From 775eae5fdc7580373ccf1c0e2d0e646b6d51f456 Mon Sep 17 00:00:00 2001 From: Udara Pathum <46132469+hwupathum@users.noreply.github.com> Date: Wed, 23 Oct 2024 14:14:48 +0530 Subject: [PATCH] Check tenant domain contains any illegal characters --- .../v1/core/ServerTenantManagementService.java | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/components/org.wso2.carbon.identity.api.server.tenant.management/org.wso2.carbon.identity.api.server.tenant.management.v1/src/main/java/org/wso2/carbon/identity/api/server/tenant/management/v1/core/ServerTenantManagementService.java b/components/org.wso2.carbon.identity.api.server.tenant.management/org.wso2.carbon.identity.api.server.tenant.management.v1/src/main/java/org/wso2/carbon/identity/api/server/tenant/management/v1/core/ServerTenantManagementService.java index 305fb9350..655aadfb0 100644 --- a/components/org.wso2.carbon.identity.api.server.tenant.management/org.wso2.carbon.identity.api.server.tenant.management.v1/src/main/java/org/wso2/carbon/identity/api/server/tenant/management/v1/core/ServerTenantManagementService.java +++ b/components/org.wso2.carbon.identity.api.server.tenant.management/org.wso2.carbon.identity.api.server.tenant.management.v1/src/main/java/org/wso2/carbon/identity/api/server/tenant/management/v1/core/ServerTenantManagementService.java @@ -78,6 +78,7 @@ import static org.wso2.carbon.identity.api.server.tenant.management.common.TenantManagementConstants.FilterOperations.EW; import static org.wso2.carbon.identity.api.server.tenant.management.common.TenantManagementConstants.FilterOperations.SW; import static org.wso2.carbon.identity.api.server.tenant.management.common.TenantManagementConstants.TENANT_MANAGEMENT_PATH_COMPONENT; +import static org.wso2.carbon.stratos.common.constants.TenantConstants.ErrorMessage.ERROR_CODE_ILLEGAL_CHARACTERS_IN_DOMAIN; import static org.wso2.carbon.stratos.common.constants.TenantConstants.ErrorMessage.ERROR_CODE_INVALID_EMAIL; import static org.wso2.carbon.stratos.common.constants.TenantConstants.ErrorMessage.ERROR_CODE_MISSING_REQUIRED_PARAMETER; @@ -93,6 +94,7 @@ public class ServerTenantManagementService { private static final String INLINE_PASSWORD = "inline-password"; private static final String CODE = "code"; private static final String PURPOSE = "purpose"; + private static final String ILLEGAL_CHARACTERS_FOR_TENANT_DOMAIN = ".*[^a-z0-9\\._\\-].*"; /** * Add a tenant. @@ -129,8 +131,8 @@ public TenantsListResponse listTenants(Integer limit, Integer offset, String sor TenantMgtService tenantMgtService = TenantManagementServiceHolder.getTenantMgtService(); - verifyFilter(filter); try { + verifyFilter(filter); TenantSearchResult tenantSearchResult = tenantMgtService.listTenants(limit, offset, sortOrder, sortBy, filter); return createTenantListResponse(tenantSearchResult); @@ -726,7 +728,7 @@ private String getISOFormatDate(Date date) { } - private void verifyFilter(String filter) { + private void verifyFilter(String filter) throws TenantMgtException { if (StringUtils.isNotBlank(filter)) { String[] filterArgs = filter.split(" "); @@ -739,6 +741,11 @@ private void verifyFilter(String filter) { String attributeValue = filterArgs[2]; if (StringUtils.equalsIgnoreCase(filterAttribute, TenantMgtImpl.DOMAIN_NAME)) { + // Check tenant domain contains any illegal characters. + if (attributeValue.matches(ILLEGAL_CHARACTERS_FOR_TENANT_DOMAIN)) { + throw new TenantManagementClientException(ERROR_CODE_ILLEGAL_CHARACTERS_IN_DOMAIN.getCode(), + String.format(ERROR_CODE_ILLEGAL_CHARACTERS_IN_DOMAIN.getMessage(), attributeValue)); + } if (!StringUtils.equalsIgnoreCase(operation, SW) && !StringUtils.equalsIgnoreCase(operation, EW) && !StringUtils.equalsIgnoreCase(operation, EQ) && !StringUtils.equalsIgnoreCase(operation, CO)) {