diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceImpl.java index cb36b21f3..65ee10764 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceImpl.java @@ -22,8 +22,8 @@ @NoArgsConstructor public class GroupServiceImpl implements IGroupService { private static final String CHECK_REGEX = "function isValid(exp){try{new RegExp(exp);return true;}catch(e){return false;}};isValid(rgx);"; - private static final String REGEX_MATCHER = "function validate(r, s){ return (r).test(s);};validate(rgx, str);"; - private final ScriptEngine engine = new ScriptEngineManager().getEngineByName("js"); + private static final String REGEX_MATCHER = "function validate(r, s){ return RegExp(r).test(s);};validate(rgx, str);"; + private final ScriptEngine engine = new ScriptEngineManager().getEngineByName("JavaScript"); @Autowired protected GroupsRepository groupRepository; @@ -80,7 +80,7 @@ public boolean doesStringMatchGroupPattern(String groupId, String uri) { engine.put("str", uri); try { - engine.eval("var rgx=" + regExp); + engine.put("rgx", regExp ); Object value = engine.eval(REGEX_MATCHER); return Boolean.valueOf(value.toString()); } @@ -134,7 +134,7 @@ private void validateGroupRegex(Group group) throws InvalidGroupRegexException { return; } try { - engine.eval("var rgx=" + group.getValidationRegex()); + engine.put("rgx", group.getValidationRegex()); Object value = engine.eval(CHECK_REGEX); if (!Boolean.valueOf(value.toString())) { throw new InvalidGroupRegexException("Invalid Regular Expression [ " + group.getValidationRegex() + " ]"); diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy index 89bf72ea6..2b9acadda 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy @@ -82,7 +82,7 @@ class EntityDescriptorControllerTests extends AbstractBaseDataJpaTest { Group gb = new Group() gb.setResourceId("testingGroupBBB") gb.setName("Group BBB") - gb.setValidationRegex("/^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$/") + gb.setValidationRegex("^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$") gb = groupService.createGroup(gb) randomGenerator = new RandomGenerator() diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/validator/DynamicHttpMetadataResolverValidatorTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/validator/DynamicHttpMetadataResolverValidatorTests.groovy index 5164ae82d..21af72924 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/validator/DynamicHttpMetadataResolverValidatorTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/validator/DynamicHttpMetadataResolverValidatorTests.groovy @@ -27,7 +27,7 @@ class DynamicHttpMetadataResolverValidatorTests extends AbstractBaseDataJpaTest g.setResourceId("shib") g.setName("shib") // This is valid for a url with "shib.org" in it - g.setValidationRegex("/^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$/") + g.setValidationRegex("^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$") g = groupServiceForTesting.createGroup(g) Optional userRole = roleRepository.findByName("ROLE_USER") diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/validator/FileBackedHttpMetadataResolverValidatorTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/validator/FileBackedHttpMetadataResolverValidatorTests.groovy index 9881498da..c82f0aa18 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/validator/FileBackedHttpMetadataResolverValidatorTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/validator/FileBackedHttpMetadataResolverValidatorTests.groovy @@ -22,7 +22,7 @@ class FileBackedHttpMetadataResolverValidatorTests extends AbstractBaseDataJpaTe g.setResourceId("shib") g.setName("shib") // This is valid for a url with "shib.org" in it - g.setValidationRegex("/^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$/") + g.setValidationRegex("^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$") g = groupService.createGroup(g) Optional userRole = roleRepository.findByName("ROLE_USER") diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy index 099e6099f..c4a76e832 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy @@ -8,6 +8,7 @@ import edu.internet2.tier.shibboleth.admin.ui.security.model.Group import edu.internet2.tier.shibboleth.admin.ui.security.model.Role import edu.internet2.tier.shibboleth.admin.ui.security.model.User import edu.internet2.tier.shibboleth.admin.ui.security.repository.GroupsRepository +import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService import edu.internet2.tier.shibboleth.admin.ui.util.WithMockAdmin import groovy.json.JsonOutput import org.springframework.beans.factory.annotation.Autowired @@ -191,4 +192,32 @@ class GroupsControllerIntegrationTests extends AbstractBaseDataJpaTest { then: mockMvc.perform(delete("$RESOURCE_URI/someUser")) } + + def 'group regex checks'() { + given: + groupsRepository.deleteByResourceId("AAA") + Group groupAAA = new Group().with({ + it.name = "AAA" + it.description = "AAA" + it.resourceId = "AAA" + it.validationRegex = "/foo.*/" + it + }) + + when: + def result = mockMvc.perform(post(RESOURCE_URI).contentType(MediaType.APPLICATION_JSON) + .content(JsonOutput.toJson(groupAAA)).accept(MediaType.APPLICATION_JSON)) + + then: + result.andExpect(status().isCreated()) + .andExpect(content().contentType(MediaType.APPLICATION_JSON)) + .andExpect(jsonPath("\$.name").value("AAA")) + .andExpect(jsonPath("\$.resourceId").value("AAA")) + .andExpect(jsonPath("\$.description").value("AAA")) + .andExpect(jsonPath("\$.validationRegex").value("/foo.*/")) + + !groupService.doesStringMatchGroupPattern("AAA", "foobar") + !groupService.doesStringMatchGroupPattern("AAA", "something") + groupService.doesStringMatchGroupPattern("AAA", "/foobar/") + } } \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceTests.groovy index 619a4e567..c88838875 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceTests.groovy @@ -57,4 +57,27 @@ class GroupServiceTests extends AbstractBaseDataJpaTest { true } } + + def "Group regex evaluates properly" () { + when: + Group g = new Group() + g.setResourceId("AAA") + g.setName("AAA") + g.setValidationRegex("/foo.*/") + groupRepository.saveAndFlush(g) + + then: + !groupService.doesStringMatchGroupPattern("AAA", "foobar") + !groupService.doesStringMatchGroupPattern("AAA", "something") + groupService.doesStringMatchGroupPattern("AAA", "/foobar/") + + when: + g.setValidationRegex("foo.*") + groupRepository.saveAndFlush(g) + + then: + groupService.doesStringMatchGroupPattern("AAA", "foobar") + !groupService.doesStringMatchGroupPattern("AAA", "something") + groupService.doesStringMatchGroupPattern("AAA", "/foobar/") + } } \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImplTests2.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImplTests2.groovy index 3cc6123c8..22e90bf14 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImplTests2.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImplTests2.groovy @@ -23,7 +23,7 @@ class JPAEntityDescriptorServiceImplTests2 extends AbstractBaseDataJpaTest { Group gb = new Group() gb.setResourceId("testingGroupBBB") gb.setName("Group BBB") - gb.setValidationRegex("/^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$/") + gb.setValidationRegex("^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$") gb = groupService.createGroup(gb) Optional userRole = roleRepository.findByName("ROLE_USER")