Merge pull request #1601 from parallaxinc/pr-101tomaster

PR Branch 0.101 to Master

Author: zfi

pom.xml

@@ -538,5 +538,5 @@
             <version>4.12</version>
             <scope>test</scope>
         </dependency>
-    </dependencies>
+        </dependencies>
 </project>

src/main/java/com/parallax/server/blocklyprop/rest/RestProfile.java

@@ -21,6 +21,7 @@
 import com.parallax.client.cloudsession.exceptions.ServerException;
 import com.parallax.client.cloudsession.exceptions.UnknownUserIdException;
 import com.parallax.client.cloudsession.exceptions.WrongAuthenticationSourceException;
+import com.parallax.client.cloudsession.exceptions.EmailNotConfirmedException;
 import com.parallax.client.cloudsession.objects.User;
 import javax.ws.rs.FormParam;
 import javax.ws.rs.POST;

src/main/java/com/parallax/server/blocklyprop/rest/RestSharedProject.java

@@ -81,8 +81,8 @@ public Response get(
 
         Boolean parametersValid = false;
 
-        // Check the incoming data
-        if (sort != null){
+        // Sort flag evaluation
+        if (sort != null) {
             for (TableSort t : TableSort.values()) {
                 LOG.debug("REST:/shared/project/list/ Sort test for '{}'", t);
 
@@ -98,9 +98,9 @@ public Response get(
             }
         }
 
+        // Sort order evaluation
         if (order != null) {
             parametersValid = false;
-
             LOG.debug("REST:/shared/project/list/ Checking order");
 
             for (TableOrder t : TableOrder.values()) {
@@ -115,8 +115,35 @@ public Response get(
             }
         }
 
+        LOG.info("REST:/shared/project/list/ Checking limit");
+
+        // Limit result set value
+        if ( (limit == null) || (limit > 50)) {
+            LOG.info("REST:/shared/project/list/ Limit throttle to 50 entries");
+            limit = 50;
+        }
+        
+        LOG.info("REST:/shared/project/list/ Checking offset");
+
+        // Check ofset from the beginning of the record set
+        if ((offset == null) || (offset < 0)) {
+            offset = 0;
+        }
+        
+        for (TableOrder t : TableOrder.values()) {
+            if (order == t) {
+                parametersValid = true;
+                break;
+            }
+        }
+        
+        if (parametersValid == false) {
+            return Response.status(Response.Status.NOT_ACCEPTABLE).build();
+        }
+        
         LOG.debug("REST:/shared/project/list/ Checking limit");
 
+        // Set sane limits
         if ( (limit == null) || (limit > 50)) {
             LOG.warn("REST:/shared/project/list/ Limit throttle to 50 entries");
             limit = 50;

src/main/java/com/parallax/server/blocklyprop/services/impl/SecurityServiceImpl.java

@@ -375,6 +375,9 @@ public User authenticateLocalUser(String email, String password) throws
             LOG.info("User authenticated");
             return user;
 
+        } catch (UnknownUserException uue) {
+            LOG.error("User account is unknown.");
+            throw uue;
         } catch (UserBlockedException ube) {
             LOG.error("User account is blocked.");
             throw ube;

src/main/java/com/parallax/server/blocklyprop/servlets/ConfirmServlet.java

@@ -90,6 +90,7 @@ public void confirmToken(HttpServletRequest req, HttpServletResponse resp)
                     .forward(req, resp);
         } else {
             try {
+                LOG.info("Trying to confirm: {}, {}", email, token);
                 // Validate the email and token with the Cloud Session server
                 if (cloudSessionLocalUserService.doConfirm(email, token)) {
 

src/main/java/com/parallax/server/blocklyprop/servlets/PasswordResetServlet.java

@@ -9,12 +9,12 @@
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
 import com.parallax.client.cloudsession.CloudSessionLocalUserService;
-import com.parallax.client.cloudsession.exceptions.EmailNotConfirmedException;
 import com.parallax.client.cloudsession.exceptions.PasswordComplexityException;
 import com.parallax.client.cloudsession.exceptions.PasswordVerifyException;
 import com.parallax.client.cloudsession.exceptions.ServerException;
 import com.parallax.client.cloudsession.exceptions.UnknownUserException;
 import com.parallax.client.cloudsession.exceptions.WrongAuthenticationSourceException;
+import com.parallax.client.cloudsession.exceptions.EmailNotConfirmedException;
 import com.parallax.server.blocklyprop.enums.PasswordResetPage;
 import com.parallax.server.blocklyprop.utils.ServletUtils;
 import com.parallax.server.blocklyprop.utils.TextileReader;

src/main/java/com/parallax/server/blocklyprop/servlets/PublicProfileServlet.java

@@ -12,6 +12,7 @@
 import com.parallax.client.cloudsession.exceptions.EmailNotConfirmedException;
 import com.parallax.client.cloudsession.exceptions.ServerException;
 import com.parallax.client.cloudsession.exceptions.UnknownUserIdException;
+import com.parallax.client.cloudsession.exceptions.EmailNotConfirmedException;
 import com.parallax.server.blocklyprop.db.generated.tables.pojos.User;
 import com.parallax.server.blocklyprop.services.UserService;
 import com.parallax.server.blocklyprop.services.impl.SecurityServiceImpl;