Validate email address when adding email or creating account

This checks that the email address has a valid format. Change-Id: I1f8d95dd9b02e720996bd15cca093ca55b5e4597 Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
2014-02-06 15:18:38 +01:00
parent 5ac379ca64
commit a9abdf4589
4 changed files with 23 additions and 4 deletions
--- a/gerrit-server/BUCK
+++ b/gerrit-server/BUCK
@@ -53,6 +53,7 @@ java_library2(
    '//lib/commons:dbcp',
    '//lib/commons:lang',
    '//lib/commons:net',
+    '//lib/commons:validator',
    '//lib/guice:guice',
    '//lib/guice:guice-assistedinject',
    '//lib/guice:guice-servlet',
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateAccount.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateAccount.java
@@ -43,6 +43,8 @@ import com.google.gwtorm.server.OrmException;
 import com.google.inject.Inject;
 import com.google.inject.assistedinject.Assisted;

+import org.apache.commons.validator.routines.EmailValidator;
+
 import java.util.Collections;
 import java.util.List;
 import java.util.Set;
@@ -121,10 +123,14 @@ public class CreateAccount implements RestModifyView<TopLevelResource, Input> {
      throw new ResourceConflictException(
          "username '" + username + "' already exists");
    }
-    if (input.email != null
-        && db.accountExternalIds().get(getEmailKey(input.email)) != null) {
-      throw new UnprocessableEntityException(
-          "email '" + input.email + "' already exists");
+    if (input.email != null) {
+      if (db.accountExternalIds().get(getEmailKey(input.email)) != null) {
+        throw new UnprocessableEntityException(
+            "email '" + input.email + "' already exists");
+      }
+      if (!EmailValidator.getInstance().isValid(input.email)) {
+        throw new BadRequestException("invalid email address");
+      }
    }

    try {
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java
@@ -35,6 +35,7 @@ import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.assistedinject.Assisted;

+import org.apache.commons.validator.routines.EmailValidator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@@ -99,6 +100,10 @@ public class CreateEmail implements RestModifyView<AccountResource, Input> {
      throw new BadRequestException("email address must match URL");
    }

+    if (!EmailValidator.getInstance().isValid(email)) {
+      throw new BadRequestException("invalid email address");
+    }
+
    if (input.noConfirmation
        && !self.get().getCapabilities().canAdministrateServer()) {
      throw new AuthException("must be administrator to use no_confirmation");
--- a/lib/commons/BUCK
+++ b/lib/commons/BUCK
@@ -75,6 +75,13 @@ maven_jar(
  license = 'Apache2.0',
 )

+maven_jar(
+  name = 'validator',
+  id = 'commons-validator:commons-validator:1.4.0',
+  sha1 = '42fa1046955ade59f5354a1876cfc523cea33815',
+  license = 'Apache2.0',
+)
+
 maven_jar(
  name = 'httpclient',
  id = 'org.apache.httpcomponents:httpclient:4.2.5',