Commits

Stefan Saasen  committed 3504427

Validate the API-Token form input. Show errors and success messages. Require XSRF token.

  • Participants
  • Parent commits 20605fe

Comments (0)

Files changed (5)

File src/main/java/com/atlassian/labs/hipchat/actions/SaveConfigurationAction.java

 import com.atlassian.confluence.security.PermissionManager;
 import com.atlassian.labs.hipchat.components.ConfigurationManager;
 import com.opensymphony.xwork.Action;
+import org.apache.commons.lang.StringUtils;
 
-public class SaveConfigurationAction extends ConfluenceActionSupport
-{
-    private final ConfigurationManager configurationManager;
-    private final PermissionManager permissionManager;
+public class SaveConfigurationAction extends ConfluenceActionSupport {
+    private ConfigurationManager configurationManager;
+    private PermissionManager permissionManager;
 
     private String hipChatAuthToken;
 
-    public SaveConfigurationAction(ConfigurationManager configurationManager, PermissionManager permissionManager)
-    {
-        this.configurationManager = configurationManager;
-        this.permissionManager = permissionManager;
-    }
-
     @Override
-    public boolean isPermitted()
-    {
+    public boolean isPermitted() {
         return permissionManager.hasPermission(getRemoteUser(), Permission.ADMINISTER, PermissionManager.TARGET_SYSTEM);
     }
 
-    public void setHipChatAuthToken(String value)
-    {
+    @SuppressWarnings("UnusedDeclaration")
+    public void setHipChatAuthToken(String value) {
         this.hipChatAuthToken = value;
     }
 
+    @Override public void validate() {
+        if (StringUtils.isBlank(hipChatAuthToken)) {
+            addActionError(getText("hipchat.token.form.invalidtokenerror"));
+        }
+    }
+
+    public String getHipChatAuthToken() {
+        return configurationManager.getHipChatAuthToken();
+    }
+
     @Override
-    public String execute() throws Exception
-    {
-        // TODO: Validate inputs.
+    public String execute() throws Exception {
         configurationManager.updateConfiguration(hipChatAuthToken);
         return Action.SUCCESS;
     }
+
+    // =================================================================================================================
+    // We have to use setter injection if we don't use the defaultStack
+    // See https://jira.atlassian.com/browse/CONF-23137
+    public void setConfigurationManager(ConfigurationManager configurationManager) {
+        this.configurationManager = configurationManager;
+    }
+
+    public void setPermissionManager(PermissionManager permissionManager) {
+        this.permissionManager = permissionManager;
+    }
 }

File src/main/java/com/atlassian/labs/hipchat/actions/ViewConfigurationAction.java

 import com.atlassian.labs.hipchat.components.ConfigurationManager;
 import com.opensymphony.xwork.Action;
 
-public class ViewConfigurationAction extends ConfluenceActionSupport
-{
+public class ViewConfigurationAction extends ConfluenceActionSupport {
+
+
     private final ConfigurationManager configurationManager;
     private final PermissionManager permissionManager;
 
-    public ViewConfigurationAction(ConfigurationManager configurationManager, PermissionManager permissionManager)
-    {
+    private boolean successFullUpdate;
+
+    public ViewConfigurationAction(ConfigurationManager configurationManager, PermissionManager permissionManager) {
         this.configurationManager = configurationManager;
         this.permissionManager = permissionManager;
     }
 
+    public void setResult(String result) {
+        if ("success".equals(result)) {
+            successFullUpdate = true;
+        }
+    }
+
     @Override
-    public boolean isPermitted()
-    {
+    public boolean isPermitted() {
         return permissionManager.hasPermission(getRemoteUser(), Permission.ADMINISTER, PermissionManager.TARGET_SYSTEM);
     }
 
-    public String getHipChatAuthToken()
-    {
+    public String getHipChatAuthToken() {
         return configurationManager.getHipChatAuthToken();
     }
 
     @Override
-    public String execute() throws Exception
-    {
+    public String execute() throws Exception {
         return Action.SUCCESS;
     }
+
+    public boolean isSuccessFullUpdate() {
+        return successFullUpdate;
+    }
 }

File src/main/resources/atlassian-plugin.properties

 hipchat-configuration.name=HipChat Configuration
 hipchat-space-configuration.name=HipChat
 hipchat.integrations=Integrations
-com.atlassian.labs.hipchat.actions.ViewSpaceConfigurationAction.action.name=HipChat Configuration
+com.atlassian.labs.hipchat.actions.ViewSpaceConfigurationAction.action.name=HipChat Configuration
+
+
+# Form handling
+hipchat.token.form.invalidtokenerror=Invalid HipChat authentication token

File src/main/resources/atlassian-plugin.xml

                 <result name="success" type="velocity">/templates/admin/configuration.vm</result>
             </action>
             <action name="doconfigure-hipchat" class="com.atlassian.labs.hipchat.actions.SaveConfigurationAction">
-                <result name="success" type="redirect">/admin/hipchat.action</result>
+                <interceptor-ref name="validatingStack"/>
+                <param name="RequireSecurityToken">true</param>
+                <result name="input" type="velocity">/templates/admin/configuration.vm</result>
+                <result name="error" type="velocity">/templates/admin/configuration.vm</result>
+                <result name="success" type="redirect">/admin/hipchat.action?result=success</result>
             </action>
 
         </package>
     <!-- Space config -->
     <xwork name="spaceConfigurationAction" key="spaceConfigurationAction">
         <package name="space-configure" extends="default" namespace="/spaces">
-            <default-interceptor-ref name="defaultStack"/>
+            <default-interceptor-ref name="validatingStack"/>
 
             <action name="hipchat" class="com.atlassian.labs.hipchat.actions.ViewSpaceConfigurationAction">
                 <result name="success" type="velocity">/templates/admin/space-config.vm</result>

File src/main/resources/templates/admin/configuration.vm

 </head>
 <body>
 <form action="$req.contextPath/admin/doconfigure-hipchat.action" method="post" class="aui">
+    #form_xsrfToken()
     <h2>HipChat API Auth Token Configuration</h2>
 
+    #if($actionErrors && $actionErrors.size() > 0)
+    <div class="aui-message error">
+        <span class="svg-icon error size-18"></span>
+        <strong>$action.getText("errors.occurred")</strong>
+        <ul>
+            #foreach($error in $actionErrors)
+                <li>$error</li>
+            #end
+        </ul>
+    </div>
+    #end
+    #if($action.successFullUpdate)
+        <div class="aui-message success shadowed closeable">
+            <p class="title">
+                <span class="aui-icon icon-success"></span>
+                <strong>API token successfully saved</strong>
+            </p>
+        </div>
+        <!-- .aui-message -->
+    #end
+
     <p>
         Confluence accesses HipChat through the HipChat API. This API is protected by an API token. To request an
         API token, go to <a href="https://hipchat.com/admin/api" target="_blank">HipChat's API Auth Token
         generate an <b>Admin</b> token. Copy and paste that token to the field below.
     </p>
 
+
+
     <div class="field-group">
         <label for="hipChatAuthToken">Admin Token<span class="aui-icon icon-required"></span><span class="content"> required</span></label>
         <input id="hipChatAuthToken" class="text" type="text" name="hipChatAuthToken" value="$action.hipChatAuthToken"/>