Validate email address in user options page - TRUNK-2498

openmrs · Jun 10, 2013 · d3bdfae · d3bdfae
1 parent 9037e46
commit d3bdfae
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 0 deletions.
diff --git a/web/src/main/java/org/openmrs/web/controller/OptionsFormController.java b/web/src/main/java/org/openmrs/web/controller/OptionsFormController.java
@@ -27,6 +27,7 @@
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.commons.validator.EmailValidator;
 import org.openmrs.PersonName;
 import org.openmrs.User;
 import org.openmrs.api.APIException;
@@ -197,6 +198,17 @@ protected ModelAndView onSubmit(HttpServletRequest request, HttpServletResponse
 				errors.rejectValue("secretQuestionPassword", "error.password.incorrect");
 			}
 
+			String notifyType = opts.getNotification();
+			if (notifyType != null) {
+				if (notifyType.equals("internal") || notifyType.equals("internalProtected") || notifyType.equals("email")) {
+					if (StringUtils.isNotEmpty(opts.getNotificationAddress())) {
+						if (!EmailValidator.getInstance().isValid(opts.getNotificationAddress())) {
+							errors.reject("error.options.notificationAddress.invalid");
+						}
+					}
+				}
+			}
+
 			if (opts.getUsername().length() > 0 && !errors.hasErrors()) {
 				try {
 					Context.addProxyPrivilege(PrivilegeConstants.VIEW_USERS);

diff --git a/web/src/test/java/org/openmrs/web/controller/OptionsFormControllerTest.java b/web/src/test/java/org/openmrs/web/controller/OptionsFormControllerTest.java
@@ -1,3 +1,16 @@
+/**
+ * The contents of this file are subject to the OpenMRS Public License
+ * Version 1.0 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://license.openmrs.org
+ *
+ * Software distributed under the License is distributed on an "AS IS"
+ * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
+ * License for the specific language governing rights and limitations
+ * under the License.
+ *
+ * Copyright (C) OpenMRS, LLC.  All Rights Reserved.
+ */
 package org.openmrs.web.controller;
 
 import static org.hamcrest.Matchers.is;
@@ -19,11 +32,14 @@
 import org.openmrs.api.db.LoginCredential;
 import org.openmrs.api.db.UserDAO;
 import org.openmrs.util.OpenmrsConstants;
+import org.openmrs.web.OptionsForm;
 import org.openmrs.web.test.BaseWebContextSensitiveTest;
 import org.openmrs.web.test.WebTestHelper;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.validation.BeanPropertyBindingResult;
+import org.springframework.web.servlet.ModelAndView;
 
 public class OptionsFormControllerTest extends BaseWebContextSensitiveTest {
 
@@ -169,4 +185,40 @@ public void onSubmit_shouldReject1CharacterAsUsername() throws Exception {
 		//then
 		Assert.assertThat("a", is(not(Context.getAuthenticatedUser().getUsername())));
 	}
+
+	@Test
+	public void shouldRejectInvalidNotificationAddress() throws Exception {
+		final String incorrectAddress = "gayan@gmail";
+		MockHttpServletRequest request = new MockHttpServletRequest("POST", "");
+		request.setParameter("notification", "email");
+		request.setParameter("notificationAddress", incorrectAddress);
+
+		HttpServletResponse response = new MockHttpServletResponse();
+		ModelAndView modelAndView = controller.handleRequest(request, response);
+
+		OptionsForm optionsForm = (OptionsForm) controller.formBackingObject(request);
+		assertEquals(incorrectAddress, optionsForm.getNotificationAddress());
+
+		BeanPropertyBindingResult bindingResult = (BeanPropertyBindingResult) modelAndView.getModel().get(
+		    "org.springframework.validation.BindingResult.opts");
+		Assert.assertTrue(bindingResult.hasErrors());
+	}
+
+	@Test
+	public void shouldAcceptValidNotificationAddress() throws Exception {
+		String notificationTypes[] = { "internal", "internalProtected", "email" };
+		String correctAddress = "gayan@gmail.com";
+
+		for (String notifyType : notificationTypes) {
+			MockHttpServletRequest request = new MockHttpServletRequest("POST", "");
+			request.setParameter("notification", notifyType);
+			request.setParameter("notificationAddress", correctAddress);
+
+			HttpServletResponse response = new MockHttpServletResponse();
+			controller.handleRequest(request, response);
+
+			OptionsForm optionsForm = (OptionsForm) controller.formBackingObject(request);
+			assertEquals(correctAddress, optionsForm.getNotificationAddress());
+		}
+	}
 }
diff --git a/webapp/src/main/webapp/WEB-INF/messages.properties b/webapp/src/main/webapp/WEB-INF/messages.properties
@@ -372,6 +372,7 @@ error.username.weak=Invalid username.  Must be at least 6 characters
 error.username.invalid=Invalid username.  Username must be alphanumeric and cannot start with a number
 error.username.email=Invalid username.  Username must be a valid e-mail.
 error.retired.requireMetadata=Who retired this and why?
+error.options.notificationAddress.invalid=Invalid notifications email address
 
 changePassword.hint.password.length=Password should have at least {0} characters
 changePassword.hint.password.bothCasesRequired=both upper and lower case characters