From 2eb38516da5deaf4779a8bf0749f14bee8258f2e Mon Sep 17 00:00:00 2001 From: j2blake Date: Fri, 10 Jun 2011 15:25:41 +0000 Subject: [PATCH] NIHVIVO-2279 When the user enters an email address, confirm that it is in a valid form. --- .../webapp/auth/policy/RootUserPolicy.java | 7 +++++ .../accounts/admin/UserAccountsAddPage.java | 8 ++++++ .../accounts/admin/UserAccountsEditPage.java | 8 ++++++ .../user/UserAccountsMyAccountPage.java | 8 ++++++ .../authenticate/Authenticator.java | 28 +++++++++++++++++-- .../body/accounts/userAccounts-add.ftl | 4 +++ .../body/accounts/userAccounts-edit.ftl | 4 +++ .../body/accounts/userAccounts-myAccount.ftl | 4 +++ 8 files changed, 69 insertions(+), 2 deletions(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java index 362fcba1e..85e069d12 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java @@ -126,6 +126,13 @@ public class RootUserPolicy implements PolicyIface { + PROPERTY_ROOT_USER_EMAIL + "'"); } + if (!Authenticator.isValidEmailAddress(emailAddress)) { + throw new IllegalStateException("Value for '" + + PROPERTY_ROOT_USER_EMAIL + + "' is not a valid email address: '" + emailAddress + + "'"); + } + if (null != uaDao.getUserAccountByEmail(emailAddress)) { throw new IllegalStateException("Can't create root user - " + "an account already exists with email address '" diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsAddPage.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsAddPage.java index 6dd6393a1..51c723459 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsAddPage.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsAddPage.java @@ -10,6 +10,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.UserAccount; import edu.cornell.mannlib.vitro.webapp.beans.UserAccount.Status; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.accounts.UserAccountsPage; +import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues; @@ -28,6 +29,7 @@ public class UserAccountsAddPage extends UserAccountsPage { private static final String ERROR_NO_EMAIL = "errorEmailIsEmpty"; private static final String ERROR_EMAIL_IN_USE = "errorEmailInUse"; + private static final String ERROR_EMAIL_INVALID_FORMAT = "errorEmailInvalidFormat"; private static final String ERROR_NO_FIRST_NAME = "errorFirstNameIsEmpty"; private static final String ERROR_NO_LAST_NAME = "errorLastNameIsEmpty"; private static final String ERROR_NO_ROLE = "errorNoRoleSelected"; @@ -84,6 +86,8 @@ public class UserAccountsAddPage extends UserAccountsPage { errorCode = ERROR_NO_EMAIL; } else if (isEmailInUse()) { errorCode = ERROR_EMAIL_IN_USE; + } else if (!isEmailValidFormat()) { + errorCode = ERROR_EMAIL_INVALID_FORMAT; } else if (firstName.isEmpty()) { errorCode = ERROR_NO_FIRST_NAME; } else if (lastName.isEmpty()) { @@ -99,6 +103,10 @@ public class UserAccountsAddPage extends UserAccountsPage { return userAccountsDao.getUserAccountByEmail(emailAddress) != null; } + private boolean isEmailValidFormat() { + return Authenticator.isValidEmailAddress(emailAddress); + } + public boolean isValid() { return errorCode.isEmpty(); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsEditPage.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsEditPage.java index e7ae1a8ae..c939dfe24 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsEditPage.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsEditPage.java @@ -14,6 +14,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.UserAccount; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.accounts.UserAccountsPage; import edu.cornell.mannlib.vitro.webapp.controller.accounts.user.UserAccountsUserController; +import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues; @@ -34,6 +35,7 @@ public class UserAccountsEditPage extends UserAccountsPage { private static final String ERROR_NO_EMAIL = "errorEmailIsEmpty"; private static final String ERROR_EMAIL_IN_USE = "errorEmailInUse"; + private static final String ERROR_EMAIL_INVALID_FORMAT = "errorEmailInvalidFormat"; private static final String ERROR_NO_FIRST_NAME = "errorFirstNameIsEmpty"; private static final String ERROR_NO_LAST_NAME = "errorLastNameIsEmpty"; private static final String ERROR_NO_ROLE = "errorNoRoleSelected"; @@ -113,6 +115,8 @@ public class UserAccountsEditPage extends UserAccountsPage { errorCode = ERROR_NO_EMAIL; } else if (emailIsChanged() && isEmailInUse()) { errorCode = ERROR_EMAIL_IN_USE; + } else if (!isEmailValidFormat()) { + errorCode = ERROR_EMAIL_INVALID_FORMAT; } else if (firstName.isEmpty()) { errorCode = ERROR_NO_FIRST_NAME; } else if (lastName.isEmpty()) { @@ -132,6 +136,10 @@ public class UserAccountsEditPage extends UserAccountsPage { return userAccountsDao.getUserAccountByEmail(emailAddress) != null; } + private boolean isEmailValidFormat() { + return Authenticator.isValidEmailAddress(emailAddress); + } + public boolean isValid() { return errorCode.isEmpty(); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsMyAccountPage.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsMyAccountPage.java index fbcf541ec..e14c65b71 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsMyAccountPage.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsMyAccountPage.java @@ -13,6 +13,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.UserAccount; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.accounts.UserAccountsPage; import edu.cornell.mannlib.vitro.webapp.controller.accounts.admin.UserAccountsEditPage; +import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues; @@ -30,6 +31,7 @@ public class UserAccountsMyAccountPage extends UserAccountsPage { private static final String ERROR_NO_EMAIL = "errorEmailIsEmpty"; private static final String ERROR_EMAIL_IN_USE = "errorEmailInUse"; + private static final String ERROR_EMAIL_INVALID_FORMAT = "errorEmailInvalidFormat"; private static final String ERROR_NO_FIRST_NAME = "errorFirstNameIsEmpty"; private static final String ERROR_NO_LAST_NAME = "errorLastNameIsEmpty"; @@ -87,6 +89,8 @@ public class UserAccountsMyAccountPage extends UserAccountsPage { errorCode = ERROR_NO_EMAIL; } else if (emailIsChanged() && isEmailInUse()) { errorCode = ERROR_EMAIL_IN_USE; + } else if (!isEmailValidFormat()) { + errorCode = ERROR_EMAIL_INVALID_FORMAT; } else if (firstName.isEmpty()) { errorCode = ERROR_NO_FIRST_NAME; } else if (lastName.isEmpty()) { @@ -104,6 +108,10 @@ public class UserAccountsMyAccountPage extends UserAccountsPage { return userAccountsDao.getUserAccountByEmail(emailAddress) != null; } + private boolean isEmailValidFormat() { + return Authenticator.isValidEmailAddress(emailAddress); + } + public boolean isValid() { return errorCode.isEmpty(); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java index 7a94665fa..cddad2bdc 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java @@ -6,6 +6,8 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.List; +import javax.mail.internet.AddressException; +import javax.mail.internet.InternetAddress; import javax.servlet.http.HttpServletRequest; import org.apache.commons.codec.binary.Hex; @@ -144,8 +146,30 @@ public abstract class Authenticator { } } + /** + * Check whether the form of the emailAddress is syntactically correct. Does + * not allow multiple addresses. Does not allow local addresses (without a + * hostname). + * + * Does not confirm that the host actually exists, or has a mailbox by that + * name. + */ public static boolean isValidEmailAddress(String emailAddress) { - // TODO check for valid syntax. - return (emailAddress != null) && (!emailAddress.isEmpty()); + try { + // InternetAddress constructor will throw an exception if the + // address does not have valid format (if "strict" is true). + @SuppressWarnings("unused") + InternetAddress a = new InternetAddress(emailAddress, true); + + // InternetAddress permits a localname without hostname. + // Guard against that. + if (emailAddress.indexOf('@') == -1) { + return false; + } + + return true; + } catch (AddressException e) { + return false; + } } } diff --git a/webapp/web/templates/freemarker/body/accounts/userAccounts-add.ftl b/webapp/web/templates/freemarker/body/accounts/userAccounts-add.ftl index 0b3131991..9ec0d64a5 100644 --- a/webapp/web/templates/freemarker/body/accounts/userAccounts-add.ftl +++ b/webapp/web/templates/freemarker/body/accounts/userAccounts-add.ftl @@ -12,6 +12,10 @@ <#assign errorMessage = "An account with that email address already exists." /> + <#if errorEmailInvalidFormat??> + <#assign errorMessage = "'${emailAddress}' is not a valid email address." /> + + <#if errorFirstNameIsEmpty??> <#assign errorMessage = "You must supply a first name." /> diff --git a/webapp/web/templates/freemarker/body/accounts/userAccounts-edit.ftl b/webapp/web/templates/freemarker/body/accounts/userAccounts-edit.ftl index 9060a37ea..b6d818f65 100644 --- a/webapp/web/templates/freemarker/body/accounts/userAccounts-edit.ftl +++ b/webapp/web/templates/freemarker/body/accounts/userAccounts-edit.ftl @@ -12,6 +12,10 @@ <#assign errorMessage = "An account with that email address already exists." /> + <#if errorEmailInvalidFormat??> + <#assign errorMessage = "'${emailAddress}' is not a valid email address." /> + + <#if errorFirstNameIsEmpty??> <#assign errorMessage = "You must supply a first name." /> diff --git a/webapp/web/templates/freemarker/body/accounts/userAccounts-myAccount.ftl b/webapp/web/templates/freemarker/body/accounts/userAccounts-myAccount.ftl index 534936c03..e00f13c41 100644 --- a/webapp/web/templates/freemarker/body/accounts/userAccounts-myAccount.ftl +++ b/webapp/web/templates/freemarker/body/accounts/userAccounts-myAccount.ftl @@ -12,6 +12,10 @@ <#assign errorMessage = "An account with that email address already exists." /> + <#if errorEmailInvalidFormat??> + <#assign errorMessage = "'${emailAddress}' is not a valid email address." /> + + <#if errorFirstNameIsEmpty??> <#assign errorMessage = "You must supply a first name." />