From dffb17bb4c5113f0970f3cb52c01ac08e7c753a2 Mon Sep 17 00:00:00 2001 From: harish Date: Sun, 20 Oct 2024 12:07:36 +0530 Subject: [PATCH] added validations --- .../config/SamlSuccessHandler.java | 5 ++--- .../tendermanagement/dao/ApplicationDao.java | 13 +++++++++---- .../gepafin/tendermanagement/dao/PdfDao.java | 19 +------------------ .../gepafin/tendermanagement/dao/UserDao.java | 19 +++++++++++++++++-- .../service/impl/ApplicationServiceImpl.java | 12 +++++------- .../service/impl/UserServiceImpl.java | 10 ---------- .../web/rest/api/impl/HubApiController.java | 12 ++---------- .../db/changelog/db.changelog-1.0.0.xml | 4 ++++ 8 files changed, 40 insertions(+), 54 deletions(-) diff --git a/src/main/java/net/gepafin/tendermanagement/config/SamlSuccessHandler.java b/src/main/java/net/gepafin/tendermanagement/config/SamlSuccessHandler.java index fb151c11..3c5ed0fb 100644 --- a/src/main/java/net/gepafin/tendermanagement/config/SamlSuccessHandler.java +++ b/src/main/java/net/gepafin/tendermanagement/config/SamlSuccessHandler.java @@ -123,9 +123,9 @@ public class SamlSuccessHandler implements AuthenticationSuccessHandler { } } - public void validateToken(String token, String codiceFiscale) { + public void validateToken(String token, String codiceFiscale, String hubUuid) { SamlResponseEntity samlResponseLogEntity = samlResponseLogRepository.findByToken(token); - if (samlResponseLogEntity == null) { + if (samlResponseLogEntity == null || Boolean.FALSE.equals(hubUuid.equals(samlResponseLogEntity.getHubUuid()))) { throw new CustomValidationException(Status.VALIDATION_ERROR, Translator.toLocale(GepafinConstant.INVALID_TOKEN_MSG)); } @@ -136,7 +136,6 @@ public class SamlSuccessHandler implements AuthenticationSuccessHandler { throw new CustomValidationException(Status.VALIDATION_ERROR, Translator.toLocale(GepafinConstant.INVALID_TOKEN_MSG)); } - samlResponseLogRepository.delete(samlResponseLogEntity); } } diff --git a/src/main/java/net/gepafin/tendermanagement/dao/ApplicationDao.java b/src/main/java/net/gepafin/tendermanagement/dao/ApplicationDao.java index 1442e505..126277d0 100644 --- a/src/main/java/net/gepafin/tendermanagement/dao/ApplicationDao.java +++ b/src/main/java/net/gepafin/tendermanagement/dao/ApplicationDao.java @@ -124,11 +124,12 @@ public class ApplicationDao { private String defaultHubUuid; - public ApplicationResponseBean createApplication(ApplicationRequestBean applicationRequestBean, UserEntity userEntity, Long formId, Long applicationId) { + public ApplicationResponseBean createApplication(HttpServletRequest request, ApplicationRequestBean applicationRequestBean, Long formId, Long applicationId) { FormEntity formEntity = formService.validateForm(formId); // callService.validatePublishedCall(formEntity.getCall().getId()); validateFormFields(applicationRequestBean,formEntity); ApplicationEntity applicationEntity = validateApplication(applicationId); + validator.validateUserWithCompany(request, applicationEntity.getCompany().getId()); if(Boolean.TRUE.equals(applicationEntity.getStatus().equals(ApplicationStatusTypeEnum.SUBMIT.getValue()))) { throw new CustomValidationException(Status.BAD_REQUEST,Translator.toLocale(GepafinConstant.APPLICATION_ALREADY_SUBMITTED)); } @@ -232,10 +233,11 @@ public class ApplicationDao { return applicationFormFieldResponseBeans; } - public void deleteById(Long id) { + public void deleteById(HttpServletRequest request, Long id) { log.info("Deleting application with ID: {}", id); ApplicationEntity applicationEntity= validateApplication(id); + validator.validateUserWithCompany(request, applicationEntity.getCompany().getId()); applicationEntity.setIsDeleted(true); applicationEntity=saveApplicationEntity(applicationEntity); log.info("Application deleted with ID: {}", id); @@ -470,9 +472,10 @@ public class ApplicationDao { return applicationEntity; } - public ApplicationGetResponseBean getApplicationByFormId( Long applicationId, Long formId, UserEntity userEntity) { + public ApplicationGetResponseBean getApplicationByFormId(HttpServletRequest request, Long applicationId, Long formId) { List formApplicationResponses = new ArrayList<>(); List formEntities = new ArrayList<>(); + UserEntity userEntity = validator.validateUser(request); boolean isBeneficiary = isBeneficiary(userEntity); ApplicationEntity applicationEntity = isBeneficiary ? applicationRepository.findByIdAndUserIdAndIsDeletedFalse(applicationId, userEntity.getId()) @@ -577,8 +580,10 @@ public class ApplicationDao { } } - public ApplicationResponse updateApplicationStatus(UserEntity userEntity, Long applicationId, ApplicationStatusTypeEnum status) { + public ApplicationResponse updateApplicationStatus(HttpServletRequest request, Long applicationId, ApplicationStatusTypeEnum status) { + UserEntity userEntity = validator.validateUser(request); ApplicationEntity applicationEntity = validateApplication(applicationId); + validator.validateUserWithCompany(request, applicationEntity.getCompany().getId()); if (ApplicationStatusTypeEnum.SUBMIT.getValue().equals(applicationEntity.getStatus())) { throw new CustomValidationException(Status.BAD_REQUEST, Translator.toLocale(GepafinConstant.APPLICATION_SUBMITTED_CANNOT_CHANGE)); } diff --git a/src/main/java/net/gepafin/tendermanagement/dao/PdfDao.java b/src/main/java/net/gepafin/tendermanagement/dao/PdfDao.java index 17b57fc6..6fa9b56a 100644 --- a/src/main/java/net/gepafin/tendermanagement/dao/PdfDao.java +++ b/src/main/java/net/gepafin/tendermanagement/dao/PdfDao.java @@ -2,12 +2,6 @@ package net.gepafin.tendermanagement.dao; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; -import com.itextpdf.kernel.colors.ColorConstants; -import com.itextpdf.kernel.colors.DeviceRgb; -import com.itextpdf.kernel.pdf.canvas.PdfCanvas; -import com.itextpdf.layout.properties.UnitValue; -import com.itextpdf.layout.renderer.CellRenderer; -import com.itextpdf.layout.renderer.DrawContext; import com.itextpdf.text.*; import com.itextpdf.text.Element; import com.itextpdf.text.Font; @@ -16,28 +10,17 @@ import com.itextpdf.text.Rectangle; import com.itextpdf.text.pdf.*; import jakarta.servlet.http.HttpServletRequest; -import net.gepafin.tendermanagement.config.Translator; -import net.gepafin.tendermanagement.constants.GepafinConstant; import net.gepafin.tendermanagement.entities.*; -import net.gepafin.tendermanagement.model.request.CustomPageEvent; import net.gepafin.tendermanagement.model.request.FieldLabelValuePairRequest; import net.gepafin.tendermanagement.model.response.*; -import net.gepafin.tendermanagement.repositories.ApplicationRepository; import net.gepafin.tendermanagement.service.CallService; import net.gepafin.tendermanagement.util.Validator; -import net.gepafin.tendermanagement.web.rest.api.errors.ResourceNotFoundException; -import net.gepafin.tendermanagement.web.rest.api.errors.Status; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import com.itextpdf.layout.element.Table; -import com.itextpdf.layout.element.Cell; //import com.itextpdf.layout.element. -import java.awt.*; import java.io.ByteArrayOutputStream; -import java.io.FileOutputStream; -import java.io.IOException; import java.util.*; import java.util.List; import java.util.stream.Collectors; @@ -128,7 +111,7 @@ public class PdfDao { // addLabelValuePair(document, "Con il titolo di", "Rappresentante legale", regularFont); document.add(new Paragraph(" ")); - ApplicationGetResponseBean applicationGetResponseBean=applicationDao.getApplicationByFormId(applicationId,null, userEntity); + ApplicationGetResponseBean applicationGetResponseBean=applicationDao.getApplicationByFormId(request, applicationId, null); for(FormApplicationResponse formApplicationResponse: applicationGetResponseBean.getForm()) { document.add(new Paragraph(formApplicationResponse.getLabel(),sectionFont)); document.add(new Paragraph(" ")); // Add line break diff --git a/src/main/java/net/gepafin/tendermanagement/dao/UserDao.java b/src/main/java/net/gepafin/tendermanagement/dao/UserDao.java index cc9a959b..af116d87 100644 --- a/src/main/java/net/gepafin/tendermanagement/dao/UserDao.java +++ b/src/main/java/net/gepafin/tendermanagement/dao/UserDao.java @@ -2,6 +2,7 @@ package net.gepafin.tendermanagement.dao; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; +import net.gepafin.tendermanagement.config.SamlSuccessHandler; import net.gepafin.tendermanagement.config.Translator; import net.gepafin.tendermanagement.constants.GepafinConstant; import net.gepafin.tendermanagement.entities.BeneficiaryEntity; @@ -20,6 +21,7 @@ import net.gepafin.tendermanagement.repositories.UserRepository; import net.gepafin.tendermanagement.service.RoleService; import net.gepafin.tendermanagement.service.impl.AuthenticationService; import net.gepafin.tendermanagement.util.Utils; +import net.gepafin.tendermanagement.util.Validator; import net.gepafin.tendermanagement.web.rest.api.errors.CustomValidationException; import net.gepafin.tendermanagement.web.rest.api.errors.ResourceNotFoundException; import net.gepafin.tendermanagement.web.rest.api.errors.Status; @@ -66,13 +68,19 @@ public class UserDao { @Value("${default.hub.uuid}") private String defaultHubUuid; + + @Autowired + private Validator validator; + + @Autowired + private SamlSuccessHandler samlSuccessHandler; public JWTToken createUser(HttpServletRequest request, String tempToken, UserReq userReq) { if(StringUtils.isEmpty(userReq.getHubUuid())) { userReq.setHubUuid(defaultHubUuid); } - validateUserRequest(tempToken, userReq); + validateUserRequest(request, tempToken, userReq); validatePassword(userReq.getPassword(), userReq.getConfPassword(), tempToken); RoleEntity roleEntity = getRoleEntity(userReq.getRoleId()); @@ -107,7 +115,14 @@ public class UserDao { return beneficiaryEntity; } - private void validateUserRequest(String tempToken, UserReq userReq) { + private void validateUserRequest(HttpServletRequest request, String tempToken, UserReq userReq) { + + if (tempToken == null) { + validator.validateRequest(request,RoleStatusEnum.ROLE_SUPER_ADMIN); + }else { + samlSuccessHandler.validateToken(tempToken, userReq.getCodiceFiscale(), userReq.getHubUuid()); + } + RoleEntity role = roleService.validateRole(userReq.getRoleId()); if (Boolean.FALSE.equals(Utils.isValidEmail(userReq.getEmail()))) { throw new CustomValidationException(Status.VALIDATION_ERROR, diff --git a/src/main/java/net/gepafin/tendermanagement/service/impl/ApplicationServiceImpl.java b/src/main/java/net/gepafin/tendermanagement/service/impl/ApplicationServiceImpl.java index 1ea6e7ea..382f5372 100644 --- a/src/main/java/net/gepafin/tendermanagement/service/impl/ApplicationServiceImpl.java +++ b/src/main/java/net/gepafin/tendermanagement/service/impl/ApplicationServiceImpl.java @@ -40,21 +40,19 @@ public class ApplicationServiceImpl implements ApplicationService { @Transactional(rollbackFor = Exception.class) public ApplicationResponseBean createApplication(HttpServletRequest request, ApplicationRequestBean applicationRequestBean, Long applicationId, Long formId) { - UserEntity userEntity = validator.validateUser(request); - return applicationDao.createApplication(applicationRequestBean, userEntity, formId, applicationId); + return applicationDao.createApplication(request, applicationRequestBean, formId, applicationId); } @Override @Transactional(readOnly = true) public ApplicationGetResponseBean getApplicationByFormId(HttpServletRequest request, Long applicationId,Long formId) { - UserEntity userEntity = validator.validateUser(request); - return applicationDao.getApplicationByFormId(applicationId,formId,userEntity); + return applicationDao.getApplicationByFormId(request, applicationId,formId); } @Override @Transactional(rollbackFor = Exception.class) public void deleteApplication(HttpServletRequest request, Long applicationId) { - applicationDao.deleteById(applicationId); + applicationDao.deleteById(request, applicationId); } @Override @@ -74,14 +72,14 @@ public class ApplicationServiceImpl implements ApplicationService { public NextOrPreviousFormResponse getNextOrPreviousForm(HttpServletRequest request, Long applicationId, Long formId, FormActionEnum action) { ApplicationEntity applicationEntity = validateApplication(applicationId); + validator.validateUserWithCompany(request, applicationEntity.getCompany().getId()); return flowFormDao.getNextOrPreviousForm(applicationEntity, formId, action); } @Override @Transactional(rollbackFor = Exception.class) public ApplicationResponse updateApplicationStatus(HttpServletRequest request, Long applicationId, ApplicationStatusTypeEnum status) { - UserEntity userEntity = validator.validateUser(request); - return applicationDao.updateApplicationStatus(userEntity, applicationId, status); + return applicationDao.updateApplicationStatus(request, applicationId, status); } diff --git a/src/main/java/net/gepafin/tendermanagement/service/impl/UserServiceImpl.java b/src/main/java/net/gepafin/tendermanagement/service/impl/UserServiceImpl.java index 51e92579..3079cee9 100644 --- a/src/main/java/net/gepafin/tendermanagement/service/impl/UserServiceImpl.java +++ b/src/main/java/net/gepafin/tendermanagement/service/impl/UserServiceImpl.java @@ -2,13 +2,11 @@ package net.gepafin.tendermanagement.service.impl; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; -import net.gepafin.tendermanagement.config.SamlSuccessHandler; import net.gepafin.tendermanagement.dao.UserDao; import net.gepafin.tendermanagement.entities.UserEntity; import net.gepafin.tendermanagement.model.request.LoginReq; import net.gepafin.tendermanagement.model.request.UpdateUserReq; import net.gepafin.tendermanagement.model.request.UserReq; -import net.gepafin.tendermanagement.enums.RoleStatusEnum; import net.gepafin.tendermanagement.enums.UserStatusEnum; import net.gepafin.tendermanagement.model.request.*; import net.gepafin.tendermanagement.model.response.UserSamlResponse; @@ -32,18 +30,10 @@ public class UserServiceImpl implements UserService { @Autowired private Validator validator; - - @Autowired - private SamlSuccessHandler samlSuccessHandler; @Override @Transactional(rollbackFor = Exception.class) public JWTToken createUser(HttpServletRequest request, String tempToken, UserReq userReq) { - if (tempToken == null) { - validator.validateRequest(request,RoleStatusEnum.ROLE_SUPER_ADMIN); - }else { - samlSuccessHandler.validateToken(tempToken, userReq.getCodiceFiscale()); - } return userDao.createUser(request, tempToken, userReq); } diff --git a/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/HubApiController.java b/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/HubApiController.java index e08f9517..7e8828e0 100644 --- a/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/HubApiController.java +++ b/src/main/java/net/gepafin/tendermanagement/web/rest/api/impl/HubApiController.java @@ -35,26 +35,18 @@ public class HubApiController implements HubApi { public ResponseEntity> updateHub(HttpServletRequest request, Long hubId, @Valid HubReq hubReq) { HubResponseBean hubResponse = hubService.updateHub(hubId, hubReq); - if (hubResponse != null) { + return ResponseEntity.status(HttpStatus.OK) .body(new Response<>(hubResponse, Status.SUCCESS, Translator.toLocale(GepafinConstant.HUB_UPDATE_SUCCESS))); - } else { - return ResponseEntity.status(HttpStatus.NOT_FOUND) - .body(new Response<>(null, Status.NOT_FOUND, Translator.toLocale(GepafinConstant.HUB_NOT_FOUND))); - } } @Override public ResponseEntity> getHubById(HttpServletRequest request, Long hubId) { HubResponseBean hubResponse = hubService.getHubById(hubId); - if (hubResponse != null) { + return ResponseEntity.status(HttpStatus.OK) .body(new Response<>(hubResponse, Status.SUCCESS, Translator.toLocale(GepafinConstant.HUB_GET_SUCCESS))); - } else { - return ResponseEntity.status(HttpStatus.NOT_FOUND) - .body(new Response<>(null, Status.NOT_FOUND, Translator.toLocale(GepafinConstant.HUB_NOT_FOUND))); - } } @Override diff --git a/src/main/resources/db/changelog/db.changelog-1.0.0.xml b/src/main/resources/db/changelog/db.changelog-1.0.0.xml index f9b8c1ac..54ed8f4f 100644 --- a/src/main/resources/db/changelog/db.changelog-1.0.0.xml +++ b/src/main/resources/db/changelog/db.changelog-1.0.0.xml @@ -796,6 +796,8 @@ + + @@ -809,6 +811,8 @@ + +