From 645fc43136ab2eb2cfee7d2f04e38dcc9aaf4df0 Mon Sep 17 00:00:00 2001 From: MalshaPiumini Date: Thu, 18 Mar 2021 17:20:30 +0530 Subject: [PATCH] Added validations --- .../common/services/SubscriptionManager.java | 1 - .../impl/SubscriptionManagementAPIImpl.java | 26 +---- .../SubscriptionManagementAdminAPIImpl.java | 43 +------- .../impl/util/RequestValidationUtil.java | 102 ++++++++++++++++++ .../mgt/store/api/util/Constants.java | 101 +++++++++++++++++ 5 files changed, 211 insertions(+), 62 deletions(-) create mode 100644 components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/impl/util/RequestValidationUtil.java create mode 100644 components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/util/Constants.java diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.common/src/main/java/org/wso2/carbon/device/application/mgt/common/services/SubscriptionManager.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.common/src/main/java/org/wso2/carbon/device/application/mgt/common/services/SubscriptionManager.java index 5951433c14..12ca873701 100644 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.common/src/main/java/org/wso2/carbon/device/application/mgt/common/services/SubscriptionManager.java +++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.common/src/main/java/org/wso2/carbon/device/application/mgt/common/services/SubscriptionManager.java @@ -129,7 +129,6 @@ public interface SubscriptionManager { * * @param appUUID UUID of the application release. * @param request paginated request object. - * @param status status of the devices. * @return deviceDetails - device details for given application release. * @throws {@link ApplicationManagementException} Exception of the application management */ diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/impl/SubscriptionManagementAPIImpl.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/impl/SubscriptionManagementAPIImpl.java index 820e6bcd5c..ff6144dcb5 100644 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/impl/SubscriptionManagementAPIImpl.java +++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/impl/SubscriptionManagementAPIImpl.java @@ -33,6 +33,7 @@ import org.wso2.carbon.device.application.mgt.common.BasicUserInfo; import org.wso2.carbon.device.application.mgt.common.BasicUserInfoList; import org.wso2.carbon.device.application.mgt.common.RoleList; import org.wso2.carbon.device.application.mgt.common.DeviceGroupList; +import org.wso2.carbon.device.application.mgt.store.api.services.impl.util.RequestValidationUtil; import org.wso2.carbon.device.mgt.common.PaginationRequest; import org.wso2.carbon.device.mgt.common.PaginationResult; import org.wso2.carbon.device.application.mgt.core.exception.BadRequestException; @@ -293,6 +294,7 @@ public class SubscriptionManagementAPIImpl implements SubscriptionManagementAPI{ request.setOwner(user); } if (ownership != null && !ownership.isEmpty()) { + RequestValidationUtil.validateOwnershipType(ownership); request.setOwnership(ownership); } if (status != null && !status.isEmpty()) { @@ -304,26 +306,7 @@ public class SubscriptionManagementAPIImpl implements SubscriptionManagementAPI{ } } if (!isStatusEmpty) { - for (String status_ : status) { - switch (status_) { - case "ACTIVE": - case "INACTIVE": - case "UNCLAIMED": - case "UNREACHABLE": - case "SUSPENDED": - case "DISENROLLMENT_REQUESTED": - case "REMOVED": - case "BLOCKED": - case "CREATED": - break; - default: - String msg = "Invalid enrollment status type: " + status_ + ". \nValid status types are " + - "ACTIVE | INACTIVE | UNCLAIMED | UNREACHABLE | SUSPENDED | " + - "DISENROLLMENT_REQUESTED | REMOVED | BLOCKED | CREATED"; - log.error(msg); - return Response.status(Response.Status.BAD_REQUEST).entity(msg).build(); - } - } + RequestValidationUtil.validateStatus(status); request.setStatusList(status); } } @@ -337,8 +320,7 @@ public class SubscriptionManagementAPIImpl implements SubscriptionManagementAPI{ log.error(msg, e); return Response.status(Response.Status.NOT_FOUND).entity(msg).build(); } catch (BadRequestException e) { - String msg = "Found invalid payload for getting application which has UUID: " + uuid - + ". Hence verify the payload"; + String msg = "User requested details are not valid"; log.error(msg, e); return Response.status(Response.Status.BAD_REQUEST).entity(msg).build(); } catch (ForbiddenException e) { diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/impl/admin/SubscriptionManagementAdminAPIImpl.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/impl/admin/SubscriptionManagementAdminAPIImpl.java index 5536fc46d8..4474ddaa81 100644 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/impl/admin/SubscriptionManagementAdminAPIImpl.java +++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/impl/admin/SubscriptionManagementAdminAPIImpl.java @@ -29,6 +29,7 @@ import org.wso2.carbon.device.application.mgt.core.exception.BadRequestException import org.wso2.carbon.device.application.mgt.core.exception.NotFoundException; import org.wso2.carbon.device.application.mgt.core.util.APIUtil; import org.wso2.carbon.device.application.mgt.store.api.services.admin.SubscriptionManagementAdminAPI; +import org.wso2.carbon.device.application.mgt.store.api.services.impl.util.RequestValidationUtil; import org.wso2.carbon.device.mgt.common.PaginationRequest; import org.wso2.carbon.device.mgt.common.PaginationResult; @@ -84,50 +85,15 @@ public class SubscriptionManagementAdminAPIImpl implements SubscriptionManagemen } } if (!isStatusEmpty) { - for (String status_ : status) { - switch (status_) { - case "ACTIVE": - case "INACTIVE": - case "UNCLAIMED": - case "UNREACHABLE": - case "SUSPENDED": - case "DISENROLLMENT_REQUESTED": - case "REMOVED": - case "BLOCKED": - case "CREATED": - break; - default: - String msg = "Invalid enrollment status type: " + status_ + ". \nValid status types " + - "are ACTIVE | INACTIVE | UNCLAIMED | UNREACHABLE | SUSPENDED | " + - "DISENROLLMENT_REQUESTED | REMOVED | BLOCKED | CREATED"; - log.error(msg); - return Response.status(Response.Status.BAD_REQUEST).entity(msg).build(); - } - } + RequestValidationUtil.validateStatus(status); request.setStatusList(status); } } - if (actionStatus != null && !actionStatus.isEmpty()) { if (StringUtils.isNotBlank(actionStatus)) { - switch (actionStatus) { - case "PENDING": - case "ERROR": - case "IN_PROGRESS": - case "NOTNOW": - case "COMPLETED": - case "REPEATED": - break; - default: - String msg = "Invalid enrollment action status type: " + actionStatus + ". " + - "\nValid action status types are PENDING | ERROR | IN_PROGRESS | NOTNOW | " + - "COMPLETED | REPEATED"; - log.error(msg); - return Response.status(Response.Status.BAD_REQUEST).entity(msg).build(); - } + RequestValidationUtil.validateStatusFiltering(actionStatus); } } - SubscriptionManager subscriptionManager = APIUtil.getSubscriptionManager(); PaginationResult subscriptionData = subscriptionManager.getAppSubscriptionDetails (request, uuid, actionStatus); @@ -137,8 +103,7 @@ public class SubscriptionManagementAdminAPIImpl implements SubscriptionManagemen log.error(msg, e); return Response.status(Response.Status.NOT_FOUND).entity(msg).build(); } catch (BadRequestException e) { - String msg = "Found invalid payload for getting application which has UUID: " + uuid - + ". Hence verify the payload"; + String msg = "User requested details are not valid"; log.error(msg, e); return Response.status(Response.Status.BAD_REQUEST).entity(msg).build(); } catch (ApplicationManagementException e) { diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/impl/util/RequestValidationUtil.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/impl/util/RequestValidationUtil.java new file mode 100644 index 0000000000..f557579c77 --- /dev/null +++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/services/impl/util/RequestValidationUtil.java @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.wso2.carbon.device.application.mgt.store.api.services.impl.util; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.device.application.mgt.core.exception.BadRequestException; +import org.wso2.carbon.device.application.mgt.store.api.util.Constants; + +import java.util.List; + +public class RequestValidationUtil { + + private static final Log log = LogFactory.getLog(RequestValidationUtil.class); + + /** + * Checks if user requested status codes are valid. + * + * @param statusList status codes upon to filter operation logs using status + */ + public static void validateStatus(List statusList) throws BadRequestException { + for (String status : statusList) { + switch (status) { + case "ACTIVE": + case "INACTIVE": + case "UNCLAIMED": + case "UNREACHABLE": + case "SUSPENDED": + case "DISENROLLMENT_REQUESTED": + case "REMOVED": + case "BLOCKED": + case "CREATED": + break; + default: + String msg = "Invalid enrollment status type: " + status + ". \nValid status types " + + "are ACTIVE | INACTIVE | UNCLAIMED | UNREACHABLE | SUSPENDED | " + + "DISENROLLMENT_REQUESTED | REMOVED | BLOCKED | CREATED"; + log.error(msg); + throw new BadRequestException(msg); + } + } + } + + /** + * Checks if user requested ownerships are valid. + * + * @param ownership ownerships upon to filter devices using ownership + */ + public static void validateOwnershipType(String ownership) throws BadRequestException { + switch (ownership) { + case "BYOD": + case "COPE": + case "WORK_PROFILE": + case "GOOGLE_ENTERPRISE": + case "COSU": + case "FULLY_MANAGED": + case "DEDICATED_DEVICE": + break; + default: + String msg = "Invalid ownership type received.Valid ownership types are BYOD | COPE | WORK_PROFILE |" + + "GOOGLE_ENTERPRISE | COSU | FULLY_MANAGED | DEDICATED_DEVICE"; + log.error(msg); + throw new BadRequestException(msg); + } + } + + /** + * Checks if user requested Action status codes are valid. + * + * @param status status codes upon to filter operation logs using status + */ + public static void validateStatusFiltering(String status) throws BadRequestException { + if (Constants.OperationStatus.COMPLETED.toUpperCase().equals(status) + || Constants.OperationStatus.ERROR.toUpperCase().equals(status) + || Constants.OperationStatus.NOTNOW.toUpperCase().equals(status) + || Constants.OperationStatus.REPEATED.toUpperCase().equals(status) + || Constants.OperationStatus.PENDING.toUpperCase().equals(status) + || Constants.OperationStatus.IN_PROGRESS.toUpperCase().equals(status)) { + } else { + String msg = "Invalid status type: " + status + ". \nValid status types are COMPLETED | ERROR | " + + "IN_PROGRESS | NOTNOW | PENDING | REPEATED"; + log.error(msg); + throw new BadRequestException(msg); + } + } +} diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/util/Constants.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/util/Constants.java new file mode 100644 index 0000000000..a78c16077f --- /dev/null +++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.store.api/src/main/java/org/wso2/carbon/device/application/mgt/store/api/util/Constants.java @@ -0,0 +1,101 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + * Copyright (c) 2019, Entgra (pvt) Ltd. (http://entgra.io) All Rights Reserved. + * + * Entgra (pvt) Ltd. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.device.application.mgt.store.api.util; + +/** + * Holds the constants used by DeviceImpl Management Admin web application. + */ +public class Constants { + + public static final String USER_CLAIM_EMAIL_ADDRESS = "http://wso2.org/claims/emailaddress"; + public static final String USER_CLAIM_FIRST_NAME = "http://wso2.org/claims/givenname"; + public static final String USER_CLAIM_LAST_NAME = "http://wso2.org/claims/lastname"; + public static final String USER_CLAIM_CREATED = "http://wso2.org/claims/created"; + public static final String USER_CLAIM_MODIFIED = "http://wso2.org/claims/modified"; + public static final String USER_CLAIM_DEVICES = "http://wso2.org/claims/devices"; + public static final String PRIMARY_USER_STORE = "PRIMARY"; + public static final String DEFAULT_STREAM_VERSION = "1.0.0"; + public static final String SCOPE = "scope"; + public static final String JDBC_USERSTOREMANAGER = "org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"; + public static final String DEFAULT_SIMPLE_DATE_FORMAT = "EEE, d MMM yyyy HH:mm:ss Z"; + public static final int DEFAULT_PAGE_LIMIT = 50; + public static final String FORWARD_SLASH = "/"; + public static final String ANDROID = "android"; + public static final String ANDROID_POLICY_VALIDATOR = "io.entgra.proprietary.platform.android." + + "core.polcy.AndroidPolicyPayloadValidator"; + public static final String IOS = "ios"; + public static final String WINDOWS = "windows"; + + + public final class OperationStatus { + private OperationStatus () { throw new AssertionError(); } + public static final String COMPLETED = "completed"; + public static final String ERROR = "error"; + public static final String IN_PROGRESS = "in_progress"; + public static final String PENDING = "pending"; + public static final String NOTNOW = "notnow"; + public static final String REPEATED = "repeated"; + } + public static final String DEVICES = "devices"; + public static final String ATTRIBUTE_DISPLAY_NAME = "DisplayName"; + public static final String ATTRIBUTE_DESCRIPTION = "Description"; + public static final String EXTERNAL_DEVICE_CLAIM_DISPLAY_NAME = "Devices"; + public static final String EXTERNAL_DEVICE_CLAIM_DESCRIPTION = "Device list"; + + public final class ErrorMessages { + private ErrorMessages () { throw new AssertionError(); } + + public static final String STATUS_BAD_REQUEST_MESSAGE_DEFAULT = "Bad Request"; + + } + + public final class DeviceConstants { + private DeviceConstants () { throw new AssertionError(); } + + public static final String APPLICATION_JSON = "application/json"; + public static final String HEADER_CONTENT_TYPE = "Content-Type"; + } + + public final class Permission { + private Permission() { throw new AssertionError(); } + + public static final String ADMIN = "/permission/admin"; + public static final String LOGIN = "/permission/admin/login"; + public static final String DEVICE_MGT = "/permission/admin/device-mgt"; + public static final String APP_MGT = "/permission/admin/app-mgt"; + } + +}