From 3c989876787bd0abfc6b92ad1534c172104d3933 Mon Sep 17 00:00:00 2001 From: _Bastler Date: Fri, 22 Oct 2021 11:44:46 +0200 Subject: [PATCH] fix username validation --- .../partey/businesslogic/ParteyUserTagManager.java | 6 +++--- .../controller/UserTagManagementController.java | 12 +++++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/partey/src/main/java/de/bstly/we/partey/businesslogic/ParteyUserTagManager.java b/partey/src/main/java/de/bstly/we/partey/businesslogic/ParteyUserTagManager.java index 22dbc2a..64b9289 100644 --- a/partey/src/main/java/de/bstly/we/partey/businesslogic/ParteyUserTagManager.java +++ b/partey/src/main/java/de/bstly/we/partey/businesslogic/ParteyUserTagManager.java @@ -98,7 +98,7 @@ public class ParteyUserTagManager { */ public List getAllForUsername(String username) { return Lists.newArrayList( - parteyUserTagRepository.findAll(qParteyUserTag.username.eq(username))); + parteyUserTagRepository.findAll(qParteyUserTag.username.equalsIgnoreCase(username))); } /** @@ -122,7 +122,7 @@ public class ParteyUserTagManager { BooleanBuilder query = new BooleanBuilder(); - query.and(qParteyUserTag.username.eq(username)); + query.and(qParteyUserTag.username.equalsIgnoreCase(username)); query.and(qParteyUserTag.expires.isNull().or(qParteyUserTag.expires.after(Instant.now()))); if (!upcoming) { @@ -160,7 +160,7 @@ public class ParteyUserTagManager { */ public void deleteAllForTarget(String username) { parteyUserTagRepository - .deleteAll(parteyUserTagRepository.findAll(qParteyUserTag.username.eq(username))); + .deleteAll(parteyUserTagRepository.findAll(qParteyUserTag.username.equalsIgnoreCase(username))); } } diff --git a/partey/src/main/java/de/bstly/we/partey/controller/UserTagManagementController.java b/partey/src/main/java/de/bstly/we/partey/controller/UserTagManagementController.java index 8c2c6b0..67e7609 100644 --- a/partey/src/main/java/de/bstly/we/partey/controller/UserTagManagementController.java +++ b/partey/src/main/java/de/bstly/we/partey/controller/UserTagManagementController.java @@ -56,7 +56,8 @@ public class UserTagManagementController extends BaseController { @RequestParam("desc") Optional descParameter) { Page page = parteyUserTagManager.getAll(pageParameter.orElse(0), - sizeParameter.orElse(10), sortParameter.orElse("username"), descParameter.orElse(false)); + sizeParameter.orElse(10), sortParameter.orElse("username"), + descParameter.orElse(false)); return page; } @@ -93,7 +94,7 @@ public class UserTagManagementController extends BaseController { User user = userManager.getByUsername(username); if (user == null) { - throw new EntityResponseStatusException(HttpStatus.NO_CONTENT); + throw new EntityResponseStatusException(HttpStatus.CONFLICT); } return parteyUserTagManager.getNonExpiredForUsername(username); @@ -112,7 +113,7 @@ public class UserTagManagementController extends BaseController { User user = userManager.getByUsername(username); if (user == null) { - throw new EntityResponseStatusException(HttpStatus.NO_CONTENT); + throw new EntityResponseStatusException(HttpStatus.CONFLICT); } return parteyUserTagManager.getNonExpiredForUsername(username, true); @@ -127,6 +128,11 @@ public class UserTagManagementController extends BaseController { @PreAuthorize("hasRole('ROLE_ADMIN')") @PostMapping public ParteyUserTag createOrUpdateParteyUserTag(@RequestBody ParteyUserTag parteyUserTag) { + User user = userManager.getByUsername(parteyUserTag.getUsername()); + if (user == null) { + throw new EntityResponseStatusException(HttpStatus.CONFLICT); + } + return parteyUserTagManager.save(parteyUserTag); }