From 735579b6f987b407049ac1f1da08e675d957c3e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Francesco=20Chicchiricc=C3=B2?= Date: Wed, 7 Mar 2018 12:21:21 +0100 Subject: [PATCH] Review fields usable for search and orderBy --- .../common/lib/search/SearchableFields.java | 2 +- .../jpa/dao/AbstractAnySearchDAO.java | 17 +++++++++++++++++ .../persistence/jpa/dao/JPAAnySearchDAO.java | 4 ++-- .../jpa/dao/ElasticsearchAnySearchDAO.java | 2 +- .../apache/syncope/fit/core/SearchITCase.java | 19 +++++++++++++++++++ 5 files changed, 40 insertions(+), 4 deletions(-) diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/search/SearchableFields.java b/common/lib/src/main/java/org/apache/syncope/common/lib/search/SearchableFields.java index 5dbf149c40..77a7d134cb 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/search/SearchableFields.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/search/SearchableFields.java @@ -36,7 +36,7 @@ public final class SearchableFields { private static final String[] ATTRIBUTES_NOTINCLUDED = { - "serialVersionUID", "password", "type", "udynMembershipCond" + "serialVersionUID", "password", "type", "udynMembershipCond", "securityAnswer", "token", "tokenExpireTime" }; private static final Set ANY_FIELDS = new HashSet<>(); diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/AbstractAnySearchDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/AbstractAnySearchDAO.java index c526a3c099..229ecdf429 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/AbstractAnySearchDAO.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/AbstractAnySearchDAO.java @@ -30,7 +30,10 @@ import javax.validation.constraints.Max; import javax.validation.constraints.Min; import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.collections4.ListUtils; +import org.apache.commons.collections4.Predicate; import org.apache.commons.collections4.Transformer; +import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.ClassUtils; import org.apache.commons.lang3.SerializationUtils; import org.apache.commons.lang3.tuple.Pair; @@ -68,6 +71,10 @@ public abstract class AbstractAnySearchDAO extends AbstractDAO> implements AnySearchDAO { + private static final String[] ORDER_BY_NOT_ALLOWED = { + "serialVersionUID", "password", "securityQuestion", "securityAnswer", "token", "tokenExpireTime" + }; + @Autowired protected RealmDAO realmDAO; @@ -134,6 +141,16 @@ public > List search( return search(SyncopeConstants.FULL_ADMIN_REALMS, cond, -1, -1, orderBy, kind); } + protected List filterOrderBy(final List orderBy) { + return ListUtils.select(orderBy, new Predicate() { + + @Override + public boolean evaluate(final OrderByClause clause) { + return !ArrayUtils.contains(ORDER_BY_NOT_ALLOWED, clause.getField()); + } + }); + } + protected abstract > List doSearch( Set adminRealms, SearchCond searchCondition, diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java index 71d6c6c5a7..f33295d175 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnySearchDAO.java @@ -276,13 +276,13 @@ private StringBuilder buildOrderBy(final OrderBySupport obs) { } private OrderBySupport parseOrderBy( - final AnyTypeKind kind, final SearchSupport svs, final List orderByClauses) { + final AnyTypeKind kind, final SearchSupport svs, final List orderBy) { AnyUtils attrUtils = anyUtilsFactory.getInstance(kind); OrderBySupport obs = new OrderBySupport(); - for (OrderByClause clause : orderByClauses) { + for (OrderByClause clause : filterOrderBy(orderBy)) { OrderBySupport.Item item = new OrderBySupport.Item(); // Manage difference among external key attribute and internal JPA @Id diff --git a/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java b/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java index 672a13f812..bb37c3deb9 100644 --- a/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java +++ b/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java @@ -147,7 +147,7 @@ private void addSort( AnyUtils attrUtils = anyUtilsFactory.getInstance(kind); - for (OrderByClause clause : orderBy) { + for (OrderByClause clause : filterOrderBy(orderBy)) { String sortName = null; // Manage difference among external key attribute and internal JPA @Id diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SearchITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SearchITCase.java index c8d9d974d0..4af22aa636 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SearchITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SearchITCase.java @@ -29,6 +29,7 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.IterableUtils; import org.apache.commons.collections4.Predicate; +import org.apache.commons.lang3.RandomStringUtils; import org.apache.syncope.client.lib.SyncopeClient; import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.patch.AnyObjectPatch; @@ -406,6 +407,24 @@ public boolean evaluate(final UserTO user) { })); } + @Test + public void searchBySecurityAnswer() { + String securityAnswer = RandomStringUtils.randomAlphanumeric(10); + UserTO userTO = UserITCase.getUniqueSampleTO("securityAnswer@syncope.apache.org"); + userTO.setSecurityQuestion("887028ea-66fc-41e7-b397-620d7ea6dfbb"); + userTO.setSecurityAnswer(securityAnswer); + + userTO = createUser(userTO).getEntity(); + assertNotNull(userTO.getSecurityQuestion()); + + PagedResult matchingUsers = userService.search( + new AnyQuery.Builder().realm(SyncopeConstants.ROOT_REALM). + fiql(SyncopeClient.getUserSearchConditionBuilder(). + is("securityAnswer").equalTo(securityAnswer).query()).build()); + assertNotNull(matchingUsers); + assertTrue(matchingUsers.getResult().isEmpty()); + } + @Test public void assignable() { PagedResult groups = groupService.search(new AnyQuery.Builder().realm("/even/two").page(1).size(1000).