fix: use apache email validator

https://zanata.atlassian.net/browse/ZNTA-1375
zanata · Jan 9, 2018 · d688311 · d688311
1 parent 05e00bb
commit d688311
Show file tree

Hide file tree

Showing 10 changed files with 191 additions and 10 deletions.
diff --git a/server/pom.xml b/server/pom.xml
@@ -156,6 +156,18 @@
         <version>1.1</version>
       </dependency>
 
+      <dependency>
+        <groupId>commons-validator</groupId>
+        <artifactId>commons-validator</artifactId>
+        <version>1.6</version>
+        <exclusions>
+          <exclusion>
+            <groupId>commons-logging</groupId>
+            <artifactId>commons-logging</artifactId>
+          </exclusion>
+        </exclusions>
+      </dependency>
+
       <!-- See https://issues.jboss.org/browse/WFK2-674
  For some warnings in the console. It happens when deltaspike-jsf
  doesn't run against jsf 2.1 (eap) -->

diff --git a/server/services/src/main/java/org/zanata/action/HasUserDetail.java b/server/services/src/main/java/org/zanata/action/HasUserDetail.java
@@ -23,15 +23,15 @@
 import javax.validation.constraints.Pattern;
 import javax.validation.constraints.Size;
 
-import org.hibernate.validator.constraints.Email;
 import org.hibernate.validator.constraints.NotEmpty;
 import org.zanata.model.validator.EmailDomain;
+import org.zanata.model.validator.ZanataEmail;
 
 public interface HasUserDetail {
     String USERNAME_REGEX = "^([a-z\\d][a-z\\d_]*){3,20}$";
     int USERNAME_MAX_LENGTH = 20;
 
-    @Email
+    @ZanataEmail
     @NotEmpty
     @EmailDomain
     String getEmail();

diff --git a/server/services/src/main/java/org/zanata/action/InactiveAccountAction.java b/server/services/src/main/java/org/zanata/action/InactiveAccountAction.java
@@ -3,7 +3,6 @@
 import java.io.Serializable;
 import java.util.Date;
 import org.apache.commons.lang3.StringUtils;
-import org.hibernate.validator.constraints.Email;
 import javax.annotation.PostConstruct;
 import javax.enterprise.inject.Model;
 import javax.faces.bean.ViewScoped;
@@ -20,6 +19,7 @@
 import org.zanata.model.HAccountActivationKey;
 import org.zanata.model.HPerson;
 import org.zanata.model.validator.EmailDomain;
+import org.zanata.model.validator.ZanataEmail;
 import org.zanata.security.AuthenticationManager;
 import org.zanata.security.AuthenticationType;
 import org.zanata.security.ZanataCredentials;
@@ -51,7 +51,7 @@ public class InactiveAccountAction implements Serializable {
     private AccountActivationKeyDAO accountActivationKeyDAO;
     @Inject
     private AuthenticationManager authenticationManager;
-    @Email
+    @ZanataEmail
     @NotDuplicateEmail(message = "This email address is already taken.")
     @EmailDomain
     private String email;

diff --git a/server/services/src/main/java/org/zanata/action/ServerConfigurationBean.java b/server/services/src/main/java/org/zanata/action/ServerConfigurationBean.java
@@ -31,13 +31,13 @@
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import org.apache.commons.beanutils.BeanUtils;
-import org.hibernate.validator.constraints.Email;
 import javax.annotation.PostConstruct;
 import javax.inject.Inject;
 import javax.inject.Named;
 import javax.validation.constraints.Pattern;
 import org.apache.deltaspike.jpa.api.transaction.Transactional;
 import org.zanata.action.validator.DomainList;
+import org.zanata.model.validator.ZanataEmail;
 import org.zanata.security.annotations.CheckRole;
 import org.zanata.ApplicationConfiguration;
 import org.zanata.action.validator.EmailList;
@@ -78,7 +78,7 @@ public class ServerConfigurationBean implements Serializable {
     private String emailDomain;
     @EmailList
     private String adminEmail;
-    @Email
+    @ZanataEmail
     private String fromEmailAddr;
     @SuppressFBWarnings(value = "SE_BAD_FIELD")
     private PropertyWithKey<String> fromEmailAddrProperty =

diff --git a/server/services/src/main/java/org/zanata/action/UserSettingsAction.java b/server/services/src/main/java/org/zanata/action/UserSettingsAction.java
@@ -32,7 +32,6 @@
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import org.apache.commons.text.StringEscapeUtils;
-import org.hibernate.validator.constraints.Email;
 import org.hibernate.validator.constraints.NotEmpty;
 import javax.annotation.PostConstruct;
 import javax.inject.Inject;
@@ -48,6 +47,7 @@
 import org.zanata.model.security.HCredentials;
 import org.zanata.model.security.HOpenIdCredentials;
 import org.zanata.model.validator.EmailDomain;
+import org.zanata.model.validator.ZanataEmail;
 import org.zanata.seam.security.AbstractRunAsOperation;
 import org.zanata.security.AuthenticationManager;
 import org.zanata.seam.security.IdentityManager;
@@ -106,7 +106,7 @@ public class UserSettingsAction implements Serializable {
     @Inject
     @Authenticated
     HAccount authenticatedAccount;
-    @Email
+    @ZanataEmail
     @NotEmpty
     @EmailDomain
     private String emailAddress;

diff --git a/server/services/src/main/java/org/zanata/action/validator/EmailListValidator.java b/server/services/src/main/java/org/zanata/action/validator/EmailListValidator.java
@@ -30,7 +30,8 @@
 import javax.validation.Validator;
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
-import org.hibernate.validator.constraints.Email;
+import org.zanata.model.validator.ZanataEmail;
+import org.zanata.model.validator.ZanataEmailValidator;
 
 @ApplicationScoped
 public class EmailListValidator implements
@@ -41,11 +42,15 @@ public class EmailListValidator implements
     @Inject
     private Validator validator;
 
+    private final ZanataEmailValidator zanataEmailValidator =
+            new ZanataEmailValidator();
+
     private static class EmailHolder {
         EmailHolder(String email) {
             this.email = email;
         }
-        final @Email String email;
+        final @ZanataEmail
+        String email;
     }
 
     @Override
@@ -57,6 +62,10 @@ public boolean isValid(String s, ConstraintValidatorContext context) {
         // trim still required to prevent leading whitespace invalidating the
         // first email address
         for (String email : s.trim().split("\\s*,\\s*")) {
+            if (!zanataEmailValidator.isValid(email, context)) {
+                return false;
+            }
+
             Set<?> violations = validator.validate(new EmailHolder(email));
             if (!violations.isEmpty()) {
                 return false;

diff --git a/server/zanata-model/pom.xml b/server/zanata-model/pom.xml
@@ -241,6 +241,11 @@
       <artifactId>commons-text</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>commons-validator</groupId>
+      <artifactId>commons-validator</artifactId>
+    </dependency>
+
     <dependency>
       <groupId>javax.enterprise</groupId>
       <artifactId>cdi-api</artifactId>

diff --git a/server/zanata-model/src/main/java/org/zanata/model/validator/ZanataEmail.java b/server/zanata-model/src/main/java/org/zanata/model/validator/ZanataEmail.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2018, Red Hat, Inc. and individual contributors
+ *  as indicated by the @author tags. See the copyright.txt file in the
+ *  distribution for a full listing of individual contributors.
+ *
+ *  This is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU Lesser General Public License as
+ *  published by the Free Software Foundation; either version 2.1 of
+ *  the License, or (at your option) any later version.
+ *
+ *  This software is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this software; if not, write to the Free
+ *  Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ *  02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.zanata.model.validator;
+
+import javax.validation.Constraint;
+import javax.validation.Payload;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+@Constraint(validatedBy = { ZanataEmailValidator.class })
+@Target({ METHOD, FIELD })
+@Retention(RUNTIME)
+public @interface ZanataEmail {
+    Class<?>[] groups() default {};
+
+    String message() default "{org.hibernate.validator.constraints.Email.message}";
+
+    Class<? extends Payload>[] payload() default {};
+}
diff --git a/server/zanata-model/src/main/java/org/zanata/model/validator/ZanataEmailValidator.java b/server/zanata-model/src/main/java/org/zanata/model/validator/ZanataEmailValidator.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2018, Red Hat, Inc. and individual contributors
+ *  as indicated by the @author tags. See the copyright.txt file in the
+ *  distribution for a full listing of individual contributors.
+ *
+ *  This is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU Lesser General Public License as
+ *  published by the Free Software Foundation; either version 2.1 of
+ *  the License, or (at your option) any later version.
+ *
+ *  This software is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this software; if not, write to the Free
+ *  Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ *  02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.zanata.model.validator;
+
+import org.apache.commons.validator.routines.EmailValidator;
+
+import javax.validation.ConstraintValidator;
+import javax.validation.ConstraintValidatorContext;
+import java.io.Serializable;
+
+public class ZanataEmailValidator implements
+        ConstraintValidator<ZanataEmail, String>, Serializable {
+    private static final long serialVersionUID = 1L;
+
+    // allowed by hibernate validator
+    private static final boolean allowTLD = true;
+
+    // allowed by hibernate validator
+    private static final boolean allowLocale = true;
+
+    private static final EmailValidator VALIDATOR =
+            EmailValidator.getInstance(allowLocale, allowTLD);
+
+
+    @Override
+    public void initialize(ZanataEmail zanataEmail) {
+
+    }
+
+    @Override
+    public boolean isValid(String string,
+            ConstraintValidatorContext constraintValidatorContext) {
+        return VALIDATOR.isValid(string);
+    }
+}
diff --git a/server/zanata-model/src/test/java/org/zanata/model/validator/ZanataEmailValidatorTest.java b/server/zanata-model/src/test/java/org/zanata/model/validator/ZanataEmailValidatorTest.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2018, Red Hat, Inc. and individual contributors
+ *  as indicated by the @author tags. See the copyright.txt file in the
+ *  distribution for a full listing of individual contributors.
+ *
+ *  This is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU Lesser General Public License as
+ *  published by the Free Software Foundation; either version 2.1 of
+ *  the License, or (at your option) any later version.
+ *
+ *  This software is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this software; if not, write to the Free
+ *  Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ *  02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.zanata.model.validator;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+
+import javax.validation.ConstraintValidatorContext;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Alex Eng <a href="mailto:aeng@redhat.com">aeng@redhat.com</a>
+ **/
+public class ZanataEmailValidatorTest {
+    private ZanataEmailValidator validator;
+    @Mock
+    private ConstraintValidatorContext context;
+
+    @Before
+    public void setUp() {
+        validator = new ZanataEmailValidator();
+    }
+
+    @Test
+    public void testEmail() {
+        assertThat(validator.isValid(null, context)).isFalse();
+        assertThat(validator.isValid(" ", context)).isFalse();
+        assertThat(validator.isValid(".", context)).isFalse();
+        assertThat(validator.isValid("test@zanata+", context)).isFalse();
+        assertThat(validator.isValid("test@zanata.", context)).isFalse();
+        assertThat(validator.isValid("test@zanata-", context)).isFalse();
+        assertThat(validator.isValid("test", context)).isFalse();
+        assertThat(validator.isValid("test@", context)).isFalse();
+        assertThat(validator.isValid("test@0.0.0.0", context)).isFalse();
+        assertThat(validator.isValid("@zanata", context)).isFalse();
+
+        assertThat(validator.isValid("test@zanata", context)).isTrue();
+        assertThat(validator.isValid("test@zanata.org", context)).isTrue();
+    }
+}