From 6e7b1af0322c87df7e8132a5118fadf310256aeb Mon Sep 17 00:00:00 2001
From: aalicic <adnan@leads.ba>
Date: Wed, 20 Apr 2022 17:06:37 +0200
Subject: [PATCH 1/3] VIC-587: The slogan and the name have actually no limits
 imposed: reverted back

---
 api/tenantservice.yaml                         |  8 ++++----
 pom.xml                                        |  5 +++++
 .../api/controller/TenantController.java       |  4 ++--
 .../api/controller/TenantControllerIT.java     | 18 +++++++++---------
 .../api/util/TenantTestDataBuilder.java        |  5 +++++
 5 files changed, 25 insertions(+), 15 deletions(-)

diff --git a/api/tenantservice.yaml b/api/tenantservice.yaml
index 3445715..dc59325 100644
--- a/api/tenantservice.yaml
+++ b/api/tenantservice.yaml
@@ -185,7 +185,7 @@ components:
         name:
           type: string
           example: "Company name AG"
-          maxLength: 100
+          maxLength: 40
         subdomain:
           type: string
           example: "companyname"
@@ -215,7 +215,7 @@ components:
         name:
           type: string
           example: "Company name AG"
-          maxLength: 100
+          maxLength: 40
         subdomain:
           type: string
           example: "companyname"
@@ -238,7 +238,7 @@ components:
         name:
           type: string
           example: "Company name AG"
-          maxLength: 100
+          maxLength: 40
         subdomain:
           type: string
           example: "subdomain"
@@ -283,7 +283,7 @@ components:
         claim:
           type: string
           example: "Llorem ipsum..."
-          maxLength: 100
+          maxLength: 40
         privacy:
           type: string
           example: "Llorem ipsum..."
diff --git a/pom.xml b/pom.xml
index 28f1045..aeac855 100644
--- a/pom.xml
+++ b/pom.xml
@@ -72,6 +72,11 @@
             <artifactId>h2</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.hibernate.validator</groupId>
+            <artifactId>hibernate-validator</artifactId>
+        </dependency>
+
         <!-- OpenApi/Swagger dependencies -->
         <dependency>
             <groupId>org.openapitools</groupId>
diff --git a/src/main/java/com/vi/tenantservice/api/controller/TenantController.java b/src/main/java/com/vi/tenantservice/api/controller/TenantController.java
index 8b8b67c..285767d 100644
--- a/src/main/java/com/vi/tenantservice/api/controller/TenantController.java
+++ b/src/main/java/com/vi/tenantservice/api/controller/TenantController.java
@@ -50,7 +50,7 @@ public ResponseEntity<List<BasicTenantLicensingDTO>> getAllTenants() {
 
   @Override
   @PreAuthorize("hasAuthority('tenant-admin')")
-  public ResponseEntity<TenantDTO> createTenant(TenantDTO tenantDTO) {
+  public ResponseEntity<TenantDTO> createTenant(@Valid TenantDTO tenantDTO) {
     log.info("Creating tenant with by user {} ", authorisationService.getUsername());
     var tenant = tenantServiceFacade.createTenant(tenantDTO);
     return new ResponseEntity<>(tenant, HttpStatus.OK);
@@ -58,7 +58,7 @@ public ResponseEntity<TenantDTO> createTenant(TenantDTO tenantDTO) {
 
   @Override
   @PreAuthorize("hasAnyAuthority('tenant-admin', 'single-tenant-admin')")
-  public ResponseEntity<TenantDTO> updateTenant(Long id, TenantDTO tenantDTO) {
+  public ResponseEntity<TenantDTO> updateTenant(Long id, @Valid TenantDTO tenantDTO) {
     log.info("Updating tenant with id {} by user {} ", id, authorisationService.getUsername());
     var updatedTenantDTO = tenantServiceFacade.updateTenant(id, tenantDTO);
     return new ResponseEntity<>(updatedTenantDTO, HttpStatus.OK);
diff --git a/src/test/java/com/vi/tenantservice/api/controller/TenantControllerIT.java b/src/test/java/com/vi/tenantservice/api/controller/TenantControllerIT.java
index 6549e74..79fc02a 100644
--- a/src/test/java/com/vi/tenantservice/api/controller/TenantControllerIT.java
+++ b/src/test/java/com/vi/tenantservice/api/controller/TenantControllerIT.java
@@ -41,7 +41,7 @@ class TenantControllerIT {
   private static final String AUTHORITY_WITHOUT_PERMISSIONS = "technical";
   private static final String USERNAME = "not important";
   private static final String EXISTING_SUBDOMAIN = "examplesubdomain";
-  private static final String SCRIPT_CONTENT = "<script>some malicious content</script>";
+  private static final String SCRIPT_CONTENT = "<script>error</script>";
 
   @Autowired
   private WebApplicationContext context;
@@ -65,7 +65,7 @@ void createTenant_Should_returnStatusOk_When_calledWithValidTenantCreateParamsAn
     mockMvc.perform(post(TENANT_RESOURCE)
             .with(authentication(builder.withAuthority(TENANT_ADMIN.getValue()).build()))
             .contentType(APPLICATION_JSON)
-            .content(tenantTestDataBuilder.withName("tenant").withSubdomain("subdomain").withLicensing()
+            .content(tenantTestDataBuilder.withId(1L).withName("tenant").withSubdomain("subdomain").withLicensing()
                 .jsonify())
             .contentType(APPLICATION_JSON))
         .andExpect(status().isOk());
@@ -80,7 +80,7 @@ void createTenant_Should_returnStatusForbidden_When_calledWithoutTenantAdminAuth
             .with(user("not important")
                 .authorities((GrantedAuthority) () -> AUTHORITY_WITHOUT_PERMISSIONS))
             .contentType(APPLICATION_JSON)
-            .content(tenantTestDataBuilder.withName("tenant").withSubdomain("subdomain").withLicensing()
+            .content(tenantTestDataBuilder.withId(1L).withName("tenant").withSubdomain("subdomain").withLicensing()
                 .jsonify())
             .contentType(APPLICATION_JSON))
         .andExpect(status().isForbidden());
@@ -95,7 +95,7 @@ void createTenant_Should_notCreateTenant_When_SubdomainIsNotUnique()
             .contentType(APPLICATION_JSON)
             .with(authentication(builder.withAuthority(TENANT_ADMIN.getValue()).build()))
             .content(
-                tenantTestDataBuilder.withName("tenant").withSubdomain("sub").withLicensing().jsonify())
+                tenantTestDataBuilder.withId(1L).withName("tenant").withSubdomain("sub").withLicensing().jsonify())
             .contentType(APPLICATION_JSON))
         .andExpect(status().isOk());
     // when
@@ -103,7 +103,7 @@ void createTenant_Should_notCreateTenant_When_SubdomainIsNotUnique()
             .contentType(APPLICATION_JSON)
             .with(authentication(builder.withAuthority(TENANT_ADMIN.getValue()).build()))
             .content(
-                tenantTestDataBuilder.withName("another tenant").withSubdomain("sub").withLicensing()
+                tenantTestDataBuilder.withId(2L).withName("another tenant").withSubdomain("sub").withLicensing()
                     .jsonify())
             .contentType(APPLICATION_JSON))
         .andExpect(status().isConflict())
@@ -117,7 +117,7 @@ void updateTenant_Should_returnStatusOk_When_calledWithValidTenantCreateParamsAn
     mockMvc.perform(put(EXISTING_TENANT)
             .with(authentication(builder.withAuthority(TENANT_ADMIN.getValue()).build()))
             .contentType(APPLICATION_JSON)
-            .content(tenantTestDataBuilder.withName("tenant").withSubdomain("changed subdomain")
+            .content(tenantTestDataBuilder.withId(1L).withName("tenant").withSubdomain("changed subdomain")
                 .withLicensing().jsonify())
             .contentType(APPLICATION_JSON))
         .andExpect(status().isOk());
@@ -130,7 +130,7 @@ void updateTenant_Should_returnStatusForbidden_When_calledWithValidTenantUpdateP
     mockMvc.perform(put(EXISTING_TENANT)
             .with(authentication(builder.withAuthority("not-a-valid-admin").build()))
             .contentType(APPLICATION_JSON)
-            .content(tenantTestDataBuilder.withName("tenant").withSubdomain("changed subdomain")
+            .content(tenantTestDataBuilder.withId(1L).withName("tenant").withSubdomain("changed subdomain")
                 .withLicensing().jsonify())
             .contentType(APPLICATION_JSON))
         .andExpect(status().isForbidden());
@@ -142,7 +142,7 @@ void updateTenant_Should_returnStatusNotFound_When_UpdateAttemptForNonExistingTe
     AuthenticationMockBuilder builder = new AuthenticationMockBuilder();
     mockMvc.perform(put(NON_EXISTING_TENANT)
             .with(authentication(builder.withAuthority(TENANT_ADMIN.getValue()).build()))
-            .content(tenantTestDataBuilder.withName("tenant").withSubdomain("changed subdomain")
+            .content(tenantTestDataBuilder.withId(1L).withName("tenant").withSubdomain("changed subdomain")
                 .withLicensing().jsonify())
             .contentType(APPLICATION_JSON))
         .andExpect(status().isNotFound());
@@ -231,7 +231,7 @@ void updateTenant_Should_sanitizeInput_When_calledWithExistingTenantIdAndForTena
   }
 
   private String prepareRequestWithInvalidScriptContent() {
-    return tenantTestDataBuilder.withName(appendMalciousScript("name"))
+    return tenantTestDataBuilder.withId(1L).withName(appendMalciousScript("name"))
         .withSubdomain(appendMalciousScript("subdomain"))
         .withContent(appendMalciousScript("<b>impressum</b>"), appendMalciousScript("<b>claim</b>"))
         .jsonify();
diff --git a/src/test/java/com/vi/tenantservice/api/util/TenantTestDataBuilder.java b/src/test/java/com/vi/tenantservice/api/util/TenantTestDataBuilder.java
index e3fae8b..f4f8a07 100644
--- a/src/test/java/com/vi/tenantservice/api/util/TenantTestDataBuilder.java
+++ b/src/test/java/com/vi/tenantservice/api/util/TenantTestDataBuilder.java
@@ -30,6 +30,11 @@ public TenantTestDataBuilder tenantDTO() {
     return this;
   }
 
+  public TenantTestDataBuilder withId(Long id) {
+    tenantDTO.setId(id);
+    return this;
+  }
+
   public TenantTestDataBuilder withName(String name) {
     tenantDTO.setName(name);
     return this;

From 06efb9c542b6b90d7a51632a96dbdf7bedccefe1 Mon Sep 17 00:00:00 2001
From: aalicic <adnan@leads.ba>
Date: Wed, 20 Apr 2022 17:15:36 +0200
Subject: [PATCH 2/3] VIC-587: The slogan and the name have actually no limits
 imposed: reverted back

---
 .../0003_change_tenant_attributes/0003-changeSet.xml       | 7 +++++++
 .../changeTenantAttributes.sql                             | 3 +++
 .../resources/db/changelog/tenantservice-dev-master.xml    | 1 +
 .../resources/db/changelog/tenantservice-prod-master.xml   | 2 ++
 .../db/changelog/tenantservice-staging-master.xml          | 2 ++
 5 files changed, 15 insertions(+)
 create mode 100644 src/main/resources/db/changelog/changeset/0003_change_tenant_attributes/0003-changeSet.xml
 create mode 100644 src/main/resources/db/changelog/changeset/0003_change_tenant_attributes/changeTenantAttributes.sql

diff --git a/src/main/resources/db/changelog/changeset/0003_change_tenant_attributes/0003-changeSet.xml b/src/main/resources/db/changelog/changeset/0003_change_tenant_attributes/0003-changeSet.xml
new file mode 100644
index 0000000..4ab8053
--- /dev/null
+++ b/src/main/resources/db/changelog/changeset/0003_change_tenant_attributes/0003-changeSet.xml
@@ -0,0 +1,7 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.6.xsd">
+    <changeSet author="aalicic" id="changeTenantAttributes">
+		<sqlFile path="db/changelog/changeset/0003_change_tenant_attributes/changeTenantAttributes.sql" stripComments="true" />
+		<rollback><sql/></rollback>
+	</changeSet>
+</databaseChangeLog>
diff --git a/src/main/resources/db/changelog/changeset/0003_change_tenant_attributes/changeTenantAttributes.sql b/src/main/resources/db/changelog/changeset/0003_change_tenant_attributes/changeTenantAttributes.sql
new file mode 100644
index 0000000..040634e
--- /dev/null
+++ b/src/main/resources/db/changelog/changeset/0003_change_tenant_attributes/changeTenantAttributes.sql
@@ -0,0 +1,3 @@
+ALTER TABLE `tenant`
+CHANGE `name` `name` varchar(40) COLLATE 'utf8_unicode_ci' NOT NULL AFTER `id`,
+CHANGE `content_claim` `content_claim` varchar(40) COLLATE 'utf8_unicode_ci' NULL AFTER `content_impressum`;
\ No newline at end of file
diff --git a/src/main/resources/db/changelog/tenantservice-dev-master.xml b/src/main/resources/db/changelog/tenantservice-dev-master.xml
index 9385e6c..e271a44 100644
--- a/src/main/resources/db/changelog/tenantservice-dev-master.xml
+++ b/src/main/resources/db/changelog/tenantservice-dev-master.xml
@@ -8,4 +8,5 @@
     <!-- The base changeset contains the database state when liquibase was added to the project -->
 	<include file="db/changelog/changeset/0001_initsql/initSql.xml"/>
   <include file="db/changelog/changeset/0002_add_privacy_and_terms_and_conditions/0002-changeSet.xml"/>
+  <include file="db/changelog/changeset/0003_change_tenant_attributes/0003-changeSet.xml"/>
 </databaseChangeLog>
diff --git a/src/main/resources/db/changelog/tenantservice-prod-master.xml b/src/main/resources/db/changelog/tenantservice-prod-master.xml
index 830b639..8a2fa62 100644
--- a/src/main/resources/db/changelog/tenantservice-prod-master.xml
+++ b/src/main/resources/db/changelog/tenantservice-prod-master.xml
@@ -5,4 +5,6 @@
   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
                       http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
   <include file="db/changelog/changeset/0001_initsql/initSql.xml"/>
+  <include file="db/changelog/changeset/0002_add_privacy_and_terms_and_conditions/0002-changeSet.xml"/>
+  <include file="db/changelog/changeset/0003_change_tenant_attributes/0003-changeSet.xml"/>
 </databaseChangeLog>
diff --git a/src/main/resources/db/changelog/tenantservice-staging-master.xml b/src/main/resources/db/changelog/tenantservice-staging-master.xml
index 830b639..8a2fa62 100644
--- a/src/main/resources/db/changelog/tenantservice-staging-master.xml
+++ b/src/main/resources/db/changelog/tenantservice-staging-master.xml
@@ -5,4 +5,6 @@
   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
                       http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
   <include file="db/changelog/changeset/0001_initsql/initSql.xml"/>
+  <include file="db/changelog/changeset/0002_add_privacy_and_terms_and_conditions/0002-changeSet.xml"/>
+  <include file="db/changelog/changeset/0003_change_tenant_attributes/0003-changeSet.xml"/>
 </databaseChangeLog>

From 5d5a75e15919d0ad7d05c1bfa589a5f6802d94f0 Mon Sep 17 00:00:00 2001
From: aalicic <adnan@leads.ba>
Date: Thu, 21 Apr 2022 07:46:55 +0200
Subject: [PATCH 3/3] VIC-587: The slogan and the name have actually no limits
 imposed

---
 src/main/resources/db/changelog/tenantservice-prod-master.xml    | 1 -
 src/main/resources/db/changelog/tenantservice-staging-master.xml | 1 -
 2 files changed, 2 deletions(-)

diff --git a/src/main/resources/db/changelog/tenantservice-prod-master.xml b/src/main/resources/db/changelog/tenantservice-prod-master.xml
index 8a2fa62..36d57d3 100644
--- a/src/main/resources/db/changelog/tenantservice-prod-master.xml
+++ b/src/main/resources/db/changelog/tenantservice-prod-master.xml
@@ -5,6 +5,5 @@
   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
                       http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
   <include file="db/changelog/changeset/0001_initsql/initSql.xml"/>
-  <include file="db/changelog/changeset/0002_add_privacy_and_terms_and_conditions/0002-changeSet.xml"/>
   <include file="db/changelog/changeset/0003_change_tenant_attributes/0003-changeSet.xml"/>
 </databaseChangeLog>
diff --git a/src/main/resources/db/changelog/tenantservice-staging-master.xml b/src/main/resources/db/changelog/tenantservice-staging-master.xml
index 8a2fa62..36d57d3 100644
--- a/src/main/resources/db/changelog/tenantservice-staging-master.xml
+++ b/src/main/resources/db/changelog/tenantservice-staging-master.xml
@@ -5,6 +5,5 @@
   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
                       http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
   <include file="db/changelog/changeset/0001_initsql/initSql.xml"/>
-  <include file="db/changelog/changeset/0002_add_privacy_and_terms_and_conditions/0002-changeSet.xml"/>
   <include file="db/changelog/changeset/0003_change_tenant_attributes/0003-changeSet.xml"/>
 </databaseChangeLog>