diff options
author | Leandro Alves <ldalves@gmail.com> | 2022-02-22 12:29:54 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-02-22 12:29:54 +0100 |
commit | 308218e756d66a43ec2aa9ae292f396d981c3e54 (patch) | |
tree | a49af4e26ef3e9c32027e7fe1939d80998f45d2e /controller-server/src/main/java/com/yahoo | |
parent | 09f20ffdb414e8575fb07c5efde2cab072f3614d (diff) | |
parent | c703543bec1e57cd785d825a8682520a736f5eaa (diff) |
Merge pull request #21305 from vespa-engine/ldalves/form-validation
add some fields validation for tenant info
Diffstat (limited to 'controller-server/src/main/java/com/yahoo')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java | 42 |
1 files changed, 36 insertions, 6 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index bcec7ca798d..6210241cc31 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -125,8 +125,10 @@ import javax.ws.rs.NotAuthorizedException; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.net.MalformedURLException; import java.net.URI; import java.net.URISyntaxException; +import java.net.URL; import java.security.DigestInputStream; import java.security.Principal; import java.security.PublicKey; @@ -501,7 +503,7 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { } private String getString(Inspector field, String defaultVale) { - return field.valid() ? field.asString() : defaultVale; + return field.valid() ? field.asString().trim() : defaultVale; } private SlimeJsonResponse updateTenantInfo(CloudTenant tenant, HttpRequest request) { @@ -521,15 +523,22 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { // Assert that we have a valid tenant info if (mergedInfo.contactName().isBlank()) { - return new MessageResponse(400, "'contactName' cannot be empty"); + throw new IllegalArgumentException("'contactName' cannot be empty"); } if (mergedInfo.contactEmail().isBlank()) { - return new MessageResponse(400, "'contactEmail' cannot be empty"); + throw new IllegalArgumentException("'contactEmail' cannot be empty"); } if (! mergedInfo.contactEmail().contains("@")) { // email address validation is notoriously hard - we should probably just try to send a // verification email to this address. checking for @ is a simple best-effort. - return new MessageResponse(400, "'contactEmail' needs to be an email address"); + throw new IllegalArgumentException("'contactEmail' needs to be an email address"); + } + if (! mergedInfo.website().isBlank()) { + try { + new URL(mergedInfo.website()); + } catch (MalformedURLException e) { + throw new IllegalArgumentException("'website' needs to be a valid address"); + } } // Store changes @@ -543,19 +552,39 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { private TenantInfoAddress updateTenantInfoAddress(Inspector insp, TenantInfoAddress oldAddress) { if (!insp.valid()) return oldAddress; - return TenantInfoAddress.EMPTY + TenantInfoAddress address = TenantInfoAddress.EMPTY .withCountry(getString(insp.field("country"), oldAddress.country())) .withStateRegionProvince(getString(insp.field("stateRegionProvince"), oldAddress.stateRegionProvince())) .withCity(getString(insp.field("city"), oldAddress.city())) .withPostalCodeOrZip(getString(insp.field("postalCodeOrZip"), oldAddress.postalCodeOrZip())) .withAddressLines(getString(insp.field("addressLines"), oldAddress.addressLines())); + + List<String> fields = List.of(address.addressLines(), + address.postalCodeOrZip(), + address.country(), + address.city(), + address.stateRegionProvince()); + + if (fields.stream().allMatch(String::isBlank) || fields.stream().noneMatch(String::isBlank)) + return address; + + throw new IllegalArgumentException("All address fields must be set"); } private TenantInfoBillingContact updateTenantInfoBillingContact(Inspector insp, TenantInfoBillingContact oldContact) { if (!insp.valid()) return oldContact; + + String email = getString(insp.field("email"), oldContact.email()); + + if (!email.isBlank() && !email.contains("@")) { + // email address validation is notoriously hard - we should probably just try to send a + // verification email to this address. checking for @ is a simple best-effort. + throw new IllegalArgumentException("'email' needs to be an email address"); + } + return TenantInfoBillingContact.EMPTY .withName(getString(insp.field("name"), oldContact.name())) - .withEmail(getString(insp.field("email"), oldContact.email())) + .withEmail(email) .withPhone(getString(insp.field("phone"), oldContact.phone())) .withAddress(updateTenantInfoAddress(insp.field("address"), oldContact.address())); } @@ -1834,6 +1863,7 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { /** Trigger deployment of the given Vespa version if a valid one is given, e.g., "7.8.9". */ private HttpResponse deployPlatform(String tenantName, String applicationName, String instanceName, boolean pin, HttpRequest request) { + String versionString = readToString(request.getData()); ApplicationId id = ApplicationId.from(tenantName, applicationName, instanceName); StringBuilder response = new StringBuilder(); |