EDELIVERY-2806 Fixed UTF-8 characters in ServiceGroup-Owner HTTP header. User...

EDELIVERY-2806 Fixed UTF-8 characters in ServiceGroup-Owner HTTP header. User must provide URL-encoded characters since HTTP headers do not support UTF-8

EDELIVERY-2806 Fixed UTF-8 characters in ServiceGroup-Owner HTTP header. User...
373f48c6 · Pawel GUTOWSKI · aab896ae · 373f48c6 · 373f48c6 · 373f48c6
Commit 373f48c6 authored 7 years ago by Pawel GUTOWSKI
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/controllers/ServiceGroupController.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/controllers/ServiceGroupController.java
@@ -33,9 +33,11 @@ import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;

+import java.io.UnsupportedEncodingException;
 import java.util.List;

 import static eu.europa.ec.smp.api.Identifiers.asParticipantId;
+import static java.net.URLDecoder.decode;
 import static org.apache.commons.lang3.StringUtils.isNotBlank;
 import static org.springframework.http.ResponseEntity.created;
 import static org.springframework.http.ResponseEntity.ok;
@@ -51,6 +53,8 @@ public class ServiceGroupController {

    private static final Logger log = LoggerFactory.getLogger(ServiceGroupController.class);

+    private static final String UTF_8 = "UTF-8";
+
    @Autowired
    private ServiceGroupValidator serviceGroupValidator;

@@ -82,7 +86,7 @@ public class ServiceGroupController {
            @PathVariable String serviceGroupId,
            @RequestHeader(name = "ServiceGroup-Owner", required = false) String serviceGroupOwner,
            @RequestHeader(name = "Domain", required = false) String domain,
-            @RequestBody String body) throws XmlInvalidAgainstSchemaException {
+            @RequestBody String body) throws XmlInvalidAgainstSchemaException, UnsupportedEncodingException {

        log.info("PUT ServiceGroup: {}\n{}", serviceGroupId, body);

@@ -92,7 +96,7 @@ public class ServiceGroupController {
        serviceGroupValidator.validate(serviceGroupId, serviceGroup);

        // Service action
-        String newOwnerName = isNotBlank(serviceGroupOwner) ? serviceGroupOwner : SecurityContextHolder.getContext().getAuthentication().getName();
+        String newOwnerName = isNotBlank(serviceGroupOwner) ? decode(serviceGroupOwner, UTF_8) : SecurityContextHolder.getContext().getAuthentication().getName();
        boolean newServiceGroupCreated = serviceGroupService.saveServiceGroup(serviceGroup, domain, newOwnerName);

        log.info("Finished PUT ServiceGroup: {}", serviceGroupId);

--- a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/controllers/ServiceGroupControllerTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/controllers/ServiceGroupControllerTest.java
@@ -67,6 +67,9 @@ public class ServiceGroupControllerTest {
    private static final String URL_PATH = format("/%s::%s", PARTICIPANT_SCHEME, PARTICIPANT_ID);
    private static final String SERVICE_GROUP_INPUT_BODY = getSampleServiceGroupBodyWithScheme(PARTICIPANT_SCHEME);
    private static final String HTTP_HEADER_KEY_DOMAIN = "Domain";
+    private static final String HTTP_HEADER_KEY_SERVICE_GROUP_OWNER = "ServiceGroup-Owner";
+
+    private static final String OTHER_OWNER_NAME_URL_ENCODED = "CN=utf-8_%C5%BC_SMP,O=EC,C=BE:0000000000000666";

    private static final RequestPostProcessor ADMIN_CREDENTIALS = httpBasic("test_admin", "gutek123");

@@ -193,4 +196,24 @@ public class ServiceGroupControllerTest {
                .andExpect(content().string(stringContainsInOrder("WRONG_FIELD")));
    }

+    @Test
+    public void adminCanAssignNewServiceGroupToOtherOwner() throws Exception {
+        mvc.perform(put(URL_PATH)
+                .with(ADMIN_CREDENTIALS)
+                .contentType(APPLICATION_XML_VALUE)
+                .header(HTTP_HEADER_KEY_SERVICE_GROUP_OWNER, OTHER_OWNER_NAME_URL_ENCODED)
+                .content(SERVICE_GROUP_INPUT_BODY))
+                .andExpect(status().isCreated());
+    }
+
+    @Test
+    public void adminCannotAssignNewServiceGroupToNotExistingOwner() throws Exception {
+        mvc.perform(put(URL_PATH)
+                .with(ADMIN_CREDENTIALS)
+                .contentType(APPLICATION_XML_VALUE)
+                .header(HTTP_HEADER_KEY_SERVICE_GROUP_OWNER, "not-existing-user")
+                .content(SERVICE_GROUP_INPUT_BODY))
+                .andExpect(status().isBadRequest());
+    }
+
 }
--- a/smp-webapp/src/test/resources/webapp_integration_test_data.sql
+++ b/smp-webapp/src/test/resources/webapp_integration_test_data.sql
@@ -14,7 +14,8 @@ insert into smp_user(username, password, isadmin) values ('test_admin',
 insert into smp_user(username, password, isadmin) values ('test_user_hashed_pass',                     '$2a$06$k.Q/6anG4Eq/nNTZ0C1UIuAKxpr6ra5oaMkMSrlESIyA5jKEsUdyS', 0);
 insert into smp_user(username, password, isadmin) values ('test_user_clear_pass',                      'gutek123',                                                     0);
 insert into smp_user(username, password, isadmin) values ('CN=comon name,O=org,C=BE:0000000000000066', '',                                                             0);
-insert into smp_user (username, isadmin) values ('CN=EHEALTH_SMP_TEST_BRAZIL,O=European Commission,C=BE:48b681ee8e0dcc08', 0);
+insert into smp_user(username, isadmin) values ('CN=EHEALTH_SMP_TEST_BRAZIL,O=European Commission,C=BE:48b681ee8e0dcc08', 0);
+insert into smp_user(username, isadmin) values ('CN=utf-8_ż_SMP,O=EC,C=BE:0000000000000666', 0);

 insert into smp_service_group(businessidentifier, businessidentifierscheme) values ('urn:australia:ncpb', 'ehealth-actorid-qns');
 insert into smp_service_group(businessidentifier, businessidentifierscheme) values ('urn:brazil:ncpb', 'ehealth-actorid-qns');