Skip to content
Snippets Groups Projects
Commit fe34479e authored by Kovács Balázs's avatar Kovács Balázs
Browse files

request validations for dogs and users

parent e6dc6822
Branches
Tags
No related merge requests found
...@@ -7,6 +7,7 @@ import hu.pazmany.dto.UserDTO; ...@@ -7,6 +7,7 @@ import hu.pazmany.dto.UserDTO;
import hu.pazmany.security.JwtTokenProvider; import hu.pazmany.security.JwtTokenProvider;
import hu.pazmany.service.DogService; import hu.pazmany.service.DogService;
import hu.pazmany.service.UserService; import hu.pazmany.service.UserService;
import io.micrometer.common.lang.Nullable;
import jakarta.validation.Valid; import jakarta.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
...@@ -17,6 +18,7 @@ import org.springframework.web.multipart.MultipartFile; ...@@ -17,6 +18,7 @@ import org.springframework.web.multipart.MultipartFile;
import java.io.IOException; import java.io.IOException;
import java.util.List; import java.util.List;
import java.util.Objects;
import java.util.Optional; import java.util.Optional;
import java.util.regex.Pattern; import java.util.regex.Pattern;
...@@ -53,12 +55,14 @@ public class Controller { ...@@ -53,12 +55,14 @@ public class Controller {
@PostMapping(value = "/newdog") @PostMapping(value = "/newdog")
public ResponseEntity<?> addNewDog(@RequestHeader("Authorization") String token, @RequestParam("dog") String stringDogDTO, @RequestParam(value = "picture", required = false) MultipartFile mpf) { public ResponseEntity<?> addNewDog(@RequestHeader("Authorization") String token, @RequestParam("dog") String stringDogDTO, @RequestParam(value = "picture", required = false) MultipartFile mpf) {
if (!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); if (inValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
ObjectMapper objectMapper = new ObjectMapper(); ObjectMapper objectMapper = new ObjectMapper();
DetailedDogDTO dogDTO; DetailedDogDTO dogDTO;
try { try {
dogDTO = objectMapper.readValue(stringDogDTO, DetailedDogDTO.class); dogDTO = objectMapper.readValue(stringDogDTO, DetailedDogDTO.class);
ResponseEntity<?> response = validateDogData(dogDTO);
if (Objects.nonNull(response)) return response;
} catch (IOException e) { } catch (IOException e) {
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Hibás JSON formátum"); return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Hibás JSON formátum");
} }
...@@ -77,7 +81,7 @@ public class Controller { ...@@ -77,7 +81,7 @@ public class Controller {
@PostMapping(value = "/dogs/{id}/edit", consumes = MediaType.MULTIPART_FORM_DATA_VALUE) @PostMapping(value = "/dogs/{id}/edit", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
public ResponseEntity<?> editDog(@PathVariable Integer id, @RequestHeader("Authorization") String token, @RequestParam("dog") String stringDogDTO, @RequestParam(value = "picture", required = false) MultipartFile mpf) { public ResponseEntity<?> editDog(@PathVariable Integer id, @RequestHeader("Authorization") String token, @RequestParam("dog") String stringDogDTO, @RequestParam(value = "picture", required = false) MultipartFile mpf) {
if (!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); if (inValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
// Retrieve the dog entity from the database // Retrieve the dog entity from the database
Optional<DetailedDogDTO> optionalDog = dogService.get(id); Optional<DetailedDogDTO> optionalDog = dogService.get(id);
...@@ -86,6 +90,8 @@ public class Controller { ...@@ -86,6 +90,8 @@ public class Controller {
if (optionalDog.isPresent()) { if (optionalDog.isPresent()) {
try { try {
dogDTO = objectMapper.readValue(stringDogDTO, DetailedDogDTO.class); dogDTO = objectMapper.readValue(stringDogDTO, DetailedDogDTO.class);
ResponseEntity<?> response = validateDogData(dogDTO);
if (Objects.nonNull(response)) return response;
} catch (IOException e) { } catch (IOException e) {
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Hibás JSON formátum"); return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Hibás JSON formátum");
} }
...@@ -108,7 +114,7 @@ public class Controller { ...@@ -108,7 +114,7 @@ public class Controller {
@DeleteMapping("/dogs/{id}") @DeleteMapping("/dogs/{id}")
public ResponseEntity<?> deleteDog(@PathVariable Integer id, @RequestHeader("Authorization") String token) { public ResponseEntity<?> deleteDog(@PathVariable Integer id, @RequestHeader("Authorization") String token) {
if (!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); if (inValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
dogService.deleteDog(id); dogService.deleteDog(id);
return ResponseEntity.ok().build(); return ResponseEntity.ok().build();
...@@ -116,21 +122,16 @@ public class Controller { ...@@ -116,21 +122,16 @@ public class Controller {
@PostMapping("/register") @PostMapping("/register")
public ResponseEntity<?> registerUser(@Valid @RequestBody UserDTO request) { public ResponseEntity<?> registerUser(@Valid @RequestBody UserDTO request) {
// Validate the registration request // Validating and registering user inside a single function
ValidationError validationError = validateRegisterRequest(request); if (request == null || request.getUsername() == null || request.getPassword() == null)
if (validationError != null) { return ResponseEntity.badRequest().body("Érvénytelen kérés");
return ResponseEntity.badRequest().body(validationError.getMessage());
}
// Check if the username is already taken ResponseEntity<?> response = validateRegister(request);
if (userService.isUserExists(request.getUsername())) { if (Objects.nonNull(response)) return response;
return ResponseEntity.badRequest().body("Felhasználónév foglalt");
}
// Save the user entity // Save the user entity
userService.registerUser(request); userService.registerUser(request);
return ResponseEntity.status(HttpStatus.CREATED).body("Felhasználó sikeresen regisztrálva");
return ResponseEntity.status(HttpStatus.CREATED).body("Felhasználó sikeresen létrehozva");
} }
@PostMapping("/login") @PostMapping("/login")
...@@ -149,7 +150,37 @@ public class Controller { ...@@ -149,7 +150,37 @@ public class Controller {
} }
/*-------- Validation functions --------*/ /*-------- Independent validation functions --------*/
@Nullable
public ResponseEntity<?> validateDogData(@Valid @RequestBody DetailedDogDTO request) {
if (request.getName().length() < 2 || request.getName().length() > 20)
return ResponseEntity.badRequest().body("A kutyanév 2 és 20 karakter között legyen");
if (!Pattern.matches("^[A-Z][a-z]*$",request.getName()))
return ResponseEntity.badRequest().body("A kutyanév kis- és nagybetűkből álljon");
if (request.getAge() < 0)
return ResponseEntity.badRequest().body("A kutya életkora nem lehet negatív");
return null;
}
@Nullable
private ResponseEntity<?> validateRegister(@Valid @RequestBody UserDTO request) {
// Check if the username is already taken
if (userService.isUserExists(request.getUsername()))
return ResponseEntity.badRequest().body("Felhasználónév már létezik");
if(!Pattern.matches("^[a-zA-Z0-9]+$", request.getUsername()))
return ResponseEntity.badRequest().body("A felhasználónév csak betűket és számokat tartalmazhat");
if(request.getUsername().length() < 5 || request.getUsername().length() > 20)
return ResponseEntity.badRequest().body("A felhasználónév hossza 5 és 20 karakter között legyen");
if(request.getPassword().length() < 8 || request.getPassword().length() > 20)
return ResponseEntity.badRequest().body("A jelszó hossza 5 és 20 karakter között legyen");
if(!Pattern.matches("^(?=.*[A-Z])(?=.*\\d)[A-Za-z\\d]+$", request.getPassword()))
return ResponseEntity.badRequest().body("A jelszó tartalmazzon nagybetűt és számot");
return null;
}
private boolean isValidLoginRequest(UserDTO request) { private boolean isValidLoginRequest(UserDTO request) {
if (request == null) { if (request == null) {
...@@ -162,27 +193,8 @@ public class Controller { ...@@ -162,27 +193,8 @@ public class Controller {
// If all checks pass, return true // If all checks pass, return true
} }
private boolean inValidToken(String token) {
private ValidationError validateRegisterRequest(UserDTO request) { return token == null || !verifyTokenSignature(token);
String username_regex = "^\\w{5,20}$";
// username can contain numbers, upper and lowercase characters
String password_regex = "^(?=.*[A-Z])(?=.*\\d)[A-Za-z\\d]{8,20}$";
if (request == null || request.getUsername() == null || request.getPassword() == null) {
return new RequestValidationError();
}
if (!Pattern.matches(username_regex, request.getUsername())) {
return new UsernameValidationError();
}
if (!Pattern.matches(password_regex, request.getPassword())) {
return new PasswordValidationError();
}
return null;
}
private boolean isValidToken(String token) {
return token != null && verifyTokenSignature(token);
} }
private boolean verifyTokenSignature(String token) { private boolean verifyTokenSignature(String token) {
...@@ -195,33 +207,4 @@ public class Controller { ...@@ -195,33 +207,4 @@ public class Controller {
} }
private abstract static class ValidationError {
private final String message;
public String getMessage() {
return message;
}
ValidationError(String m) {
message = m;
}
}
private static class RequestValidationError extends ValidationError {
RequestValidationError() {
super("Érvénytelen kérés");
}
}
private static class UsernameValidationError extends ValidationError {
UsernameValidationError() {
super("Érvénytelen felhasználónév");
}
}
private static class PasswordValidationError extends ValidationError {
PasswordValidationError() {
super("Érvénytelen jelszó");
}
}
} }
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment