Allow to have bare JIDs inside shared groups. Missing validation of remote users. JM-210

git-svn-id: http://svn.igniterealtime.org/svn/repos/messenger/trunk@3118 b35dd754-fafc-0310-a699-88a17e54d16e

Allow to have bare JIDs inside shared groups. Missing validation of remote users. JM-210
git-svn-id: http://svn.igniterealtime.org/svn/repos/messenger/trunk@3118 b35dd754-fafc-0310-a699-88a17e54d16e
a5d9666c · Gaston Dombiak · gato · 80b0b21b · a5d9666c · a5d9666c
Commit a5d9666c authored Nov 26, 2005 by Gaston Dombiak Committed by gato Nov 26, 2005
Hide whitespace changes
Inline Side-by-side

Showing with 58 additions and 31 deletions

group-create.jsp src/web/group-create.jsp +16 -5

group-edit.jsp src/web/group-edit.jsp +42 -26

No files found.
--- a/src/web/group-create.jsp
+++ b/src/web/group-create.jsp
@@ -14,10 +14,11 @@
                 java.util.*,
                 org.jivesoftware.messenger.group.*,
                 java.net.URLEncoder,
-                 org.jivesoftware.messenger.user.UserManager,
+                 org.jivesoftware.messenger.user.UserManager"
-                 org.jivesoftware.messenger.user.UserNotFoundException"
    errorPage="error.jsp"
 %>
+<%@ page import="org.jivesoftware.stringprep.Stringprep"%>
+<%@ page import="org.xmpp.packet.JID"%>
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -91,10 +92,20 @@
                    while (tokenizer.hasMoreTokens()) {
                        String username = tokenizer.nextToken();
                        try {
-                            UserManager.getInstance().getUser(username);
+                            if (username.indexOf('@') == -1) {
-                            newGroup.getMembers().add(username);
+                                // No @ was found so assume this is a JID of a local user
+                                username = Stringprep.nodeprep(username);
+                                UserManager.getInstance().getUser(username);
+                                newGroup.getMembers().add(webManager.getXMPPServer().createJID(username, null));
+                            }
+                            else {
+                                // Admin entered a JID. Add the JID directly to the list of group members
+                                newGroup.getMembers().add(new JID(username));
+                            }
+                        }
+                        catch (Exception e) {
+                            throw new IllegalArgumentException("Invalid user.", e);
                        }
-                        catch (UserNotFoundException unfe) { }
                    }
                }
                // Successful, so redirect

--- a/src/web/group-edit.jsp
+++ b/src/web/group-edit.jsp
@@ -16,6 +16,10 @@
                 java.io.UnsupportedEncodingException,
                 org.jivesoftware.util.*"
 %>
+<%@ page import="org.xmpp.packet.JID"%>
+<%@ page import="org.jivesoftware.stringprep.Stringprep"%>
+<%@ page import="org.jivesoftware.messenger.user.UserManager"%>
+<%@ page import="org.jivesoftware.messenger.user.UserNotFoundException"%>
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c"%>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -99,9 +103,9 @@
    if (update) {
-        Set adminIDSet = new HashSet();
+        Set<JID> adminIDSet = new HashSet<JID>();
        for (int i = 0; i < adminIDs.length; i++) {
-            String newAdmin = adminIDs[i];
+            JID newAdmin = new JID(adminIDs[i]);
            adminIDSet.add(newAdmin);
            boolean isAlreadyAdmin = group.getAdmins().contains(newAdmin);
            if (!isAlreadyAdmin) {
@@ -109,17 +113,17 @@
                group.getAdmins().add(newAdmin);
            }
        }
-        Iterator groupIter = Collections.unmodifiableCollection(group.getAdmins()).iterator();
+        Iterator<JID> groupIter = Collections.unmodifiableCollection(group.getAdmins()).iterator();
-        Set removeList = new HashSet();
+        Set<JID> removeList = new HashSet<JID>();
        while (groupIter.hasNext()) {
-            String m = (String) groupIter.next();
+            JID m = (JID) groupIter.next();
            if (!adminIDSet.contains(m)) {
                removeList.add(m);
            }
        }
-        Iterator i = removeList.iterator();
+        Iterator<JID> i = removeList.iterator();
        while (i.hasNext()) {
-            String m = (String) i.next();
+            JID m = (JID) i.next();
            group.getMembers().add(m);
        }
        // Get admin list and compare it the admin posted list.
@@ -135,21 +139,33 @@
            username = username.toLowerCase();
            // Add to group as member by default.
-            if (!group.getMembers().contains(username) && !group.getAdmins().contains(username)) {
+            try {
-                // Ensure that the user is valid
+                boolean added = false;
-                try {
+                if (username.indexOf('@') == -1) {
-                    group.getMembers().add(username);
+                    // No @ was found so assume this is a JID of a local user
+                    username = Stringprep.nodeprep(username);
+                    UserManager.getInstance().getUser(username);
+                    added = group.getMembers().add(webManager.getXMPPServer().createJID(username, null));
+                }
+                else {
+                    // Admin entered a JID. Add the JID directly to the list of group members
+                    added = group.getMembers().add(new JID(username));
+                }
+                if (added) {
                    count++;
                }
-                catch (IllegalArgumentException unfe) {
+                else {
                    errorBuf.append("<br>").append(
-                            LocaleUtils.getLocalizedString("group.edit.inexistent_user",
+                            LocaleUtils.getLocalizedString("group.edit.already_user",
                            JiveGlobals.getLocale(), Arrays.asList(username)));
                }
            }
-            else {
+            catch (Exception e) {
+                Log.debug("Problem adding new user to existing group", e);
                errorBuf.append("<br>").append(
-                        LocaleUtils.getLocalizedString("group.edit.already_user",
+                        LocaleUtils.getLocalizedString("group.edit.inexistent_user",
                        JiveGlobals.getLocale(), Arrays.asList(username)));
            }
        }
@@ -169,7 +185,7 @@
    }
    else if (delete) {
        for (int i = 0; i < deleteMembers.length; i++) {
-            String member = deleteMembers[i];
+            JID member = new JID(deleteMembers[i]);
            group.getMembers().remove(member);
            group.getAdmins().remove(member);
        }
@@ -455,8 +471,8 @@
            <!-- Add admins first -->
 <%
            int memberCount = group.getMembers().size() + group.getAdmins().size();
-            Iterator members = group.getMembers().iterator();
+            Iterator<JID> members = group.getMembers().iterator();
-            Iterator admins = group.getAdmins().iterator();
+            Iterator<JID> admins = group.getAdmins().iterator();
 %>
 <%
            if (memberCount == 0) {
@@ -475,15 +491,15 @@
 <%
            boolean showUpdateButtons = memberCount > 0;
            while (admins.hasNext()) {
-                String username = (String)admins.next();
+                JID user = (JID)admins.next();
 %>
                <tr>
-                    <td><%= username %></td>
+                    <td><%= user %></td>
                    <td align="center">
-                        <input type="checkbox" name="admin" value="<%= username %>" checked>
+                        <input type="checkbox" name="admin" value="<%= user %>" checked>
                    </td>
                    <td align="center">
-                        <input type="checkbox" name="delete" value="<%= username %>">
+                        <input type="checkbox" name="delete" value="<%= user %>">
                    </td>
                </tr>
 <%
@@ -491,15 +507,15 @@
 %>
 <%
            while (members.hasNext()) {
-                String username = (String)members.next();
+                JID user = (JID)members.next();
 %>
                <tr>
-                    <td><%= username %></td>
+                    <td><%= user %></td>
                    <td align="center">
-                        <input type="checkbox" name="admin" value="<%= username %>">
+                        <input type="checkbox" name="admin" value="<%= user %>">
                    </td>
                    <td align="center">
-                        <input type="checkbox" name="delete" value="<%= username %>">
+                        <input type="checkbox" name="delete" value="<%= user %>">
                    </td>
                </tr>
 <%