From 5c0c18eba037d38c4e90155982dc3cd161977420 Mon Sep 17 00:00:00 2001
From: Paulo Gustavo Veiga <pveiga@wisemapping.com>
Date: Mon, 14 Feb 2022 19:59:36 -0800
Subject: [PATCH] Add email validation on collaborators.

---
 wise-webapp/pom.xml                           | 16 +++++-----
 .../wisemapping/rest/MindmapController.java   | 30 +++++++++++++++++--
 .../webapp/WEB-INF/wisemapping-servlet.xml    |  6 ----
 3 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/wise-webapp/pom.xml b/wise-webapp/pom.xml
index c64e66c9..4377a8b4 100644
--- a/wise-webapp/pom.xml
+++ b/wise-webapp/pom.xml
@@ -213,12 +213,6 @@
             <artifactId>commons-dbcp2</artifactId>
             <version>2.9.0</version>
         </dependency>
-        <dependency>
-            <groupId>commons-fileupload</groupId>
-            <artifactId>commons-fileupload</artifactId>
-            <version>1.2.1</version>
-            <scope>runtime</scope>
-        </dependency>
         <dependency>
             <groupId>org.hibernate</groupId>
             <artifactId>hibernate-ehcache</artifactId>
@@ -240,6 +234,12 @@
             <version>1.2.17</version>
             <scope>compile</scope>
         </dependency>
+        <!-- https://mvnrepository.com/artifact/commons-validator/commons-validator -->
+        <dependency>
+            <groupId>commons-validator</groupId>
+            <artifactId>commons-validator</artifactId>
+            <version>1.7</version>
+        </dependency>
         <!-- Only for test purposes -->
         <dependency>
             <groupId>org.hsqldb</groupId>
@@ -250,7 +250,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.11.3</version>
+            <version>2.13.1</version>
         </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
@@ -277,7 +277,7 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>fluent-hc</artifactId>
-            <version>4.5.5</version>
+            <version>4.5.13</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
diff --git a/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java b/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java
index 65e7a05e..dd918e93 100644
--- a/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java
+++ b/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java
@@ -27,6 +27,7 @@ import com.wisemapping.rest.model.*;
 import com.wisemapping.security.Utils;
 import com.wisemapping.service.*;
 import com.wisemapping.validator.MapInfoValidator;
+import org.apache.commons.validator.routines.EmailValidator;
 import org.apache.log4j.Logger;
 import org.jetbrains.annotations.NotNull;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -296,7 +297,14 @@ public class MindmapController extends BaseController {
         // Compare one by one if some of the elements has been changed ....
         final Set<Collaboration> collabsToRemove = new HashSet<>(mindMap.getCollaborations());
         for (RestCollaboration restCollab : restCollabs.getCollaborations()) {
-            final Collaboration collaboration = mindMap.findCollaboration(restCollab.getEmail());
+            final String email = restCollab.getEmail();
+
+            // Is a valid email address ?
+            if (!EmailValidator.getInstance().isValid(email)) {
+                throw new IllegalArgumentException(email + " is not valid email address");
+            }
+
+            final Collaboration collaboration = mindMap.findCollaboration(email);
             // Validate role format ...
             String roleStr = restCollab.getRole();
             if (roleStr == null) {
@@ -333,6 +341,17 @@ public class MindmapController extends BaseController {
             throw new IllegalArgumentException("No enough permissions");
         }
 
+        // Is valid email address ?
+        final EmailValidator emailValidator = EmailValidator.getInstance();
+        restCollabs
+                .getCollaborations()
+                .forEach(collab -> {
+                    // Is a valid email address ?
+                    if (!emailValidator.isValid(collab.getEmail())) {
+                        throw new IllegalArgumentException(collab.getEmail() + " is not valid email address");
+                    }
+                });
+
         // Has any role changed ?. Just removed it.
         final Map<String, Collaboration> mapsByEmail = mindMap
                 .getCollaborations()
@@ -432,6 +451,12 @@ public class MindmapController extends BaseController {
     public void deleteCollabByEmail(@PathVariable int id, @RequestParam(required = false) String email) throws IOException, WiseMappingException {
         logger.debug("Deleting permission for email:" + email);
 
+        // Is a valid email address ?
+        final EmailValidator emailValidator = EmailValidator.getInstance();
+        if (!emailValidator.isValid(email)) {
+            throw new IllegalArgumentException(email + " is not valid email address");
+        }
+
         final Mindmap mindmap = findMindmapById(id);
         final User user = Utils.getUser();
 
@@ -495,6 +520,7 @@ public class MindmapController extends BaseController {
             mindmapService.removeMindmap(mindmap, user);
         }
     }
+
     @RequestMapping(method = RequestMethod.POST, value = "/maps", consumes = {"application/xml", "application/json"})
     @ResponseStatus(value = HttpStatus.CREATED)
     public void createMap(@RequestBody(required = false) String mapXml, @NotNull HttpServletResponse response, @RequestParam(required = false) String title, @RequestParam(required = false) String description) throws IOException, WiseMappingException {
@@ -506,7 +532,7 @@ public class MindmapController extends BaseController {
 
         if (description != null && !description.isEmpty()) {
             mindmap.setDescription(description);
-        }else {
+        } else {
             mindmap.setDescription("description");
         }
 
diff --git a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-servlet.xml b/wise-webapp/src/main/webapp/WEB-INF/wisemapping-servlet.xml
index 073c65bb..62da4794 100644
--- a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-servlet.xml
+++ b/wise-webapp/src/main/webapp/WEB-INF/wisemapping-servlet.xml
@@ -64,12 +64,6 @@
           class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
     </bean>
 
-    <bean id="multipartResolver"
-          class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
-        <!-- one of the properties available; the maximum file size in bytes -->
-        <property name="maxUploadSize" value="522240"/>
-    </bean>
-
     <bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
         <property name="basenames">
             <list>