExternal", FileItem.class)
+		return only(em.createNamedQuery("getFileExternal", FileItem.class)
 				.setParameter("externalFileId", externalId).setParameter("externalType", externalType)
-				.getResultList();
-		return list.size() == 1 ? list.get(0) : null;
+				.getResultList());
 	}
 
 	public List<FileItem> get() {

diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/record/RecordingChunkDao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/record/RecordingChunkDao.java
@@ -18,6 +18,8 @@
  */
 package org.apache.openmeetings.db.dao.record;
 
+import static org.apache.openmeetings.db.util.DaoHelper.only;
+
 import java.util.Date;
 import java.util.List;
 
@@ -44,9 +46,8 @@ public class RecordingChunkDao {
 	private RecordingDao recordingDao;
 
 	public RecordingChunk get(Long id) {
-		List<RecordingChunk> list = em.createNamedQuery("getChunkById", RecordingChunk.class)
-				.setParameter("id", id).getResultList();
-		return list.size() == 1 ? list.get(0) : null;
+		return only(em.createNamedQuery("getChunkById", RecordingChunk.class)
+				.setParameter("id", id).getResultList());
 	}
 
 	public List<RecordingChunk> getByRecording(Long recordingId) {

diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/room/InvitationDao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/room/InvitationDao.java
@@ -19,6 +19,7 @@
 package org.apache.openmeetings.db.dao.room;
 
 import static org.apache.openmeetings.db.util.DaoHelper.getRoot;
+import static org.apache.openmeetings.db.util.DaoHelper.only;
 import static org.apache.openmeetings.util.CalendarHelper.getZoneId;
 
 import java.time.LocalDateTime;
@@ -61,9 +62,8 @@ public class InvitationDao implements IDataProviderDao<Invitation> {
 
 	@Override
 	public Invitation get(Long invId) {
-		List<Invitation> list = em.createNamedQuery("getInvitationbyId", Invitation.class)
-				.setParameter("id", invId).getResultList();
-		return list.size() == 1 ? list.get(0) : null;
+		return only(em.createNamedQuery("getInvitationbyId", Invitation.class)
+				.setParameter("id", invId).getResultList());
 	}
 
 	@Override
@@ -159,10 +159,14 @@ public void markUsed(Invitation i) {
 		}
 	}
 
+	private Invitation get(String hash) {
+		Invitation i = only(em.createNamedQuery("getInvitationByHashCode", Invitation.class)
+				.setParameter("hashCode", hash).getResultList());
+		return i != null && i.getHash().equals(hash) ? i : null;
+	}
+
 	public Invitation getByHash(String hash, boolean hidePass) {
-		List<Invitation> list = em.createNamedQuery("getInvitationByHashCode", Invitation.class)
-				.setParameter("hashCode", hash).getResultList();
-		Invitation i = list != null && list.size() == 1 ? list.get(0) : null;
+		Invitation i = get(hash);
 		if (i != null) {
 			switch (i.getValid()) {
 				case ONE_TIME:

diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/room/PollDao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/room/PollDao.java
@@ -18,6 +18,7 @@
  */
 package org.apache.openmeetings.db.dao.room;
 
+import static org.apache.openmeetings.db.util.DaoHelper.only;
 import static org.apache.openmeetings.util.OpenmeetingsVariables.PARAM_USER_ID;
 
 import java.util.Date;
@@ -85,9 +86,8 @@ public RoomPoll get(Long id) {
 
 	public RoomPoll getByRoom(Long roomId) {
 		log.debug(" :: getPoll :: {}", roomId);
-		List<RoomPoll> list = em.createNamedQuery("getPoll", RoomPoll.class)
-				.setParameter(PARAM_ROOMID, roomId).getResultList();
-		return list.size() == 1 ? list.get(0) : null;
+		return only(em.createNamedQuery("getPoll", RoomPoll.class)
+				.setParameter(PARAM_ROOMID, roomId).getResultList());
 	}
 
 	public List<RoomPoll> get() {

diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/LdapConfigDao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/LdapConfigDao.java
@@ -18,6 +18,7 @@
  */
 package org.apache.openmeetings.db.dao.server;
 
+import static org.apache.openmeetings.db.util.DaoHelper.only;
 import static org.apache.openmeetings.db.util.DaoHelper.setLimits;
 
 import java.util.ArrayList;
@@ -60,9 +61,8 @@ public class LdapConfigDao implements IDataProviderDao<LdapConfig> {
 
 	@Override
 	public LdapConfig get(Long id) {
-		List<LdapConfig> list = em.createNamedQuery("getLdapConfigById", LdapConfig.class)
-				.setParameter("id", id).getResultList();
-		return list.size() == 1 ? list.get(0) : null;
+		return only(em.createNamedQuery("getLdapConfigById", LdapConfig.class)
+				.setParameter("id", id).getResultList());
 	}
 
 	public List<LdapConfig> getActive() {

diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/OAuth2Dao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/OAuth2Dao.java
@@ -18,14 +18,14 @@
  */
 package org.apache.openmeetings.db.dao.server;
 
+import static org.apache.openmeetings.db.util.DaoHelper.only;
 import static org.apache.openmeetings.db.util.DaoHelper.setLimits;
 import static org.apache.openmeetings.util.OpenmeetingsVariables.isAllowRegisterOauth;
 
 import java.util.List;
 
 import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
-import javax.persistence.TypedQuery;
 
 import org.apache.openmeetings.db.dao.IDataProviderDao;
 import org.apache.openmeetings.db.dao.basic.ConfigurationDao;
@@ -50,15 +50,14 @@ public List<OAuthServer> getActive() {
 		if (!isAllowRegisterOauth()) {
 			return List.of();
 		}
-		TypedQuery<OAuthServer> query = em.createNamedQuery("getEnabledOAuthServers", OAuthServer.class);
-		return query.getResultList();
+		return em.createNamedQuery("getEnabledOAuthServers", OAuthServer.class)
+				.getResultList();
 	}
 
 	@Override
 	public OAuthServer get(Long id) {
-		List<OAuthServer> list = em.createNamedQuery("getOAuthServerById", OAuthServer.class)
-				.setParameter("id", id).getResultList();
-		return list.size() == 1 ? list.get(0) : null;
+		return only(em.createNamedQuery("getOAuthServerById", OAuthServer.class)
+				.setParameter("id", id).getResultList());
 	}
 
 	@Override
@@ -74,8 +73,8 @@ public List<OAuthServer> get(String search, long start, long count, SortParam<St
 
 	@Override
 	public long count() {
-		TypedQuery<Long> q = em.createNamedQuery("countOAuthServers", Long.class);
-		return q.getSingleResult();
+		return em.createNamedQuery("countOAuthServers", Long.class)
+				.getSingleResult();
 	}
 
 	@Override

diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SOAPLoginDao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SOAPLoginDao.java
@@ -19,9 +19,9 @@
 package org.apache.openmeetings.db.dao.server;
 
 import static java.util.UUID.randomUUID;
+import static org.apache.openmeetings.db.util.DaoHelper.only;
 
 import java.util.Date;
-import java.util.List;
 
 import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
@@ -74,21 +74,17 @@ public SOAPLogin get(String hash) {
 		}
 		try {
 			//MSSql find nothing in case SID is passed as-is without wildcarting '%hash%'
-			List<SOAPLogin> sList = em.createNamedQuery("getSoapLoginByHash", SOAPLogin.class)
-					.setParameter("hash", String.format("%%%s%%", hash))
-					.getResultList();
+			SOAPLogin sl = only(em.createNamedQuery("getSoapLoginByHash", SOAPLogin.class)
+					.setParameter("hash", '%' + hash + '%')
+					.getResultList());
 
-			if (sList.size() == 1) {
-				SOAPLogin sl = sList.get(0);
+			if (sl != null) {
 				if (hash.equals(sl.getHash())) {
 					return sl;
 				} else {
 					log.error("[get]: Wrong SOAPLogin was found by hash! {}", hash);
 				}
 			}
-			if (sList.size() > 1) {
-				log.error("[get]: there are more then one SOAPLogin with identical hash! {}", hash);
-			}
 		} catch (Exception ex2) {
 			log.error("[get]: ", ex2);
 		}

diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/GroupDao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/GroupDao.java
@@ -19,6 +19,7 @@
 package org.apache.openmeetings.db.dao.user;
 
 import static org.apache.openmeetings.db.util.DaoHelper.getRoot;
+import static org.apache.openmeetings.db.util.DaoHelper.only;
 import static org.apache.openmeetings.db.util.DaoHelper.setLimits;
 
 import java.util.Collection;
@@ -49,9 +50,8 @@ public class GroupDao implements IGroupAdminDataProviderDao<Group> {
 
 	@Override
 	public Group get(Long id) {
-		List<Group> list = em.createNamedQuery("getGroupById", Group.class)
-				.setParameter("id", id).getResultList();
-		return list.size() == 1 ? list.get(0) : null;
+		return only(em.createNamedQuery("getGroupById", Group.class)
+				.setParameter("id", id).getResultList());
 	}
 
 	public Group get(String name) {

diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/PrivateMessageDao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/PrivateMessageDao.java
@@ -21,6 +21,7 @@
 import static org.apache.openmeetings.db.entity.user.PrivateMessage.INBOX_FOLDER_ID;
 import static org.apache.openmeetings.db.util.DaoHelper.UNSUPPORTED;
 import static org.apache.openmeetings.db.util.DaoHelper.getStringParam;
+import static org.apache.openmeetings.db.util.DaoHelper.only;
 import static org.apache.openmeetings.db.util.DaoHelper.setLimits;
 
 import java.util.Collection;
@@ -82,9 +83,8 @@ public List<PrivateMessage> get(long first, long count) {
 
 	@Override
 	public PrivateMessage get(Long id) {
-		List<PrivateMessage> list = em.createNamedQuery("getPrivateMessageById", PrivateMessage.class)
-				.setParameter("id", id).getResultList();
-		return list.size() == 1 ? list.get(0) : null;
+		return only(em.createNamedQuery("getPrivateMessageById", PrivateMessage.class)
+				.setParameter("id", id).getResultList());
 	}
 
 	@Override

diff --git a/...eetings-db/src/main/java/org/apache/openmeetings/db/dao/user/PrivateMessageFolderDao.java b/...eetings-db/src/main/java/org/apache/openmeetings/db/dao/user/PrivateMessageFolderDao.java
@@ -18,6 +18,7 @@
  */
 package org.apache.openmeetings.db.dao.user;
 
+import static org.apache.openmeetings.db.util.DaoHelper.only;
 import static org.apache.openmeetings.db.util.DaoHelper.UNSUPPORTED;
 import static org.apache.openmeetings.db.util.DaoHelper.setLimits;
 
@@ -66,17 +67,16 @@ public Long addPrivateMessageFolderObj(PrivateMessageFolder folder) {
 
 	@Override
 	public PrivateMessageFolder get(Long id) {
-		final String hql = "select c from PrivateMessageFolder c where c.id = :id ";
-
-		List<PrivateMessageFolder> list = em.createQuery(hql, PrivateMessageFolder.class)
-				.setParameter("id", id).getResultList();
-		return list.size() == 1 ? list.get(0) : null;
+		return only(em.createQuery("select c from PrivateMessageFolder c where c.id = :id "
+					, PrivateMessageFolder.class)
+				.setParameter("id", id).getResultList());
 	}
 
 	@Override
 	public List<PrivateMessageFolder> get(long start, long count) {
 		return setLimits(
-				em.createQuery("SELECT c FROM PrivateMessageFolder c ORDER BY c.id", PrivateMessageFolder.class)
+				em.createQuery("SELECT c FROM PrivateMessageFolder c ORDER BY c.id"
+					, PrivateMessageFolder.class)
 				, start, count)
 				.getResultList();
 	}

diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/UserContactDao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/UserContactDao.java
@@ -18,6 +18,7 @@
  */
 package org.apache.openmeetings.db.dao.user;
 
+import static org.apache.openmeetings.db.util.DaoHelper.only;
 import static org.apache.openmeetings.db.util.DaoHelper.setLimits;
 import static org.apache.openmeetings.util.OpenmeetingsVariables.PARAM_USER_ID;
 
@@ -78,12 +79,10 @@ public Integer deleteAllUserContacts(Long ownerId) {
 	}
 
 	public UserContact get(Long userId, Long ownerId) {
-		List<UserContact> ll = em.createNamedQuery("getContactByUserOwner", UserContact.class)
+		return only(em.createNamedQuery("getContactByUserOwner", UserContact.class)
 				.setParameter(PARAM_USER_ID, userId)
 				.setParameter(PARAM_OWNERID, ownerId)
-				.getResultList();
-		log.info("number of contacts:: {}", (ll == null ? null : ll.size()));
-		return ll != null && ll.size() == 1 ? ll.get(0) : null;
+				.getResultList());
 	}
 
 	public boolean isContact(Long userId, Long ownerId) {
@@ -118,9 +117,8 @@ public List<UserContact> getContactRequestsByUserAndStatus(Long userId, boolean
 	}
 
 	public UserContact get(Long id) {
-		List<UserContact> list = em.createNamedQuery("getUserContactsById", UserContact.class)
-				.setParameter("id", id).getResultList();
-		return list.size() == 1 ? list.get(0) : null;
+		return only(em.createNamedQuery("getUserContactsById", UserContact.class)
+				.setParameter("id", id).getResultList());
 	}
 
 	public List<UserContact> get() {