From 4776f80be40543cdca90e26fde54d46f11409b64 Mon Sep 17 00:00:00 2001 From: Rakib Ansary Date: Mon, 27 Jul 2020 21:23:39 +0600 Subject: [PATCH 1/3] Fixes u-bahn-app #295: unescaping URI encoded querystring and no longer filters out non-alphanumeric text from search keyword --- src/common/es-helper.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/common/es-helper.js b/src/common/es-helper.js index 070739c..5e9cb09 100644 --- a/src/common/es-helper.js +++ b/src/common/es-helper.js @@ -1,5 +1,6 @@ const config = require('config') const _ = require('lodash') +const querystring = require('querystring') const logger = require('../common/logger') const groupApi = require('./group-api') const appConst = require('../consts') @@ -735,7 +736,7 @@ function buildEsQueryToGetAttributeValues (attributeId, attributeValue, size) { values: { terms: { field: USER_ATTRIBUTE.esDocumentValueQuery, - include: `.*${attributeValue.replace(/[A-Za-z]/g, c => `[${c.toLowerCase()}${c.toUpperCase()}]`)}.*`, + include: `.*${attributeValue.replace(/[^a-zA-Z]+/gi, c => `[${c}]`).replace(/[A-Za-z]/g, c => `[${c.toLowerCase()}${c.toUpperCase()}]`)}.*`, order: { _key: 'asc' }, @@ -1175,6 +1176,7 @@ async function searchUsers (authUser, filter, params) { const authUserOrganizationId = filter.organizationId const filterKey = Object.keys(userFilters) + for (const key of filterKey) { const resolved = await resolveUserFilterFromDb(userFilters[key], authUser, authUserOrganizationId) resolvedUserFilters.push(resolved) @@ -1257,11 +1259,11 @@ async function searchUsers (authUser, filter, params) { * @param {Object} param0 The attribute id and the attribute value properties */ async function searchAttributeValues ({ attributeId, attributeValue }) { - const esQuery = buildEsQueryToGetAttributeValues(attributeId, attributeValue, 5) + const esQuery = buildEsQueryToGetAttributeValues(attributeId, querystring.unescape(attributeValue), 5) logger.debug(`ES query for searching attribute values: ${JSON.stringify(esQuery, null, 2)}`) const esResult = await esClient.search(esQuery) - + logger.debug(`ES Result: ${JSON.stringify(esResult, null, 2)}`) const result = [] const attributes = esResult.aggregations.attributes.ids.buckets From 1b8174d4110382b9dc278b83c71b549599e51373 Mon Sep 17 00:00:00 2001 From: Rakib Ansary Date: Mon, 27 Jul 2020 21:25:25 +0600 Subject: [PATCH 2/3] Fixes u-bahn-app #295: unescaping URI encoded querystring and no longer filters out non-alphanumeric text from search keyword --- src/common/es-helper.js | 1 - 1 file changed, 1 deletion(-) diff --git a/src/common/es-helper.js b/src/common/es-helper.js index 5e9cb09..3b6e932 100644 --- a/src/common/es-helper.js +++ b/src/common/es-helper.js @@ -1263,7 +1263,6 @@ async function searchAttributeValues ({ attributeId, attributeValue }) { logger.debug(`ES query for searching attribute values: ${JSON.stringify(esQuery, null, 2)}`) const esResult = await esClient.search(esQuery) - logger.debug(`ES Result: ${JSON.stringify(esResult, null, 2)}`) const result = [] const attributes = esResult.aggregations.attributes.ids.buckets From 2853a7a6899e44b8c3598b1835804155fc8f62c8 Mon Sep 17 00:00:00 2001 From: Rakib Ansary Date: Mon, 27 Jul 2020 22:09:51 +0600 Subject: [PATCH 3/3] Escape reserved regex characters. Fixes #295 --- src/common/es-helper.js | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/common/es-helper.js b/src/common/es-helper.js index 3b6e932..86dd667 100644 --- a/src/common/es-helper.js +++ b/src/common/es-helper.js @@ -706,6 +706,15 @@ function buildEsQueryFromFilter (filter) { return setFilterValueToEsQuery(esQuery, matchField, filter.value, filter.queryField) } +/** + * Returns if char is one of the reserved regex characters + * @param {*} char the char to check + */ +function isRegexReserved (char) { + const reserved = '[^$.|?*+(){}\\' + return reserved.indexOf(char) !== -1 +} + /** * Build ES Query to get attribute values by attributeId * @param attributeId the attribute whose values to fetch @@ -736,7 +745,7 @@ function buildEsQueryToGetAttributeValues (attributeId, attributeValue, size) { values: { terms: { field: USER_ATTRIBUTE.esDocumentValueQuery, - include: `.*${attributeValue.replace(/[^a-zA-Z]+/gi, c => `[${c}]`).replace(/[A-Za-z]/g, c => `[${c.toLowerCase()}${c.toUpperCase()}]`)}.*`, + include: `.*${attributeValue.replace(/[^a-zA-Z]/g, c => `[${!isRegexReserved(c) ? c : '\\' + c}]`).replace(/[A-Za-z]/g, c => `[${c.toLowerCase()}${c.toUpperCase()}]`)}.*`, order: { _key: 'asc' }, @@ -1263,6 +1272,7 @@ async function searchAttributeValues ({ attributeId, attributeValue }) { logger.debug(`ES query for searching attribute values: ${JSON.stringify(esQuery, null, 2)}`) const esResult = await esClient.search(esQuery) + logger.debug(`ES Result: ${JSON.stringify(esResult, null, 2)}`) const result = [] const attributes = esResult.aggregations.attributes.ids.buckets