X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-os%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FAppsOSController.java;h=a64b02993b1e82d9db57a9011f2582f3c2f62ac4;hb=d856cbc5d725836a07776b0f20f06bbbda7b5412;hp=b1154aa3e2399d1d5731a7c1272b568f8d188ce3;hpb=510f243992dc434f51178d1797a8045de839c25f;p=portal.git diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java index b1154aa3..a64b0299 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java @@ -39,12 +39,7 @@ package org.onap.portalapp.portal.controller; import java.util.HashMap; import java.util.Map; -import java.util.Set; import javax.servlet.http.HttpServletRequest; -import javax.validation.ConstraintViolation; -import javax.validation.Validation; -import javax.validation.Validator; -import javax.validation.ValidatorFactory; import org.json.JSONObject; import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; @@ -52,6 +47,7 @@ import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; import org.onap.portalapp.portal.logging.aop.EPAuditLog; import org.onap.portalapp.portal.service.UserService; import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.validation.DataValidator; import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.beans.factory.annotation.Autowired; @@ -60,6 +56,8 @@ import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; import lombok.NoArgsConstructor; @@ -70,7 +68,7 @@ import lombok.NoArgsConstructor; @EPAuditLog @NoArgsConstructor public class AppsOSController extends AppsController { - private static final ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory(); + private final DataValidator dataValidator = new DataValidator(); private static final String FAILURE = "failure"; private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class); @@ -84,13 +82,16 @@ public class AppsOSController extends AppsController { * @param contactUs * @return */ - @RequestMapping(value = "/portalApi/saveNewUser", method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = "/portalApi/saveNewUser", produces = "application/json") public PortalRestResponse saveNewUser(HttpServletRequest request, @RequestBody EPUser newUser) { EPUser user = EPUserUtils.getUserSession(request); if (newUser == null) return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, "New User cannot be null or empty"); - + if (!dataValidator.isValid(newUser)) { + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, + "New User is not safe html"); + } if (!(super.getAdminRolesService().isSuperAdmin(user) || super.getAdminRolesService().isAccountAdmin(user)) && !user.getLoginId().equalsIgnoreCase(newUser.getLoginId())) { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, @@ -108,16 +109,12 @@ public class AppsOSController extends AppsController { return new PortalRestResponse<>(PortalRestStatusEnum.OK, saveNewUser, ""); } - @RequestMapping(value = { "/portalApi/currentUserProfile/{loginId}" }, method = RequestMethod.GET, + @GetMapping(value = { "/portalApi/currentUserProfile/{loginId}" }, produces = "application/json") public String getCurrentUserProfile(HttpServletRequest request, @PathVariable("loginId") String loginId) { if (loginId != null) { - Validator validator = validatorFactory.getValidator(); - SecureString secureString = new SecureString(loginId); - Set> constraintViolations = validator.validate(secureString); - - if (!constraintViolations.isEmpty()) { + if (!dataValidator.isValid(new SecureString(loginId))) { return "loginId is not valid"; } }