Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
solo-1
Project overview
Project overview
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
solo-1
Commits
bbdded3a
Commit
bbdded3a
authored
Aug 14, 2017
by
D
Committed by
GitHub
Aug 14, 2017
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #12334 from nanolikeyou/master
修改注册处的XSS漏洞
parents
e580ca33
a700e880
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
52 additions
and
2 deletions
+52
-2
src/main/java/org/b3log/solo/service/UserMgmtService.java
src/main/java/org/b3log/solo/service/UserMgmtService.java
+8
-1
src/test/java/org/b3log/solo/service/UserMgmtServiceTestCase.java
.../java/org/b3log/solo/service/UserMgmtServiceTestCase.java
+43
-0
src/test/java/org/b3log/solo/service/UserQueryServiceTestCase.java
...java/org/b3log/solo/service/UserQueryServiceTestCase.java
+1
-1
No files found.
src/main/java/org/b3log/solo/service/UserMgmtService.java
View file @
bbdded3a
...
...
@@ -48,7 +48,8 @@ import javax.servlet.http.HttpServletResponse;
*
* @author <a href="http://88250.b3log.org">Liang Ding</a>
* @author <a href="mailto:385321165@qq.com">DASHU</a>
* @version 1.1.0.9, Aug 11, 2017
* @author <a href="https://github.com/nanolikeyou">nanolikeyou</a>
* @version 1.1.0.10, Aug 13, 2017
* @since 0.4.0
*/
@Service
...
...
@@ -274,6 +275,9 @@ public class UserMgmtService {
try
{
final
JSONObject
user
=
new
JSONObject
();
final
String
userEmail
=
requestJSONObject
.
optString
(
User
.
USER_EMAIL
).
trim
().
toLowerCase
();
if
(!
Strings
.
isEmail
(
userEmail
))
{
throw
new
ServiceException
(
langPropsService
.
get
(
"mailInvalidLabel"
));
}
final
JSONObject
duplicatedUser
=
userRepository
.
getByEmail
(
userEmail
);
if
(
null
!=
duplicatedUser
)
{
...
...
@@ -287,6 +291,9 @@ public class UserMgmtService {
user
.
put
(
User
.
USER_EMAIL
,
userEmail
);
final
String
userName
=
requestJSONObject
.
optString
(
User
.
USER_NAME
);
if
(
UserExt
.
invalidUserName
(
userName
))
{
throw
new
ServiceException
(
langPropsService
.
get
(
"userNameInvalidLabel"
));
}
user
.
put
(
User
.
USER_NAME
,
userName
);
final
String
userPassword
=
requestJSONObject
.
optString
(
User
.
USER_PASSWORD
);
...
...
src/test/java/org/b3log/solo/service/UserMgmtServiceTestCase.java
View file @
bbdded3a
...
...
@@ -19,6 +19,7 @@ import junit.framework.Assert;
import
org.b3log.latke.Keys
;
import
org.b3log.latke.model.Role
;
import
org.b3log.latke.model.User
;
import
org.b3log.latke.service.ServiceException
;
import
org.b3log.latke.util.MD5
;
import
org.b3log.solo.AbstractTestCase
;
import
org.json.JSONObject
;
...
...
@@ -28,6 +29,7 @@ import org.testng.annotations.Test;
* {@link UserMgmtService} test case.
*
* @author <a href="http://88250.b3log.org">Liang Ding</a>
* @author <a href="https://github.com/nanolikeyou">nanolikeyou</a>
* @version 1.0.0.3, May 25, 2017
*/
@Test
(
suiteName
=
"service"
)
...
...
@@ -90,6 +92,47 @@ public class UserMgmtServiceTestCase extends AbstractTestCase {
Assert
.
assertEquals
(
getUserQueryService
().
getUser
(
id
).
getJSONObject
(
User
.
USER
).
getString
(
User
.
USER_PASSWORD
),
MD5
.
hash
(
"pass2"
));
}
/**
* Valid User.
*
*@throws Exception exception
*/
@Test
public
void
ValidUser
()
throws
Exception
{
final
UserMgmtService
userMgmtService
=
getUserMgmtService
();
final
JSONObject
requestJSONObject
=
new
JSONObject
();
requestJSONObject
.
put
(
User
.
USER_NAME
,
"user1 name"
);
requestJSONObject
.
put
(
User
.
USER_EMAIL
,
"test1@gmail.com"
);
requestJSONObject
.
put
(
User
.
USER_PASSWORD
,
"pass1"
);
try
{
final
String
id
=
userMgmtService
.
addUser
(
requestJSONObject
);
}
catch
(
Exception
e
)
{
// TODO Auto-generated catch block
Assert
.
assertTrue
(
e
instanceof
ServiceException
);
}
}
/**
* Vallid XSS username.
*
*@throws Exception exception
*/
@Test
(
expectedExceptions
=
ServiceException
.
class
)
public
void
XSSUser
()
throws
Exception
{
final
UserMgmtService
userMgmtService
=
getUserMgmtService
();
final
JSONObject
requestJSONObject
=
new
JSONObject
();
requestJSONObject
.
put
(
User
.
USER_NAME
,
"username"
);
requestJSONObject
.
put
(
User
.
USER_EMAIL
,
"<script></script>"
);
final
String
id
=
userMgmtService
.
addUser
(
requestJSONObject
);
}
/**
* Remove User.
...
...
src/test/java/org/b3log/solo/service/UserQueryServiceTestCase.java
View file @
bbdded3a
...
...
@@ -43,7 +43,7 @@ public class UserQueryServiceTestCase extends AbstractTestCase {
final
JSONObject
requestJSONObject
=
new
JSONObject
();
requestJSONObject
.
put
(
User
.
USER_NAME
,
"user1
name"
);
requestJSONObject
.
put
(
User
.
USER_NAME
,
"user1name"
);
requestJSONObject
.
put
(
User
.
USER_EMAIL
,
"test1@gmail.com"
);
requestJSONObject
.
put
(
User
.
USER_PASSWORD
,
"pass1"
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
