Search in sources :

Example 6 with PageFilter

use of org.apache.wiki.api.filters.PageFilter in project jspwiki by apache.

the class DefaultFilterManager method doPostTranslateFiltering.

/**
 *  Does the filtering after HTML translation.
 *
 *  @param context The WikiContext
 *  @param htmlData HTML data to be passed through the postTranslate
 *  @throws FilterException If any of the filters throws a FilterException
 *  @return The modified HTML
 *  @see PageFilter#postTranslate(WikiContext, String)
 */
public String doPostTranslateFiltering(WikiContext context, String htmlData) throws FilterException {
    fireEvent(WikiPageEvent.POST_TRANSLATE_BEGIN, context);
    for (PageFilter f : m_pageFilters) {
        htmlData = f.postTranslate(context, htmlData);
    }
    fireEvent(WikiPageEvent.POST_TRANSLATE_END, context);
    return htmlData;
}
Also used : PageFilter(org.apache.wiki.api.filters.PageFilter)

Example 7 with PageFilter

use of org.apache.wiki.api.filters.PageFilter in project jspwiki by apache.

the class UserManager method validateProfile.

/**
 * Validates a user profile, and appends any errors to the session errors
 * list. If the profile is new, the password will be checked to make sure it
 * isn't null. Otherwise, the password is checked for length and that it
 * matches the value of the 'password2' HTTP parameter. Note that we have a
 * special case when container-managed authentication is used and the user
 * is not authenticated; this will always cause validation to fail. Any
 * validation errors are added to the wiki session's messages collection
 * (see {@link WikiSession#getMessages()}.
 * @param context the current wiki context
 * @param profile the supplied UserProfile
 */
public void validateProfile(WikiContext context, UserProfile profile) {
    final boolean isNew = profile.isNew();
    final WikiSession session = context.getWikiSession();
    final InputValidator validator = new InputValidator(SESSION_MESSAGES, context);
    final ResourceBundle rb = Preferences.getBundle(context, InternationalizationManager.CORE_BUNDLE);
    // 
    // Query the SpamFilter first
    // 
    final FilterManager fm = m_engine.getFilterManager();
    final List<PageFilter> ls = fm.getFilterList();
    for (final PageFilter pf : ls) {
        if (pf instanceof SpamFilter) {
            if (((SpamFilter) pf).isValidUserProfile(context, profile) == false) {
                session.addMessage(SESSION_MESSAGES, "Invalid userprofile");
                return;
            }
            break;
        }
    }
    // If container-managed auth and user not logged in, throw an error
    if (m_engine.getAuthenticationManager().isContainerAuthenticated() && !context.getWikiSession().isAuthenticated()) {
        session.addMessage(SESSION_MESSAGES, rb.getString("security.error.createprofilebeforelogin"));
    }
    validator.validateNotNull(profile.getLoginName(), rb.getString("security.user.loginname"));
    validator.validateNotNull(profile.getFullname(), rb.getString("security.user.fullname"));
    validator.validate(profile.getEmail(), rb.getString("security.user.email"), InputValidator.EMAIL);
    // If new profile, passwords must match and can't be null
    if (!m_engine.getAuthenticationManager().isContainerAuthenticated()) {
        final String password = profile.getPassword();
        if (password == null) {
            if (isNew) {
                session.addMessage(SESSION_MESSAGES, rb.getString("security.error.blankpassword"));
            }
        } else {
            final HttpServletRequest request = context.getHttpRequest();
            final String password2 = (request == null) ? null : request.getParameter("password2");
            if (!password.equals(password2)) {
                session.addMessage(SESSION_MESSAGES, rb.getString("security.error.passwordnomatch"));
            }
        }
    }
    UserProfile otherProfile;
    final String fullName = profile.getFullname();
    final String loginName = profile.getLoginName();
    final String email = profile.getEmail();
    // It's illegal to use as a full name someone else's login name
    try {
        otherProfile = getUserDatabase().find(fullName);
        if (otherProfile != null && !profile.equals(otherProfile) && !fullName.equals(otherProfile.getFullname())) {
            final Object[] args = { fullName };
            session.addMessage(SESSION_MESSAGES, MessageFormat.format(rb.getString("security.error.illegalfullname"), args));
        }
    } catch (final NoSuchPrincipalException e) {
    /* It's clean */
    }
    // It's illegal to use as a login name someone else's full name
    try {
        otherProfile = getUserDatabase().find(loginName);
        if (otherProfile != null && !profile.equals(otherProfile) && !loginName.equals(otherProfile.getLoginName())) {
            final Object[] args = { loginName };
            session.addMessage(SESSION_MESSAGES, MessageFormat.format(rb.getString("security.error.illegalloginname"), args));
        }
    } catch (final NoSuchPrincipalException e) {
    /* It's clean */
    }
    // It's illegal to use multiple accounts with the same email
    try {
        otherProfile = getUserDatabase().findByEmail(email);
        if (otherProfile != null && // Issue JSPWIKI-1042
        !profile.getUid().equals(otherProfile.getUid()) && !profile.equals(otherProfile) && StringUtils.lowerCase(email).equals(StringUtils.lowerCase(otherProfile.getEmail()))) {
            final Object[] args = { email };
            session.addMessage(SESSION_MESSAGES, MessageFormat.format(rb.getString("security.error.email.taken"), args));
        }
    } catch (final NoSuchPrincipalException e) {
    /* It's clean */
    }
}
Also used : UserProfile(org.apache.wiki.auth.user.UserProfile) SpamFilter(org.apache.wiki.filters.SpamFilter) FilterManager(org.apache.wiki.api.engine.FilterManager) HttpServletRequest(javax.servlet.http.HttpServletRequest) WikiSession(org.apache.wiki.WikiSession) InputValidator(org.apache.wiki.ui.InputValidator) ResourceBundle(java.util.ResourceBundle) PageFilter(org.apache.wiki.api.filters.PageFilter)

Aggregations

PageFilter (org.apache.wiki.api.filters.PageFilter)7 FilterManager (org.apache.wiki.api.engine.FilterManager)2 Iterator (java.util.Iterator)1 List (java.util.List)1 ResourceBundle (java.util.ResourceBundle)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 WikiSession (org.apache.wiki.WikiSession)1 FilterException (org.apache.wiki.api.exceptions.FilterException)1 UserProfile (org.apache.wiki.auth.user.UserProfile)1 SpamFilter (org.apache.wiki.filters.SpamFilter)1 InputValidator (org.apache.wiki.ui.InputValidator)1 Test (org.junit.Test)1