Improve validation of xml mindmaps during save.
parent
342099194d
commit
c3f93fdf4a
|
@ -0,0 +1,56 @@
|
||||||
|
/*
|
||||||
|
* Copyright [2015] [wisemapping]
|
||||||
|
*
|
||||||
|
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
|
||||||
|
* It is basically the Apache License, Version 2.0 (the "License") plus the
|
||||||
|
* "powered by wisemapping" text requirement on every single page;
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the license at
|
||||||
|
*
|
||||||
|
* http://www.wisemapping.org/license
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package com.wisemapping.exceptions;
|
||||||
|
|
||||||
|
|
||||||
|
import org.springframework.lang.Nullable;
|
||||||
|
|
||||||
|
import javax.validation.constraints.NotNull;
|
||||||
|
|
||||||
|
public class InvalidMindmapException
|
||||||
|
extends ClientException {
|
||||||
|
private static final String EMPTY_MINDMAP = "MINDMAP_EMPTY_ERROR";
|
||||||
|
private static final String INVALID_MINDMAP_FORMAT = "INVALID_MINDMAP_FORMAT";
|
||||||
|
private static final String TOO_BIG_MINDMAP = "TOO_BIG_MINDMAP";
|
||||||
|
|
||||||
|
private final String bundleKey;
|
||||||
|
|
||||||
|
private InvalidMindmapException(@NotNull String bundleKey, @Nullable String xmlDoc) {
|
||||||
|
super("Invalid mindmap format:" + xmlDoc, Severity.SEVERE);
|
||||||
|
this.bundleKey = bundleKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
static public InvalidMindmapException emptyMindmap() {
|
||||||
|
return new InvalidMindmapException(EMPTY_MINDMAP,"");
|
||||||
|
}
|
||||||
|
|
||||||
|
static public InvalidMindmapException invalidFormat(@Nullable String xmlDoc) {
|
||||||
|
return new InvalidMindmapException(INVALID_MINDMAP_FORMAT,xmlDoc);
|
||||||
|
}
|
||||||
|
|
||||||
|
static public InvalidMindmapException tooBigMindnap() {
|
||||||
|
return new InvalidMindmapException(TOO_BIG_MINDMAP,"");
|
||||||
|
}
|
||||||
|
|
||||||
|
@NotNull
|
||||||
|
@Override
|
||||||
|
protected String getMsgBundleKey() {
|
||||||
|
return bundleKey;
|
||||||
|
}
|
||||||
|
}
|
|
@ -19,6 +19,7 @@
|
||||||
package com.wisemapping.model;
|
package com.wisemapping.model;
|
||||||
|
|
||||||
import com.wisemapping.exceptions.AccessDeniedSecurityException;
|
import com.wisemapping.exceptions.AccessDeniedSecurityException;
|
||||||
|
import com.wisemapping.exceptions.InvalidMindmapException;
|
||||||
import com.wisemapping.exceptions.WiseMappingException;
|
import com.wisemapping.exceptions.WiseMappingException;
|
||||||
import com.wisemapping.util.ZipUtils;
|
import com.wisemapping.util.ZipUtils;
|
||||||
import org.apache.commons.lang.StringEscapeUtils;
|
import org.apache.commons.lang.StringEscapeUtils;
|
||||||
|
@ -94,7 +95,9 @@ public class Mindmap implements Serializable {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setXmlStr(@NotNull String xml) {
|
public void setXmlStr(@NotNull String xml) throws InvalidMindmapException {
|
||||||
|
// Is a valid mindmap ... ?
|
||||||
|
MindmapUtils.verifyMindmap(xml);
|
||||||
this.setUnzipXml(xml.getBytes(StandardCharsets.UTF_8));
|
this.setUnzipXml(xml.getBytes(StandardCharsets.UTF_8));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
package com.wisemapping.model;
|
||||||
|
|
||||||
|
|
||||||
|
import com.wisemapping.exceptions.InvalidMindmapException;
|
||||||
|
import org.jetbrains.annotations.Nullable;
|
||||||
|
|
||||||
|
abstract public class MindmapUtils {
|
||||||
|
|
||||||
|
private static final int MAX_SUPPORTED_NODES = 500;
|
||||||
|
|
||||||
|
public static void verifyMindmap(@Nullable String xmlDoc) throws InvalidMindmapException {
|
||||||
|
if (xmlDoc == null || xmlDoc.trim().isEmpty()) {
|
||||||
|
// Perform basic structure validation. Must have a map node and
|
||||||
|
throw InvalidMindmapException.emptyMindmap();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Perform basic structure validation without parsing the XML.
|
||||||
|
if (!xmlDoc.trim().endsWith("</map>") || !xmlDoc.trim().startsWith("<map")) {
|
||||||
|
throw InvalidMindmapException.invalidFormat(xmlDoc);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate that the number of nodes is not bigger 500 nodes.
|
||||||
|
if (xmlDoc.split("<topic").length > MAX_SUPPORTED_NODES) {
|
||||||
|
throw InvalidMindmapException.tooBigMindnap();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -133,10 +133,7 @@ public class MindmapController extends BaseController {
|
||||||
collaborationProperties.setMindmapProperties(properties);
|
collaborationProperties.setMindmapProperties(properties);
|
||||||
|
|
||||||
// Validate content ...
|
// Validate content ...
|
||||||
String xml = restMindmap.getXml();
|
final String xml = restMindmap.getXml();
|
||||||
if (xml == null) {
|
|
||||||
throw new IllegalArgumentException("Map xml can not be null");
|
|
||||||
}
|
|
||||||
mindmap.setXmlStr(xml);
|
mindmap.setXmlStr(xml);
|
||||||
|
|
||||||
// Update map ...
|
// Update map ...
|
||||||
|
@ -164,14 +161,10 @@ public class MindmapController extends BaseController {
|
||||||
@RequestMapping(method = RequestMethod.PUT, value = {"/maps/{id}/document/xml"}, consumes = {"text/plain"})
|
@RequestMapping(method = RequestMethod.PUT, value = {"/maps/{id}/document/xml"}, consumes = {"text/plain"})
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public void updateDocument(@PathVariable int id, @RequestBody String xmlDoc) throws WiseMappingException, IOException {
|
public void updateDocument(@PathVariable int id, @RequestBody String xmlDoc) throws WiseMappingException, IOException {
|
||||||
|
|
||||||
final Mindmap mindmap = findMindmapById(id);
|
final Mindmap mindmap = findMindmapById(id);
|
||||||
final User user = Utils.getUser();
|
final User user = Utils.getUser();
|
||||||
if (xmlDoc != null && !xmlDoc.isEmpty()) {
|
|
||||||
mindmap.setXmlStr(xmlDoc);
|
|
||||||
}
|
|
||||||
|
|
||||||
mindmap.setXmlStr(xmlDoc);
|
mindmap.setXmlStr(xmlDoc);
|
||||||
|
|
||||||
saveMindmapDocument(false, mindmap, user);
|
saveMindmapDocument(false, mindmap, user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -273,7 +266,6 @@ public class MindmapController extends BaseController {
|
||||||
|
|
||||||
// Is there a map with the same name ?
|
// Is there a map with the same name ?
|
||||||
if (mindmapService.getMindmapByTitle(title, user) != null) {
|
if (mindmapService.getMindmapByTitle(title, user) != null) {
|
||||||
|
|
||||||
throw buildValidationException("title", "You already have a mindmap with this title");
|
throw buildValidationException("title", "You already have a mindmap with this title");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,20 +1,20 @@
|
||||||
/*
|
/*
|
||||||
* Copyright [2015] [wisemapping]
|
* Copyright [2015] [wisemapping]
|
||||||
*
|
*
|
||||||
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
|
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
|
||||||
* It is basically the Apache License, Version 2.0 (the "License") plus the
|
* It is basically the Apache License, Version 2.0 (the "License") plus the
|
||||||
* "powered by wisemapping" text requirement on every single page;
|
* "powered by wisemapping" text requirement on every single page;
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
* You may obtain a copy of the license at
|
* You may obtain a copy of the license at
|
||||||
*
|
*
|
||||||
* http://www.wisemapping.org/license
|
* http://www.wisemapping.org/license
|
||||||
*
|
*
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
* See the License for the specific language governing permissions and
|
* See the License for the specific language governing permissions and
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package com.wisemapping.rest.model;
|
package com.wisemapping.rest.model;
|
||||||
|
|
||||||
|
@ -22,9 +22,9 @@ package com.wisemapping.rest.model;
|
||||||
import com.fasterxml.jackson.annotation.JsonAutoDetect;
|
import com.fasterxml.jackson.annotation.JsonAutoDetect;
|
||||||
import com.fasterxml.jackson.annotation.JsonIgnore;
|
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||||
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
|
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
|
||||||
|
import com.wisemapping.exceptions.InvalidMindmapException;
|
||||||
import com.wisemapping.exceptions.WiseMappingException;
|
import com.wisemapping.exceptions.WiseMappingException;
|
||||||
import com.wisemapping.model.*;
|
import com.wisemapping.model.*;
|
||||||
import com.wisemapping.security.Utils;
|
|
||||||
import com.wisemapping.util.TimeUtils;
|
import com.wisemapping.util.TimeUtils;
|
||||||
import org.jetbrains.annotations.NotNull;
|
import org.jetbrains.annotations.NotNull;
|
||||||
import org.jetbrains.annotations.Nullable;
|
import org.jetbrains.annotations.Nullable;
|
||||||
|
@ -34,10 +34,6 @@ import javax.xml.bind.annotation.XmlAccessorType;
|
||||||
import javax.xml.bind.annotation.XmlRootElement;
|
import javax.xml.bind.annotation.XmlRootElement;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Calendar;
|
import java.util.Calendar;
|
||||||
import java.util.LinkedHashSet;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Set;
|
|
||||||
import java.util.stream.Collectors;
|
|
||||||
|
|
||||||
@XmlRootElement(name = "map")
|
@XmlRootElement(name = "map")
|
||||||
@XmlAccessorType(XmlAccessType.PROPERTY)
|
@XmlAccessorType(XmlAccessType.PROPERTY)
|
||||||
|
@ -71,7 +67,7 @@ public class RestMindmap {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setCreationTime(final String creationTime){
|
public void setCreationTime(final String creationTime) {
|
||||||
// Ignore
|
// Ignore
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -154,10 +150,10 @@ public class RestMindmap {
|
||||||
return mindmap.getXmlStr();
|
return mindmap.getXmlStr();
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setXml(@Nullable String xml) throws IOException {
|
public void setXml(@Nullable String xml) throws IOException, InvalidMindmapException {
|
||||||
|
if (xml != null) {
|
||||||
if (xml != null)
|
|
||||||
mindmap.setXmlStr(xml);
|
mindmap.setXmlStr(xml);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getOwner() {
|
public String getOwner() {
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
package com.wisemapping.service;
|
package com.wisemapping.service;
|
||||||
|
|
||||||
import com.wisemapping.dao.UserManager;
|
import com.wisemapping.dao.UserManager;
|
||||||
|
import com.wisemapping.exceptions.InvalidMindmapException;
|
||||||
import com.wisemapping.exceptions.WiseMappingException;
|
import com.wisemapping.exceptions.WiseMappingException;
|
||||||
import com.wisemapping.mail.NotificationService;
|
import com.wisemapping.mail.NotificationService;
|
||||||
import com.wisemapping.model.*;
|
import com.wisemapping.model.*;
|
||||||
|
@ -146,7 +147,7 @@ public class UserServiceImpl
|
||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Mindmap buildTutorialMindmap(@NotNull String firstName) {
|
public Mindmap buildTutorialMindmap(@NotNull String firstName) throws InvalidMindmapException {
|
||||||
//To change body of created methods use File | Settings | File Templates.
|
//To change body of created methods use File | Settings | File Templates.
|
||||||
final Locale locale = LocaleContextHolder.getLocale();
|
final Locale locale = LocaleContextHolder.getLocale();
|
||||||
Mindmap result = new Mindmap();
|
Mindmap result = new Mindmap();
|
||||||
|
|
|
@ -53,3 +53,6 @@ NO_ENOUGH_PERMISSIONS=This mind map can opened.
|
||||||
NO_ENOUGH_PERMISSIONS_DETAILS=You do not have enough right access to see this map. This map has been changed to private or deleted.
|
NO_ENOUGH_PERMISSIONS_DETAILS=You do not have enough right access to see this map. This map has been changed to private or deleted.
|
||||||
CAPTCHA_TIMEOUT_OUT_DUPLICATE=Please, refresh the page and try again.
|
CAPTCHA_TIMEOUT_OUT_DUPLICATE=Please, refresh the page and try again.
|
||||||
CAPTCHA_INVALID_INPUT_RESPONSE="Invalid input response, refresh the page and try again.
|
CAPTCHA_INVALID_INPUT_RESPONSE="Invalid input response, refresh the page and try again.
|
||||||
|
MINDMAP_EMPTY_ERROR=Midnmap can not be empty.
|
||||||
|
INVALID_MINDMAP_FORMAT=Mindmap format is not valid format.
|
||||||
|
TOO_BIG_MINDMAP=You have reached the limit of 500 topics in a mindmap.
|
||||||
|
|
|
@ -33,14 +33,11 @@
|
||||||
</script>
|
</script>
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
var mapId = '${mindmap.id}';
|
var mapId = '${mindmap.id}';
|
||||||
var memoryPersistence = ${memoryPersistence};
|
|
||||||
var readOnly = ${readOnlyMode};
|
|
||||||
var lockTimestamp = '${lockTimestamp}';
|
var lockTimestamp = '${lockTimestamp}';
|
||||||
var lockSession = '${lockSession}';
|
var lockSession = '${lockSession}';
|
||||||
var mindmapLocked = ${mindmapLocked};
|
var mindmapLocked = ${mindmapLocked};
|
||||||
var mindmapLockedMsg = '<spring:message code="MINDMAP_LOCKED" arguments="${lockInfo.user.fullName},${lockInfo.user.email}"/>';
|
var mindmapLockedMsg = '<spring:message code="MINDMAP_LOCKED" arguments="${lockInfo.user.fullName},${lockInfo.user.email}"/>';
|
||||||
var userOptions = ${mindmap.properties};
|
var userOptions = ${mindmap.properties};
|
||||||
var isAuth = ${principal != null};
|
|
||||||
var accountName = '${principal.fullName}';
|
var accountName = '${principal.fullName}';
|
||||||
var accountEmail = '${principal.email}';
|
var accountEmail = '${principal.email}';
|
||||||
var mapTitle = '${mindmap.title}';
|
var mapTitle = '${mindmap.title}';
|
||||||
|
|
Loading…
Reference in New Issue