Merge pull request #8 from virtualidentityag/VIC-587-The_slogan_and_t…

…he_name_have_actually_no_limits_imposed Vic 587 the slogan and the name have actually no limits imposed
virtualidentityag · Apr 21, 2022 · d8be684 · d8be684
2 parents 47a7a3e + 5d5a75e
commit d8be684
Show file tree

Hide file tree

Showing 10 changed files with 38 additions and 15 deletions.
diff --git a/api/tenantservice.yaml b/api/tenantservice.yaml
@@ -185,7 +185,7 @@ components:
         name:
           type: string
           example: "Company name AG"
-          maxLength: 100
+          maxLength: 40
         subdomain:
           type: string
           example: "companyname"
@@ -215,7 +215,7 @@ components:
         name:
           type: string
           example: "Company name AG"
-          maxLength: 100
+          maxLength: 40
         subdomain:
           type: string
           example: "companyname"
@@ -238,7 +238,7 @@ components:
         name:
           type: string
           example: "Company name AG"
-          maxLength: 100
+          maxLength: 40
         subdomain:
           type: string
           example: "subdomain"
@@ -283,7 +283,7 @@ components:
         claim:
           type: string
           example: "Llorem ipsum..."
-          maxLength: 100
+          maxLength: 40
         privacy:
           type: string
           example: "Llorem ipsum..."

diff --git a/pom.xml b/pom.xml
@@ -72,6 +72,11 @@
             <artifactId>h2</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.hibernate.validator</groupId>
+            <artifactId>hibernate-validator</artifactId>
+        </dependency>
+
         <!-- OpenApi/Swagger dependencies -->
         <dependency>
             <groupId>org.openapitools</groupId>

diff --git a/src/main/java/com/vi/tenantservice/api/controller/TenantController.java b/src/main/java/com/vi/tenantservice/api/controller/TenantController.java
@@ -50,15 +50,15 @@ public ResponseEntity<List<BasicTenantLicensingDTO>> getAllTenants() {
 
   @Override
   @PreAuthorize("hasAuthority('tenant-admin')")
-  public ResponseEntity<TenantDTO> createTenant(TenantDTO tenantDTO) {
+  public ResponseEntity<TenantDTO> createTenant(@Valid TenantDTO tenantDTO) {
     log.info("Creating tenant with by user {} ", authorisationService.getUsername());
     var tenant = tenantServiceFacade.createTenant(tenantDTO);
     return new ResponseEntity<>(tenant, HttpStatus.OK);
   }
 
   @Override
   @PreAuthorize("hasAnyAuthority('tenant-admin', 'single-tenant-admin')")
-  public ResponseEntity<TenantDTO> updateTenant(Long id, TenantDTO tenantDTO) {
+  public ResponseEntity<TenantDTO> updateTenant(Long id, @Valid TenantDTO tenantDTO) {
     log.info("Updating tenant with id {} by user {} ", id, authorisationService.getUsername());
     var updatedTenantDTO = tenantServiceFacade.updateTenant(id, tenantDTO);
     return new ResponseEntity<>(updatedTenantDTO, HttpStatus.OK);

diff --git a/src/main/resources/db/changelog/changeset/0003_change_tenant_attributes/0003-changeSet.xml b/src/main/resources/db/changelog/changeset/0003_change_tenant_attributes/0003-changeSet.xml
@@ -0,0 +1,7 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.6.xsd">
+    <changeSet author="aalicic" id="changeTenantAttributes">
+		<sqlFile path="db/changelog/changeset/0003_change_tenant_attributes/changeTenantAttributes.sql" stripComments="true" />
+		<rollback><sql/></rollback>
+	</changeSet>
+</databaseChangeLog>
diff --git a/...resources/db/changelog/changeset/0003_change_tenant_attributes/changeTenantAttributes.sql b/...resources/db/changelog/changeset/0003_change_tenant_attributes/changeTenantAttributes.sql
@@ -0,0 +1,3 @@
+ALTER TABLE `tenant`
+CHANGE `name` `name` varchar(40) COLLATE 'utf8_unicode_ci' NOT NULL AFTER `id`,
+CHANGE `content_claim` `content_claim` varchar(40) COLLATE 'utf8_unicode_ci' NULL AFTER `content_impressum`;
diff --git a/src/main/resources/db/changelog/tenantservice-dev-master.xml b/src/main/resources/db/changelog/tenantservice-dev-master.xml
@@ -8,4 +8,5 @@
     <!-- The base changeset contains the database state when liquibase was added to the project -->
 	<include file="db/changelog/changeset/0001_initsql/initSql.xml"/>
   <include file="db/changelog/changeset/0002_add_privacy_and_terms_and_conditions/0002-changeSet.xml"/>
+  <include file="db/changelog/changeset/0003_change_tenant_attributes/0003-changeSet.xml"/>
 </databaseChangeLog>
diff --git a/src/main/resources/db/changelog/tenantservice-prod-master.xml b/src/main/resources/db/changelog/tenantservice-prod-master.xml
@@ -5,4 +5,5 @@
   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
                       http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
   <include file="db/changelog/changeset/0001_initsql/initSql.xml"/>
+  <include file="db/changelog/changeset/0003_change_tenant_attributes/0003-changeSet.xml"/>
 </databaseChangeLog>
diff --git a/src/main/resources/db/changelog/tenantservice-staging-master.xml b/src/main/resources/db/changelog/tenantservice-staging-master.xml
@@ -5,4 +5,5 @@
   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
                       http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
   <include file="db/changelog/changeset/0001_initsql/initSql.xml"/>
+  <include file="db/changelog/changeset/0003_change_tenant_attributes/0003-changeSet.xml"/>
 </databaseChangeLog>
diff --git a/src/test/java/com/vi/tenantservice/api/controller/TenantControllerIT.java b/src/test/java/com/vi/tenantservice/api/controller/TenantControllerIT.java
@@ -41,7 +41,7 @@ class TenantControllerIT {
   private static final String AUTHORITY_WITHOUT_PERMISSIONS = "technical";
   private static final String USERNAME = "not important";
   private static final String EXISTING_SUBDOMAIN = "examplesubdomain";
-  private static final String SCRIPT_CONTENT = "<script>some malicious content</script>";
+  private static final String SCRIPT_CONTENT = "<script>error</script>";
 
   @Autowired
   private WebApplicationContext context;
@@ -65,7 +65,7 @@ void createTenant_Should_returnStatusOk_When_calledWithValidTenantCreateParamsAn
     mockMvc.perform(post(TENANT_RESOURCE)
             .with(authentication(builder.withAuthority(TENANT_ADMIN.getValue()).build()))
             .contentType(APPLICATION_JSON)
-            .content(tenantTestDataBuilder.withName("tenant").withSubdomain("subdomain").withLicensing()
+            .content(tenantTestDataBuilder.withId(1L).withName("tenant").withSubdomain("subdomain").withLicensing()
                 .jsonify())
             .contentType(APPLICATION_JSON))
         .andExpect(status().isOk());
@@ -80,7 +80,7 @@ void createTenant_Should_returnStatusForbidden_When_calledWithoutTenantAdminAuth
             .with(user("not important")
                 .authorities((GrantedAuthority) () -> AUTHORITY_WITHOUT_PERMISSIONS))
             .contentType(APPLICATION_JSON)
-            .content(tenantTestDataBuilder.withName("tenant").withSubdomain("subdomain").withLicensing()
+            .content(tenantTestDataBuilder.withId(1L).withName("tenant").withSubdomain("subdomain").withLicensing()
                 .jsonify())
             .contentType(APPLICATION_JSON))
         .andExpect(status().isForbidden());
@@ -95,15 +95,15 @@ void createTenant_Should_notCreateTenant_When_SubdomainIsNotUnique()
             .contentType(APPLICATION_JSON)
             .with(authentication(builder.withAuthority(TENANT_ADMIN.getValue()).build()))
             .content(
-                tenantTestDataBuilder.withName("tenant").withSubdomain("sub").withLicensing().jsonify())
+                tenantTestDataBuilder.withId(1L).withName("tenant").withSubdomain("sub").withLicensing().jsonify())
             .contentType(APPLICATION_JSON))
         .andExpect(status().isOk());
     // when
     mockMvc.perform(post(TENANT_RESOURCE)
             .contentType(APPLICATION_JSON)
             .with(authentication(builder.withAuthority(TENANT_ADMIN.getValue()).build()))
             .content(
-                tenantTestDataBuilder.withName("another tenant").withSubdomain("sub").withLicensing()
+                tenantTestDataBuilder.withId(2L).withName("another tenant").withSubdomain("sub").withLicensing()
                     .jsonify())
             .contentType(APPLICATION_JSON))
         .andExpect(status().isConflict())
@@ -117,7 +117,7 @@ void updateTenant_Should_returnStatusOk_When_calledWithValidTenantCreateParamsAn
     mockMvc.perform(put(EXISTING_TENANT)
             .with(authentication(builder.withAuthority(TENANT_ADMIN.getValue()).build()))
             .contentType(APPLICATION_JSON)
-            .content(tenantTestDataBuilder.withName("tenant").withSubdomain("changed subdomain")
+            .content(tenantTestDataBuilder.withId(1L).withName("tenant").withSubdomain("changed subdomain")
                 .withLicensing().jsonify())
             .contentType(APPLICATION_JSON))
         .andExpect(status().isOk());
@@ -130,7 +130,7 @@ void updateTenant_Should_returnStatusForbidden_When_calledWithValidTenantUpdateP
     mockMvc.perform(put(EXISTING_TENANT)
             .with(authentication(builder.withAuthority("not-a-valid-admin").build()))
             .contentType(APPLICATION_JSON)
-            .content(tenantTestDataBuilder.withName("tenant").withSubdomain("changed subdomain")
+            .content(tenantTestDataBuilder.withId(1L).withName("tenant").withSubdomain("changed subdomain")
                 .withLicensing().jsonify())
             .contentType(APPLICATION_JSON))
         .andExpect(status().isForbidden());
@@ -142,7 +142,7 @@ void updateTenant_Should_returnStatusNotFound_When_UpdateAttemptForNonExistingTe
     AuthenticationMockBuilder builder = new AuthenticationMockBuilder();
     mockMvc.perform(put(NON_EXISTING_TENANT)
             .with(authentication(builder.withAuthority(TENANT_ADMIN.getValue()).build()))
-            .content(tenantTestDataBuilder.withName("tenant").withSubdomain("changed subdomain")
+            .content(tenantTestDataBuilder.withId(1L).withName("tenant").withSubdomain("changed subdomain")
                 .withLicensing().jsonify())
             .contentType(APPLICATION_JSON))
         .andExpect(status().isNotFound());
@@ -231,7 +231,7 @@ void updateTenant_Should_sanitizeInput_When_calledWithExistingTenantIdAndForTena
   }
 
   private String prepareRequestWithInvalidScriptContent() {
-    return tenantTestDataBuilder.withName(appendMalciousScript("name"))
+    return tenantTestDataBuilder.withId(1L).withName(appendMalciousScript("name"))
         .withSubdomain(appendMalciousScript("subdomain"))
         .withContent(appendMalciousScript("<b>impressum</b>"), appendMalciousScript("<b>claim</b>"))
         .jsonify();

diff --git a/src/test/java/com/vi/tenantservice/api/util/TenantTestDataBuilder.java b/src/test/java/com/vi/tenantservice/api/util/TenantTestDataBuilder.java
@@ -30,6 +30,11 @@ public TenantTestDataBuilder tenantDTO() {
     return this;
   }
 
+  public TenantTestDataBuilder withId(Long id) {
+    tenantDTO.setId(id);
+    return this;
+  }
+
   public TenantTestDataBuilder withName(String name) {
     tenantDTO.setName(name);
     return this;