Merge "Validate email address when adding email or creating account"

2014-03-08 00:36:40 +00:00 · 2014-03-08 00:36:40 +00:00 · 65df1358a1
commit 65df1358a1
parent 2b0a393f7f a9abdf4589
4 changed files with 23 additions and 4 deletions
--- a/gerrit-server/BUCK
+++ b/gerrit-server/BUCK
@ -53,6 +53,7 @@ java_library2(
    '//lib/commons:dbcp',
    '//lib/commons:lang',
    '//lib/commons:net',
+    '//lib/commons:validator',
    '//lib/guice:guice',
    '//lib/guice:guice-assistedinject',
    '//lib/guice:guice-servlet',
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateAccount.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateAccount.java
@ -44,6 +44,8 @@ import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.assistedinject.Assisted;

+import org.apache.commons.validator.routines.EmailValidator;
+
 import java.util.Collections;
 import java.util.List;
 import java.util.Set;
@ -122,10 +124,14 @@ public class CreateAccount implements RestModifyView<TopLevelResource, Input> {
      throw new ResourceConflictException(
          "username '" + username + "' already exists");
    }
-    if (input.email != null
-        && db.accountExternalIds().get(getEmailKey(input.email)) != null) {
-      throw new UnprocessableEntityException(
-          "email '" + input.email + "' already exists");
+    if (input.email != null) {
+      if (db.accountExternalIds().get(getEmailKey(input.email)) != null) {
+        throw new UnprocessableEntityException(
+            "email '" + input.email + "' already exists");
+      }
+      if (!EmailValidator.getInstance().isValid(input.email)) {
+        throw new BadRequestException("invalid email address");
+      }
    }

    try {
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java
@ -36,6 +36,7 @@ import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.assistedinject.Assisted;

+import org.apache.commons.validator.routines.EmailValidator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@ -92,6 +93,10 @@ public class CreateEmail implements RestModifyView<AccountResource, Input> {
      input = new Input();
    }

+    if (!EmailValidator.getInstance().isValid(email)) {
+      throw new BadRequestException("invalid email address");
+    }
+
    if (input.noConfirmation
        && !self.get().getCapabilities().canAdministrateServer()) {
      throw new AuthException("must be administrator to use no_confirmation");
--- a/lib/commons/BUCK
+++ b/lib/commons/BUCK
@ -84,6 +84,13 @@ maven_jar(
  license = 'Apache2.0',
 )

+maven_jar(
+  name = 'validator',
+  id = 'commons-validator:commons-validator:1.4.0',
+  sha1 = '42fa1046955ade59f5354a1876cfc523cea33815',
+  license = 'Apache2.0',
+)
+
 maven_jar(
  name = 'httpclient',
  id = 'org.apache.httpcomponents:httpclient:4.2.5',