Fix form parameters (jersey/jetty incompatibility)

obiba · Sep 28, 2022 · 557f55f · 557f55f
1 parent 03687a3
commit 557f55f
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 51 deletions.
diff --git a/agate-rest/src/main/java/org/obiba/agate/web/rest/user/UsersPublicResource.java b/agate-rest/src/main/java/org/obiba/agate/web/rest/user/UsersPublicResource.java
@@ -14,6 +14,7 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.base.Strings;
+import com.google.common.collect.Lists;
 import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 import org.apache.shiro.authc.AuthenticationInfo;
@@ -36,6 +37,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 import javax.ws.rs.core.UriBuilder;
@@ -159,20 +161,26 @@ public Response test(@RequestBody Map<String, String> values) {
 
   @POST
   @Path("/_join")
-  public Response create(@FormParam("username") String username, @FormParam("firstname") String firstName,
-                         @FormParam("lastname") String lastName, @FormParam("email") String email, @FormParam("locale") String preferredLanguage,
-                         @FormParam("application") List<String> applications, @FormParam("group") List<String> groups,
-                         @FormParam("password") String password, @FormParam("realm") String realm,
-                         @FormParam("g-recaptcha-response") String reCaptchaResponse,
-                         @FormParam("reCaptchaResponse") String reCaptchaResponse2,
-                         @Context HttpServletRequest request) {
-
+  @Consumes("application/x-www-form-urlencoded")
+  public Response create(@Context HttpServletRequest request, MultivaluedMap<String, String> formParams) {
     String applicationName = getRequestingApplication(request);
 
     if (!configurationService.getConfiguration().isJoinPageEnabled() && Strings.isNullOrEmpty(applicationName)) {
       throw new BadRequestException("Direct self join is not enabled");
     }
 
+    String username = formParams.getFirst("username");
+    String firstName = formParams.getFirst("firstname");
+    String lastName = formParams.getFirst("lastname");
+    String email = formParams.getFirst("email");
+    String preferredLanguage = formParams.getFirst("locale");
+    String password = formParams.getFirst("password");
+    String realm = formParams.getFirst("realm");
+    List<String> applications = formParams.containsKey("application") ? formParams.get("application") : Lists.newArrayList();
+    List<String> groups = formParams.containsKey("group") ? formParams.get("group") : Lists.newArrayList();
+    String reCaptchaResponse = formParams.getFirst("g-recaptcha-response");
+    String reCaptchaResponse2 = formParams.getFirst("reCaptchaResponse");
+
     if (Strings.isNullOrEmpty(email)) throw new BadRequestException("Email cannot be empty");
 
     if (!new EmailValidator().isValid(email, null)) throw new BadRequestException("Not a valid email address");
@@ -217,7 +225,7 @@ public Response create(@FormParam("username") String username, @FormParam("first
       .firstName(firstName).lastName(lastName).email(email).preferredLanguage(preferredLanguage).build();
     user.setGroups(Sets.newHashSet(groups));
     user.setApplications(Sets.newHashSet(applications));
-    user.setAttributes(extractAttributes(request));
+    user.setAttributes(extractAttributes(formParams));
 
     if (!Strings.isNullOrEmpty(applicationName)) {
       Application application = applicationService.findByIdOrName(applicationName);
@@ -240,10 +248,9 @@ else if (application.isAutoApproval())
       .created(UriBuilder.fromPath(JerseyConfiguration.WS_ROOT).path(UserResource.class).build(user.getId())).build();
   }
 
-  private Map<String, String> extractAttributes(HttpServletRequest request) {
+  private Map<String, String> extractAttributes(MultivaluedMap<String, String> params) {
     final Map<String, AttributeConfiguration> attributes = configurationService.getConfiguration().getUserAttributes()
-      .stream().collect(Collectors.toMap(a -> a.getName(), a -> a));
-    final Map<String, String[]> params = request.getParameterMap();
+      .stream().collect(Collectors.toMap(AttributeConfiguration::getName, a -> a));
     final Set<String> extraParams = Sets.difference(params.keySet(), Sets.newHashSet(Arrays.asList(BUILTIN_PARAMS)));
 
     Map<String, String> res = Maps.newHashMap();
@@ -255,17 +262,17 @@ private Map<String, String> extractAttributes(HttpServletRequest request) {
     });
 
     for (String param : extraParams) {
-      String[] values = params.get(param);
+      List<String> values = params.get(param);
 
-      if (values.length > 1) {
+      if (values.size() > 1) {
         throw new BadRequestException("Invalid repeated parameter " + param);
       }
 
       if (attributes.containsKey(param)) {
         AttributeConfiguration attribute = attributes.get(param);
-        res.put(attribute.getName(), getParsedAttribute(attribute, values[0]));
+        res.put(attribute.getName(), getParsedAttribute(attribute, values.get(0)));
       } else {
-        res.put(param, params.get(param)[0]);
+        res.put(param, params.get(param).get(0));
       }
     }
 

diff --git a/agate-rest/src/test/java/org/obiba/agate/web/rest/user/UsersJoinResourceTests.java b/agate-rest/src/test/java/org/obiba/agate/web/rest/user/UsersJoinResourceTests.java
@@ -10,11 +10,8 @@
 
 package org.obiba.agate.web.rest.user;
 
-import java.util.HashMap;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.BadRequestException;
-
+import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
 import org.hamcrest.Matchers;
 import org.junit.Before;
 import org.junit.Rule;
@@ -31,18 +28,14 @@
 import org.obiba.agate.service.ReCaptchaService;
 import org.obiba.agate.service.UserService;
 
-import com.google.common.collect.Lists;
-import com.google.common.collect.Sets;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.BadRequestException;
+import javax.ws.rs.core.MultivaluedHashMap;
+import javax.ws.rs.core.MultivaluedMap;
 
 import static org.junit.Assert.assertEquals;
-import static org.mockito.Matchers.any;
-import static org.mockito.Matchers.anyString;
-import static org.mockito.Matchers.eq;
-import static org.mockito.Mockito.doAnswer;
-import static org.mockito.Mockito.doReturn;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
+import static org.mockito.Matchers.*;
+import static org.mockito.Mockito.*;
 
 public class UsersJoinResourceTests {
 
@@ -67,7 +60,7 @@ public void init() {
 
     Configuration conf = new Configuration();
     conf.setUserAttributes(Lists.newArrayList(
-      new AttributeConfiguration("att1", AttributeConfiguration.Type.INTEGER, true, Lists.newArrayList())));
+        new AttributeConfiguration("att1", AttributeConfiguration.Type.INTEGER, true, Lists.newArrayList())));
 
     doReturn(conf).when(configurationService).getConfiguration();
 
@@ -84,19 +77,14 @@ public void init() {
   @Test
   public void testUsersJoinWithAttributes() {
     HttpServletRequest request = mock(HttpServletRequest.class);
-    when(request.getParameterMap()).thenReturn(new HashMap<String, String[]>() {
-      {
-        put("att1", new String[] { "1" });
-        put("att2", new String[] { "foo" });
-      }
-    });
 
     ArgumentCaptor<User> user = ArgumentCaptor.forClass(User.class);
 
-    resource
-      .create("un", "fn", "ln", "[email protected]", "fr",
-        Lists.newArrayList("app"), Lists.newArrayList("g1", "g2"), "password",
-        null, "recaptchacode", null, request);
+    MultivaluedMap<String, String> params = getParameters();
+    params.put("att1", Lists.newArrayList("1"));
+    params.put("att2", Lists.newArrayList("foo"));
+
+    resource.create(request, params);
     verify(userService).createUser(user.capture(), eq("password"));
     assertEquals("id", user.getValue().getId());
     assertEquals("[email protected]", user.getValue().getEmail());
@@ -109,17 +97,26 @@ public void testUsersJoinWithAttributes() {
   @Test
   public void testUsersJoinMissingAttribute() {
     HttpServletRequest request = mock(HttpServletRequest.class);
-    when(request.getParameterMap()).thenReturn(new HashMap<String, String[]>() {
-      {
-        put("att2", new String[] { "foo" });
-      }
-    });
 
     exception.expect(BadRequestException.class);
     exception.expectMessage(Matchers.containsString("att1"));
-    resource
-      .create("un", "fn", "ln", "[email protected]", "fr",
-        Lists.newArrayList("app"), Lists.newArrayList("g1", "g2"), null,
-        null, "recaptchacode", null, request);
+
+    MultivaluedMap<String, String> params = getParameters();
+    params.put("att2", Lists.newArrayList("foo"));
+    resource.create(request, params);
+  }
+
+  private MultivaluedMap<String, String> getParameters() {
+    MultivaluedMap<String, String> params = new MultivaluedHashMap<>();
+    params.put("username", Lists.newArrayList("un"));
+    params.put("firstname", Lists.newArrayList("fn"));
+    params.put("lastname", Lists.newArrayList("ln"));
+    params.put("email", Lists.newArrayList("[email protected]"));
+    params.put("locale", Lists.newArrayList("fr"));
+    params.put("application", Lists.newArrayList("app"));
+    params.put("group", Lists.newArrayList("g1", "g2"));
+    params.put("password", Lists.newArrayList("password"));
+    params.put("g-recaptcha-response", Lists.newArrayList("recaptchacode"));
+    return params;
   }
 }