Search in sources :

Example 76 with AnswerItem

use of org.cerberus.util.answer.AnswerItem in project cerberus-source by cerberustesting.

the class ReadLabel method findLabelList.

// </editor-fold>
private AnswerItem findLabelList(String system, ApplicationContext appContext, boolean userHasPermissions, HttpServletRequest request) throws JSONException {
    AnswerItem item = new AnswerItem();
    JSONObject object = new JSONObject();
    labelService = appContext.getBean(LabelService.class);
    int startPosition = Integer.valueOf(ParameterParserUtil.parseStringParam(request.getParameter("iDisplayStart"), "0"));
    int length = Integer.valueOf(ParameterParserUtil.parseStringParam(request.getParameter("iDisplayLength"), "0"));
    /*int sEcho  = Integer.valueOf(request.getParameter("sEcho"));*/
    String searchParameter = ParameterParserUtil.parseStringParam(request.getParameter("sSearch"), "");
    int columnToSortParameter = Integer.parseInt(ParameterParserUtil.parseStringParam(request.getParameter("iSortCol_0"), "1"));
    String sColumns = ParameterParserUtil.parseStringParam(request.getParameter("sColumns"), "System,Label,Color,Display,parentLabelId,Description");
    String[] columnToSort = sColumns.split(",");
    String columnName = columnToSort[columnToSortParameter];
    String sort = ParameterParserUtil.parseStringParam(request.getParameter("sSortDir_0"), "asc");
    List<String> individualLike = new ArrayList(Arrays.asList(ParameterParserUtil.parseStringParam(request.getParameter("sLike"), "").split(",")));
    Map<String, List<String>> individualSearch = new HashMap<>();
    for (int a = 0; a < columnToSort.length; a++) {
        if (null != request.getParameter("sSearch_" + a) && !request.getParameter("sSearch_" + a).isEmpty()) {
            List<String> search = new ArrayList(Arrays.asList(request.getParameter("sSearch_" + a).split(",")));
            if (individualLike.contains(columnToSort[a])) {
                individualSearch.put(columnToSort[a] + ":like", search);
            } else {
                individualSearch.put(columnToSort[a], search);
            }
        }
    }
    AnswerList resp = labelService.readBySystemByCriteria(system, startPosition, length, columnName, sort, searchParameter, individualSearch);
    JSONArray jsonArray = new JSONArray();
    if (resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
        // the service was able to perform the query, then we should get all values
        for (Label label : (List<Label>) resp.getDataList()) {
            JSONObject labelObject = convertLabelToJSONObject(label);
            if (!"".equals(label.getParentLabel())) {
                AnswerItem parentLabel = labelService.readByKey(Integer.valueOf(label.getParentLabel()));
                if (parentLabel.getItem() != null) {
                    labelObject.put("labelParentObject", convertLabelToJSONObject((Label) parentLabel.getItem()));
                }
            }
            jsonArray.put(labelObject);
        }
    }
    object.put("hasPermissions", userHasPermissions);
    object.put("contentTable", jsonArray);
    object.put("iTotalRecords", resp.getTotalRows());
    object.put("iTotalDisplayRecords", resp.getTotalRows());
    item.setItem(object);
    item.setResultMessage(resp.getResultMessage());
    return item;
}
Also used : AnswerList(org.cerberus.util.answer.AnswerList) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) JSONArray(org.json.JSONArray) Label(org.cerberus.crud.entity.Label) AnswerItem(org.cerberus.util.answer.AnswerItem) JSONObject(org.json.JSONObject) AnswerList(org.cerberus.util.answer.AnswerList) ArrayList(java.util.ArrayList) List(java.util.List) ILabelService(org.cerberus.crud.service.ILabelService) LabelService(org.cerberus.crud.service.impl.LabelService)

Example 77 with AnswerItem

use of org.cerberus.util.answer.AnswerItem in project cerberus-source by cerberustesting.

the class UpdateInvariant method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
    JSONObject jsonResponse = new JSONObject();
    Answer ans = new Answer();
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    ans.setResultMessage(msg);
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    String charset = request.getCharacterEncoding();
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    String id = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("idName"), "", charset);
    String value = request.getParameter("value");
    String oriId = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("originalIdName"), "", charset);
    String oriValue = request.getParameter("originalValue");
    String description = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("description"), "", charset);
    String veryShortDescField = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("veryShortDesc"), "", charset);
    String gp1 = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("gp1"), "", charset);
    String gp2 = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("gp2"), "", charset);
    String gp3 = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("gp3"), "", charset);
    String gp4 = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("gp4"), "", charset);
    String gp5 = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("gp5"), "", charset);
    String gp6 = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("gp6"), "", charset);
    String gp7 = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("gp7"), "", charset);
    String gp8 = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("gp8"), "", charset);
    String gp9 = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("gp9"), "", charset);
    Integer sort = 10;
    boolean sort_error = false;
    try {
        if (request.getParameter("sort") != null && !request.getParameter("sort").equals("")) {
            sort = Integer.valueOf(policy.sanitize(request.getParameter("sort")));
        }
    } catch (Exception ex) {
        sort_error = true;
    }
    boolean userHasPermissions = request.isUserInRole("Administrator");
    // Prepare the final answer.
    MessageEvent msg1 = new MessageEvent(MessageEventEnum.GENERIC_OK);
    Answer finalAnswer = new Answer(msg1);
    /**
     * Checking all constrains before calling the services.
     */
    if (StringUtil.isNullOrEmpty(id)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "Invariant").replace("%OPERATION%", "Update").replace("%REASON%", "Invariant name is missing!"));
        finalAnswer.setResultMessage(msg);
    } else if (sort_error) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "Invariant").replace("%OPERATION%", "Update").replace("%REASON%", "Could not manage to convert sort to an integer value!"));
        finalAnswer.setResultMessage(msg);
    } else if (!userHasPermissions) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "Invariant").replace("%OPERATION%", "Update").replace("%REASON%", "You don't have the right to do that"));
        finalAnswer.setResultMessage(msg);
    } else {
        /**
         * All data seems cleans so we can call the services.
         */
        ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
        IInvariantService invariantService = appContext.getBean(IInvariantService.class);
        AnswerItem resp = invariantService.readByKey(oriId, oriValue);
        if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
            /**
             * Object could not be found. We stop here and report the error.
             */
            finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) resp);
        } else {
            Invariant invariantData = (Invariant) resp.getItem();
            if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
                /**
                 * Object could not be found. We stop here and report the
                 * error.
                 */
                finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) resp);
            } else {
                if (invariantService.hasPermissionsUpdate(invariantData, request)) {
                    invariantData.setIdName(id);
                    invariantData.setValue(value);
                    invariantData.setSort(sort);
                    invariantData.setDescription(description);
                    invariantData.setVeryShortDesc(veryShortDescField);
                    invariantData.setGp1(gp1);
                    invariantData.setGp2(gp2);
                    invariantData.setGp3(gp3);
                    invariantData.setGp4(gp4);
                    invariantData.setGp5(gp5);
                    invariantData.setGp6(gp6);
                    invariantData.setGp7(gp7);
                    invariantData.setGp8(gp8);
                    invariantData.setGp9(gp9);
                    ans = invariantService.update(oriId, oriValue, invariantData);
                    finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
                    if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                        /**
                         * Object updated. Adding Log entry.
                         */
                        ILogEventService logEventService = appContext.getBean(LogEventService.class);
                        logEventService.createForPrivateCalls("/UpdateInvariant2", "UPDATE", "Update Invariant : ['" + id + "']", request);
                    }
                } else {
                    msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
                    msg.setDescription(msg.getDescription().replace("%ITEM%", "Invariant").replace("%OPERATION%", "Update").replace("%REASON%", "The Invariant is not Public!"));
                    ans.setResultMessage(msg);
                    finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
                }
            }
        }
    }
    /**
     * Formating and returning the json result.
     */
    jsonResponse.put("messageType", finalAnswer.getResultMessage().getMessage().getCodeString());
    jsonResponse.put("message", finalAnswer.getResultMessage().getDescription());
    response.getWriter().print(jsonResponse);
    response.getWriter().flush();
}
Also used : Invariant(org.cerberus.crud.entity.Invariant) PolicyFactory(org.owasp.html.PolicyFactory) MessageEvent(org.cerberus.engine.entity.MessageEvent) IInvariantService(org.cerberus.crud.service.IInvariantService) AnswerItem(org.cerberus.util.answer.AnswerItem) ServletException(javax.servlet.ServletException) JSONException(org.json.JSONException) IOException(java.io.IOException) CerberusException(org.cerberus.exception.CerberusException) Answer(org.cerberus.util.answer.Answer) ApplicationContext(org.springframework.context.ApplicationContext) JSONObject(org.json.JSONObject) ILogEventService(org.cerberus.crud.service.ILogEventService)

Example 78 with AnswerItem

use of org.cerberus.util.answer.AnswerItem in project cerberus-source by cerberustesting.

the class UpdateLabel method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
    JSONObject jsonResponse = new JSONObject();
    Answer ans = new Answer();
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    ans.setResultMessage(msg);
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    String charset = request.getCharacterEncoding();
    ILabelService labelService = appContext.getBean(ILabelService.class);
    IFactoryLabel labelFactory = appContext.getBean(IFactoryLabel.class);
    response.setContentType("application/json");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    /**
     * Parsing and securing all required parameters.
     */
    // Parameter that are already controled by GUI (no need to decode) --> We SECURE them
    String system = policy.sanitize(request.getParameter("system"));
    String type = policy.sanitize(request.getParameter("type"));
    Integer id = Integer.valueOf(policy.sanitize(request.getParameter("id")));
    String reqtype = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("reqtype"), "", charset);
    String reqstatus = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("reqstatus"), "", charset);
    String reqcriticity = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("reqcriticity"), "", charset);
    // Parameter that needs to be secured --> We SECURE+DECODE them
    String label = ParameterParserUtil.parseStringParamAndDecode(request.getParameter("label"), "", charset);
    String color = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("color"), "", charset);
    String parentLabel = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("parentLabel"), "", charset);
    String description = ParameterParserUtil.parseStringParamAndDecode(request.getParameter("description"), "", charset);
    String longDesc = ParameterParserUtil.parseStringParamAndDecode(request.getParameter("longdesc"), "", charset);
    String usr = request.getUserPrincipal().getName();
    /**
     * Checking all constrains before calling the services.
     */
    if (id == 0) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "Label").replace("%OPERATION%", "Update").replace("%REASON%", "Label ID is missing."));
        ans.setResultMessage(msg);
    } else {
        /**
         * All data seems cleans so we can call the services.
         */
        AnswerItem resp = labelService.readByKey(id);
        if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
            /**
             * Object could not be found. We stop here and report the error.
             */
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
            msg.setDescription(msg.getDescription().replace("%ITEM%", "Label").replace("%OPERATION%", "Update").replace("%REASON%", "Label does not exist."));
            ans.setResultMessage(msg);
        } else {
            /**
             * The service was able to perform the query and confirm the
             * object exist, then we can delete it.
             */
            Timestamp updateDate = new Timestamp(new Date().getTime());
            Label l = labelFactory.create(id, system, label, type, color, parentLabel, reqtype, reqstatus, reqcriticity, description, longDesc, null, null, usr, updateDate);
            ans = labelService.update(l);
            if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                /**
                 * Delete was successful. Adding Log entry.
                 */
                ILogEventService logEventService = appContext.getBean(LogEventService.class);
                logEventService.createForPrivateCalls("/UpdateLabel", "UPDATE", "Update Label : ['" + id + "']", request);
            }
        }
    }
    /**
     * Formating and returning the json result.
     */
    jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
    jsonResponse.put("message", ans.getResultMessage().getDescription());
    response.getWriter().print(jsonResponse);
    response.getWriter().flush();
}
Also used : PolicyFactory(org.owasp.html.PolicyFactory) MessageEvent(org.cerberus.engine.entity.MessageEvent) IFactoryLabel(org.cerberus.crud.factory.IFactoryLabel) Label(org.cerberus.crud.entity.Label) AnswerItem(org.cerberus.util.answer.AnswerItem) Timestamp(java.sql.Timestamp) Date(java.util.Date) ILabelService(org.cerberus.crud.service.ILabelService) Answer(org.cerberus.util.answer.Answer) ApplicationContext(org.springframework.context.ApplicationContext) IFactoryLabel(org.cerberus.crud.factory.IFactoryLabel) JSONObject(org.json.JSONObject) ILogEventService(org.cerberus.crud.service.ILogEventService)

Example 79 with AnswerItem

use of org.cerberus.util.answer.AnswerItem in project cerberus-source by cerberustesting.

the class ChangeUserPassword method doPost.

@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String login = request.getParameter("login");
    String currentPassword = request.getParameter("currentPassword");
    String newPassword = request.getParameter("newPassword");
    String confirmPassword = request.getParameter("confirmPassword");
    String resetPasswordToken = request.getParameter("resetPasswordToken");
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    IUserService userService = appContext.getBean(UserService.class);
    User myUser;
    try {
        JSONObject jsonResponse = new JSONObject();
        try {
            myUser = userService.findUserByKey(login);
            AnswerItem ansPassword = userService.updateUserPassword(myUser, currentPassword, newPassword, confirmPassword, resetPasswordToken);
            jsonResponse.put("messageType", ansPassword.getResultMessage().getMessage().getCodeString());
            jsonResponse.put("message", ansPassword.getResultMessage().getDescription());
        } catch (CerberusException ex1) {
            // TODO:FN this need to be refactored //findUserByKey should return answer
            jsonResponse.put("messageType", "KO");
            jsonResponse.put("message", ex1.toString());
        }
        response.setContentType("application/json");
        response.getWriter().print(jsonResponse.toString());
    } catch (JSONException e) {
        LOG.warn(e);
        // returns a default error message with the json format that is able to be parsed by the client-side
        response.setContentType("application/json");
        response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) CerberusException(org.cerberus.exception.CerberusException) User(org.cerberus.crud.entity.User) JSONObject(org.json.JSONObject) IUserService(org.cerberus.crud.service.IUserService) JSONException(org.json.JSONException) AnswerItem(org.cerberus.util.answer.AnswerItem)

Example 80 with AnswerItem

use of org.cerberus.util.answer.AnswerItem in project cerberus-source by cerberustesting.

the class ChangeUserPasswordAdmin method doPost.

@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String login = request.getParameter("login");
    String newPassword = request.getParameter("newPassword");
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    IUserService userService = appContext.getBean(UserService.class);
    User myUser;
    try {
        JSONObject jsonResponse = new JSONObject();
        try {
            myUser = userService.findUserByKey(login);
            AnswerItem ansPassword = userService.updateUserPasswordAdmin(myUser, newPassword);
            jsonResponse.put("messageType", ansPassword.getResultMessage().getMessage().getCodeString());
            jsonResponse.put("message", ansPassword.getResultMessage().getDescription());
        } catch (CerberusException ex1) {
            // TODO:FN this need to be refactored //findUserByKey should return answer
            jsonResponse.put("messageType", "KO");
            jsonResponse.put("message", ex1.toString());
        }
        response.setContentType("application/json");
        response.getWriter().print(jsonResponse.toString());
    } catch (JSONException e) {
        LOG.warn(e);
        // returns a default error message with the json format that is able to be parsed by the client-side
        response.setContentType("application/json");
        response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) CerberusException(org.cerberus.exception.CerberusException) User(org.cerberus.crud.entity.User) JSONObject(org.json.JSONObject) IUserService(org.cerberus.crud.service.IUserService) JSONException(org.json.JSONException) AnswerItem(org.cerberus.util.answer.AnswerItem)

Aggregations

AnswerItem (org.cerberus.util.answer.AnswerItem)322 MessageEvent (org.cerberus.engine.entity.MessageEvent)212 JSONObject (org.json.JSONObject)206 ApplicationContext (org.springframework.context.ApplicationContext)98 AnswerList (org.cerberus.util.answer.AnswerList)90 ArrayList (java.util.ArrayList)78 JSONArray (org.json.JSONArray)74 PolicyFactory (org.owasp.html.PolicyFactory)74 List (java.util.List)72 JSONException (org.json.JSONException)69 HashMap (java.util.HashMap)60 ILogEventService (org.cerberus.crud.service.ILogEventService)58 SQLException (java.sql.SQLException)57 Connection (java.sql.Connection)55 PreparedStatement (java.sql.PreparedStatement)53 Answer (org.cerberus.util.answer.Answer)53 ResultSet (java.sql.ResultSet)52 CerberusException (org.cerberus.exception.CerberusException)44 IOException (java.io.IOException)34 ServletException (javax.servlet.ServletException)24