Skip to content
Permalink
Browse files
fix(escape-special-characters): escape special characters in user rou…
…tes (DSP-1557) (#1902)

* feat(valueobjects): add user value objects

* feat(valueobjects): add user value objects

* example either usage

* create UserEntity to represent request payload for user creation

* add trait and inherit from it in value objects

* add unit tests for the creation of value objects

* add unittests for value objects

* refactor createNewUserADM

* reformat UsersRouteADM

* add docstrings to unit tests

* add e2e spec for handling special characters

* use value objects in update basic user information

* refactor update password with value objects

* add e2e tests for updating the user password

* refactor update user status

* refactor systemAdmin

* refactor project membership and add test

* remove log.debug statements from e2e tests

* remove unused code from e2e tests

* cleanup code

* cleanup code

* add tests

* add test

* add new client-test-data

* refactor change basic user information request

* update unit tests

* fix failed unit tests

* fix expected-client-test-data.txt

* add test to get user with special characters

* delete password information in debug log

* resolve merge conflicts

* Revert "Merge branch 'main' into wip/DSP-1557-escape-special-characters-in-user-routes"

This reverts commit 12c486a, reversing
changes made to e9d35b6.

* Revert "resolve merge conflicts"

This reverts commit 4cdefb7.

* resolve merge conflicts

* integrate changes from main

* rename userEntity

Co-authored-by: Ivan Subotic <400790+subotic@users.noreply.github.com>
  • Loading branch information
irinaschubert and subotic committed Sep 23, 2021
1 parent 862c69a commit 689d92ad076b84a544719c135e1b36bc78260309
Showing with 3,370 additions and 2,213 deletions.
  1. +2 −1 .gitignore
  2. +12 −0 webapi/scripts/expected-client-test-data.txt
  3. +1 −1 ...i/src/main/scala/org/knora/webapi/messages/admin/responder/groupsmessages/GroupsMessagesADM.scala
  4. +72 −0 webapi/src/main/scala/org/knora/webapi/messages/admin/responder/usersmessages/AdminEntities.scala
  5. +89 −104 webapi/src/main/scala/org/knora/webapi/messages/admin/responder/usersmessages/UsersMessagesADM.scala
  6. +146 −0 webapi/src/main/scala/org/knora/webapi/messages/admin/responder/usersmessages/ValueObjects.scala
  7. +1,510 −1,312 webapi/src/main/scala/org/knora/webapi/responders/admin/UsersResponderADM.scala
  8. +469 −324 webapi/src/main/scala/org/knora/webapi/routing/admin/UsersRouteADM.scala
  9. +0 −12 webapi/src/main/twirl/org/knora/webapi/messages/twirl/queries/sparql/admin/updateUser.scala.txt
  10. +85 −0 .../src/main/twirl/org/knora/webapi/messages/twirl/queries/sparql/admin/updateUserPassword.scala.txt
  11. +1 −1 webapi/src/test/scala/org/knora/webapi/e2e/admin/BUILD.bazel
  12. +399 −52 webapi/src/test/scala/org/knora/webapi/e2e/admin/UsersADME2ESpec.scala
  13. +2 −0 webapi/src/test/scala/org/knora/webapi/messages/admin/responder/usersmessages/BUILD.bazel
  14. +63 −105 ...src/test/scala/org/knora/webapi/messages/admin/responder/usersmessages/UsersMessagesADMSpec.scala
  15. +23 −0 webapi/src/test/scala/org/knora/webapi/messages/admin/responder/valueObjects/BUILD.bazel
  16. +230 −0 ...i/src/test/scala/org/knora/webapi/messages/admin/responder/valueObjects/ValueObjectsADMSpec.scala
  17. +266 −301 webapi/src/test/scala/org/knora/webapi/responders/admin/UsersResponderADMSpec.scala
@@ -57,5 +57,6 @@ dump.rdb
dependencies.txt
/client-test-data.zip
/db_staging_dump.trig
cleandeps.sh
/.vscode
/cleandeps.sh
/.metals
@@ -137,7 +137,11 @@ test-data/admin/users/
test-data/admin/users/add-user-to-group-response.json
test-data/admin/users/add-user-to-project-admin-group-response.json
test-data/admin/users/add-user-to-project-response.json
test-data/admin/users/create-user-request-duplicate-email.json
test-data/admin/users/create-user-request-duplicate-username.json
test-data/admin/users/create-user-request.json
test-data/admin/users/create-user-response-duplicate-email.json
test-data/admin/users/create-user-response-duplicate-username.json
test-data/admin/users/create-user-response.json
test-data/admin/users/create-user-with-custom-Iri-request.json
test-data/admin/users/create-user-with-custom-Iri-response.json
@@ -153,17 +157,25 @@ test-data/admin/users/get-user-response.json
test-data/admin/users/get-users-for-ProjectAdmin-response.json
test-data/admin/users/get-users-for-SystemAdmin-response.json
test-data/admin/users/get-users-response.json
test-data/admin/users/incomplete-update-user-password-request-2.json
test-data/admin/users/incomplete-update-user-password-request.json
test-data/admin/users/incomplete-update-user-password-response-2.json
test-data/admin/users/incomplete-update-user-password-response.json
test-data/admin/users/remove-user-from-group-response.json
test-data/admin/users/remove-user-from-project-admin-group-response.json
test-data/admin/users/remove-user-from-project-response.json
test-data/admin/users/update-user-password-request.json
test-data/admin/users/update-user-password-response.json
test-data/admin/users/update-user-request-without-iri.json
test-data/admin/users/update-user-request.json
test-data/admin/users/update-user-response-without-iri-1.json
test-data/admin/users/update-user-response-without-iri-2.json
test-data/admin/users/update-user-response.json
test-data/admin/users/update-user-status-request.json
test-data/admin/users/update-user-status-response.json
test-data/admin/users/update-user-system-admin-membership-request.json
test-data/admin/users/update-user-system-admin-membership-response.json
test-data/admin/users/user-already-member-of-project-response.json
test-data/system/
test-data/system/health/
test-data/system/health/maintenance-mode-response.json
@@ -89,7 +89,7 @@ case class ChangeGroupApiRequestADM(name: Option[String] = None,
if (parametersCount == 0) throw BadRequestException("No data sent in API request.")

/**
* check that only allowed information for the 2 cases is send and not more.
* check that only allowed information for the 2 cases is sent and not more.
*/
// change status case
if (status.isDefined) {
@@ -0,0 +1,72 @@
package org.knora.webapi.messages.admin.responder.usersmessages

import org.knora.webapi.IRI

sealed trait ValidationError
case object InvalidUsername extends ValidationError
case object InvalidEmail extends ValidationError
case object InvalidGivenOrFamilyName extends ValidationError
case object InvalidPassword extends ValidationError
case object InvalidLanguageCode extends ValidationError

trait UserCreatePayloadTraitADM {
def create(
id: Option[IRI],
username: Username,
email: Email,
givenName: GivenName,
familyName: FamilyName,
password: Password,
status: Status,
lang: LanguageCode,
systemAdmin: SystemAdmin
): UserCreatePayloadADM
}

/**
* User entity representing the payload for the create user request
*/
sealed abstract case class UserCreatePayloadADM(
id: Option[IRI],
username: Option[Username],
email: Option[Email],
givenName: Option[GivenName],
familyName: Option[FamilyName],
password: Option[Password],
status: Option[Status],
lang: Option[LanguageCode],
projects: Option[Seq[IRI]],
projectsAdmin: Option[Seq[IRI]],
groups: Option[Seq[IRI]],
systemAdmin: Option[SystemAdmin]
)

object UserCreatePayloadADM extends UserCreatePayloadTraitADM {

/** The create constructor needs all attributes but id which is optional */
override def create(
id: Option[IRI] = None,
username: Username,
email: Email,
givenName: GivenName,
familyName: FamilyName,
password: Password,
status: Status,
lang: LanguageCode,
systemAdmin: SystemAdmin
): UserCreatePayloadADM =
new UserCreatePayloadADM(
id = id,
username = Some(username),
email = Some(email),
givenName = Some(givenName),
familyName = Some(familyName),
password = Some(password),
status = Some(status),
lang = Some(lang),
projects = None,
projectsAdmin = None,
groups = None,
systemAdmin = Some(systemAdmin)
) {}
}

0 comments on commit 689d92a

Please sign in to comment.