You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@fineract.apache.org by pt...@apache.org on 2021/04/12 22:11:02 UTC
[fineract] branch develop updated (82d7910 -> 134ea4d)
This is an automated email from the ASF dual-hosted git repository.
ptuomola pushed a change to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git.
from 82d7910 chore(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v5.12.0
new 43e038e FINERACT-854 Use prepared statements instead of string concatenated SQL everywhere PART 1
new 5919d38 Use prepared statements instead of string concatenated SQL everywhere - WIP (FINERACT-854)
new f96fc7d Fix format (FINERACT-854)
new 859ce5a Use prepared statements instead of string concatenated SQL everywhere - WIP (FINERACT-854)
new 237c0c1 Use prepared statements instead of string concatenated SQL everywhere - WIP (FINERACT-854)
new adb8caf Use prepared statements instead of string concatenated SQL everywhere - WIP (FINERACT-854)
new 678bc3a Fix Tenant SQLi (FINERACT-854)
new 63e4273 Fix Duplicate entry whilst issue (FINERACT-854)
new b3d0025 Fix some reporting issues including SQLi vulnerabilities (FINERACT-854)
new d3ef3b8 Code review changes (FINERACT-854)
new 134ea4d Use prepared statements instead of string concatenated SQL everywhere (FINERACT-854)
The 11 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
...ProvisioningEntriesReadPlatformServiceImpl.java | 15 +++++-----
.../service/EmailReadPlatformServiceImpl.java | 25 +++++++----------
.../ConfigurationReadPlatformServiceImpl.java | 5 ++--
.../service/ReadReportingServiceImpl.java | 32 ++++++----------------
.../service/BasicAuthTenantDetailsServiceJdbc.java | 2 +-
.../security/service/JdbcTenantDetailsService.java | 2 +-
.../V6__add_unique_tenant_identifier.sql} | 2 +-
7 files changed, 31 insertions(+), 52 deletions(-)
copy fineract-provider/src/main/resources/sql/migrations/{core_db/V31__drop-autopostings.sql => list_db/V6__add_unique_tenant_identifier.sql} (94%)
mode change 100755 => 100644
[fineract] 01/11: FINERACT-854 Use prepared statements instead of
string concatenated SQL everywhere PART 1
Posted by pt...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ptuomola pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git
commit 43e038e5a61d5a06cf63ac99913a83acb4aaba9b
Author: Joseph Makara <jo...@strathmore.edu>
AuthorDate: Sun Mar 21 12:38:58 2021 +0300
FINERACT-854 Use prepared statements instead of string concatenated SQL everywhere PART 1
---
.../service/ProvisioningEntriesReadPlatformServiceImpl.java | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
index 69ec728..89059b1 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
@@ -58,26 +58,26 @@ public class ProvisioningEntriesReadPlatformServiceImpl implements ProvisioningE
public Collection<LoanProductProvisioningEntryData> retrieveLoanProductsProvisioningData(Date date) {
String formattedDate = new SimpleDateFormat("yyyy-MM-dd").format(date);
formattedDate = "'" + formattedDate + "'";
- LoanProductProvisioningEntryMapper mapper = new LoanProductProvisioningEntryMapper(formattedDate);
+ LoanProductProvisioningEntryMapper mapper = new LoanProductProvisioningEntryMapper();
final String sql = mapper.schema();
- return this.jdbcTemplate.query(sql, mapper, new Object[] {});
+ return this.jdbcTemplate.query(sql, mapper, new Object[] {formattedDate, formattedDate, formattedDate});
}
private static final class LoanProductProvisioningEntryMapper implements RowMapper<LoanProductProvisioningEntryData> {
private final StringBuilder sqlQuery;
- private LoanProductProvisioningEntryMapper(String formattedDate) {
+ private LoanProductProvisioningEntryMapper() {
sqlQuery = new StringBuilder().append(
"select if(loan.loan_type_enum=1, mclient.office_id, mgroup.office_id) as office_id, loan.loan_type_enum, pcd.criteria_id as criteriaid, loan.product_id,loan.currency_code,")
- .append("GREATEST(datediff(").append(formattedDate)
+ .append("GREATEST(datediff(?")
.append(",sch.duedate),0) as numberofdaysoverdue,sch.duedate, pcd.category_id, pcd.provision_percentage,")
.append("loan.total_outstanding_derived as outstandingbalance, pcd.liability_account, pcd.expense_account from m_loan_repayment_schedule sch")
.append(" LEFT JOIN m_loan loan on sch.loan_id = loan.id")
.append(" JOIN m_loanproduct_provisioning_mapping lpm on lpm.product_id = loan.product_id")
.append(" JOIN m_provisioning_criteria_definition pcd on pcd.criteria_id = lpm.criteria_id and ")
- .append("(pcd.min_age <= GREATEST(datediff(").append(formattedDate).append(",sch.duedate),0) and ")
- .append("GREATEST(datediff(").append(formattedDate).append(",sch.duedate),0) <= pcd.max_age) and ")
+ .append("(pcd.min_age <= GREATEST(datediff(?").append(",sch.duedate),0) and ")
+ .append("GREATEST(datediff(?").append(",sch.duedate),0) <= pcd.max_age) and ")
.append("pcd.criteria_id is not null ").append("LEFT JOIN m_client mclient ON mclient.id = loan.client_id ")
.append("LEFT JOIN m_group mgroup ON mgroup.id = loan.group_id ")
.append("where loan.loan_status_id=300 and sch.duedate = ")
[fineract] 04/11: Use prepared statements instead of string
concatenated SQL everywhere - WIP (FINERACT-854)
Posted by pt...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ptuomola pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git
commit 859ce5af62bcc0fae2f62e982004458e223f0bb8
Author: Joseph Makara <jo...@strathmore.edu>
AuthorDate: Sat Mar 27 17:15:46 2021 +0300
Use prepared statements instead of string concatenated SQL everywhere - WIP (FINERACT-854)
---
.../service/ConfigurationReadPlatformServiceImpl.java | 2 +-
.../dataqueries/service/GenericDataServiceImpl.java | 4 ++--
.../core_db/V365__reportCategoryList-FINERACT-1306.sql | 9 +++++++--
3 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/configuration/service/ConfigurationReadPlatformServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/configuration/service/ConfigurationReadPlatformServiceImpl.java
index d41a020..65eaec1 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/configuration/service/ConfigurationReadPlatformServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/configuration/service/ConfigurationReadPlatformServiceImpl.java
@@ -62,7 +62,7 @@ public class ConfigurationReadPlatformServiceImpl implements ConfigurationReadPl
sql += " order by c.id";
final List<GlobalConfigurationPropertyData> globalConfiguration = this.jdbcTemplate.query(sql, this.rm,
- new Object[] { DataTableApiConstant.CATEGORY_PPI });
+ survey ? new Object[] { DataTableApiConstant.CATEGORY_PPI } : new Object[] {});
return new GlobalConfigurationData(globalConfiguration);
}
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java
index 3341389..078d3d3 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java
@@ -281,7 +281,7 @@ public class GenericDataServiceImpl implements GenericDataService {
final List<ResultsetColumnValueData> columnValues = new ArrayList<>();
if (codeId != null) {
- final String sql = "select v.id, v.code_value from m_code_value v where v.code_id =?" + " order by v.order_position, v.id";
+ final String sql = "select v.id, v.code_value from m_code_value v where v.code_id =? order by v.order_position, v.id";
final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql, Integer.class, new Object[] { codeId });
rsValues.beforeFirst();
while (rsValues.next()) {
@@ -297,7 +297,7 @@ public class GenericDataServiceImpl implements GenericDataService {
private SqlRowSet getDatatableMetaData(final String datatable) {
final String sql = "select COLUMN_NAME, IS_NULLABLE, DATA_TYPE, CHARACTER_MAXIMUM_LENGTH, COLUMN_KEY"
- + " from INFORMATION_SCHEMA.COLUMNS " + " where TABLE_SCHEMA = schema() and TABLE_NAME = ?" + " order by ORDINAL_POSITION";
+ + " from INFORMATION_SCHEMA.COLUMNS " + " where TABLE_SCHEMA = schema() and TABLE_NAME = ? order by ORDINAL_POSITION";
final SqlRowSet columnDefinitions = this.jdbcTemplate.queryForRowSet(sql, String.class, new Object[] { datatable });
if (columnDefinitions.next()) {
diff --git a/fineract-provider/src/main/resources/sql/migrations/core_db/V365__reportCategoryList-FINERACT-1306.sql b/fineract-provider/src/main/resources/sql/migrations/core_db/V365__reportCategoryList-FINERACT-1306.sql
index 70ffd5d..23253a3 100644
--- a/fineract-provider/src/main/resources/sql/migrations/core_db/V365__reportCategoryList-FINERACT-1306.sql
+++ b/fineract-provider/src/main/resources/sql/migrations/core_db/V365__reportCategoryList-FINERACT-1306.sql
@@ -18,5 +18,10 @@
--
-- two tables added: ReportCategoryList and FullReportList (FINERACT-1306)
-INSERT INTO stretchy_report (report_name, report_type, report_category, report_sql, description, core_report, use_report)VALUES ("ReportCategoryList", 'Table', '(NULL)', '(NULL)', '(NULL)', 1, 1);
-INSERT INTO stretchy_report (report_name, report_type, report_category, report_sql, description, core_report, use_report)VALUES ("FullReportList", 'Table', '(NULL)', '(NULL)', '(NULL)', 1, 1);
+INSERT INTO stretchy_report (report_name, report_type, report_category, report_sql, description, core_report, use_report)
+SELECT "ReportCategoryList", 'Table', '(NULL)', '(NULL)', '(NULL)', 1, 1
+ON DUPLICATE key UPDATE report_name = 'ReportCategoryList';
+
+INSERT INTO stretchy_report (report_name, report_type, report_category, report_sql, description, core_report, use_report)
+SELECT "FullReportList", 'Table', '(NULL)', '(NULL)', '(NULL)', 1, 1
+ON DUPLICATE key UPDATE report_name = 'FullReportList';
[fineract] 08/11: Fix Duplicate entry whilst issue (FINERACT-854)
Posted by pt...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ptuomola pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git
commit 63e427333e063ece7a29f3beb4d03a202843f71f
Author: Joseph Makara <jo...@strathmore.edu>
AuthorDate: Mon Mar 29 11:55:37 2021 +0300
Fix Duplicate entry whilst issue (FINERACT-854)
---
.../sql/migrations/core_db/V365__reportCategoryList-FINERACT-1306.sql | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fineract-provider/src/main/resources/sql/migrations/core_db/V365__reportCategoryList-FINERACT-1306.sql b/fineract-provider/src/main/resources/sql/migrations/core_db/V365__reportCategoryList-FINERACT-1306.sql
index 23253a3..794ab21 100644
--- a/fineract-provider/src/main/resources/sql/migrations/core_db/V365__reportCategoryList-FINERACT-1306.sql
+++ b/fineract-provider/src/main/resources/sql/migrations/core_db/V365__reportCategoryList-FINERACT-1306.sql
@@ -19,9 +19,9 @@
-- two tables added: ReportCategoryList and FullReportList (FINERACT-1306)
INSERT INTO stretchy_report (report_name, report_type, report_category, report_sql, description, core_report, use_report)
-SELECT "ReportCategoryList", 'Table', '(NULL)', '(NULL)', '(NULL)', 1, 1
+SELECT 'ReportCategoryList', 'Table', NULL, NULL, NULL, 1, 1
ON DUPLICATE key UPDATE report_name = 'ReportCategoryList';
INSERT INTO stretchy_report (report_name, report_type, report_category, report_sql, description, core_report, use_report)
-SELECT "FullReportList", 'Table', '(NULL)', '(NULL)', '(NULL)', 1, 1
+SELECT 'FullReportList', 'Table', NULL, NULL, NULL, 1, 1
ON DUPLICATE key UPDATE report_name = 'FullReportList';
[fineract] 09/11: Fix some reporting issues including SQLi
vulnerabilities (FINERACT-854)
Posted by pt...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ptuomola pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git
commit b3d00252f5e90c340faa3ddb7e9b2eb954c8dad6
Author: Joseph Makara <jo...@strathmore.edu>
AuthorDate: Sun Apr 4 15:28:24 2021 +0300
Fix some reporting issues including SQLi vulnerabilities (FINERACT-854)
---
.../dataqueries/api/RunreportsApiResource.java | 10 ++++++-
.../service/ReadReportingServiceImpl.java | 32 ++++++----------------
2 files changed, 17 insertions(+), 25 deletions(-)
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/api/RunreportsApiResource.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/api/RunreportsApiResource.java
index 0f0c4c5..aa9bbb8 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/api/RunreportsApiResource.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/api/RunreportsApiResource.java
@@ -39,6 +39,7 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.fineract.infrastructure.core.api.ApiParameterHelper;
import org.apache.fineract.infrastructure.core.exception.PlatformServiceUnavailableException;
+import org.apache.fineract.infrastructure.dataqueries.service.DatatableReportingProcessService;
import org.apache.fineract.infrastructure.dataqueries.service.ReadReportingService;
import org.apache.fineract.infrastructure.report.provider.ReportingProcessServiceProvider;
import org.apache.fineract.infrastructure.report.service.ReportingProcessService;
@@ -60,13 +61,16 @@ public class RunreportsApiResource {
private final PlatformSecurityContext context;
private final ReadReportingService readExtraDataAndReportingService;
private final ReportingProcessServiceProvider reportingProcessServiceProvider;
+ private final DatatableReportingProcessService datatableReportingProcessService;
@Autowired
public RunreportsApiResource(final PlatformSecurityContext context, final ReadReportingService readExtraDataAndReportingService,
- final ReportingProcessServiceProvider reportingProcessServiceProvider) {
+ final ReportingProcessServiceProvider reportingProcessServiceProvider,
+ DatatableReportingProcessService aDatatableReportingProcessService) {
this.context = context;
this.readExtraDataAndReportingService = readExtraDataAndReportingService;
this.reportingProcessServiceProvider = reportingProcessServiceProvider;
+ datatableReportingProcessService = aDatatableReportingProcessService;
}
@GET
@@ -105,6 +109,10 @@ public class RunreportsApiResource {
// Pass through isSelfServiceUserReport so that ReportingProcessService implementations can use it
queryParams.putSingle(IS_SELF_SERVICE_USER_REPORT_PARAMETER, Boolean.toString(isSelfServiceUserReport));
+ if (parameterType) {
+ return datatableReportingProcessService.processRequest(reportName, queryParams);
+ }
+
String reportType = this.readExtraDataAndReportingService.getReportType(reportName, isSelfServiceUserReport);
ReportingProcessService reportingProcessService = this.reportingProcessServiceProvider.findReportingProcessService(reportType);
if (reportingProcessService == null) {
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadReportingServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadReportingServiceImpl.java
index 43584f3..cd538e3 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadReportingServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadReportingServiceImpl.java
@@ -38,7 +38,6 @@ import java.util.Map;
import java.util.Set;
import javax.sql.DataSource;
import javax.ws.rs.core.StreamingOutput;
-import org.apache.commons.lang3.StringUtils;
import org.apache.fineract.infrastructure.core.domain.JdbcSupport;
import org.apache.fineract.infrastructure.core.exception.PlatformDataIntegrityException;
import org.apache.fineract.infrastructure.core.service.RoutingDataSource;
@@ -51,8 +50,6 @@ import org.apache.fineract.infrastructure.dataqueries.data.ResultsetRowData;
import org.apache.fineract.infrastructure.dataqueries.exception.ReportNotFoundException;
import org.apache.fineract.infrastructure.documentmanagement.contentrepository.FileSystemContentRepository;
import org.apache.fineract.infrastructure.security.service.PlatformSecurityContext;
-import org.apache.fineract.infrastructure.security.utils.ColumnValidator;
-import org.apache.fineract.infrastructure.security.utils.SQLInjectionException;
import org.apache.fineract.useradministration.domain.AppUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -66,22 +63,19 @@ import org.springframework.stereotype.Service;
public class ReadReportingServiceImpl implements ReadReportingService {
private static final Logger LOG = LoggerFactory.getLogger(ReadReportingServiceImpl.class);
- private static final String REPORT_NAME_REGEX_PATTERN = "^[a-zA-Z][a-zA-Z0-9\\-_\\s]{0,48}[a-zA-Z0-9\\s](\\([a-zA-Z]*\\))?$";
private final JdbcTemplate jdbcTemplate;
private final DataSource dataSource;
private final PlatformSecurityContext context;
private final GenericDataService genericDataService;
- private final ColumnValidator columnValidator;
@Autowired
public ReadReportingServiceImpl(final PlatformSecurityContext context, final RoutingDataSource dataSource,
- final GenericDataService genericDataService, final ColumnValidator columnValidator) {
+ final GenericDataService genericDataService) {
this.context = context;
this.dataSource = dataSource;
this.jdbcTemplate = new JdbcTemplate(this.dataSource);
this.genericDataService = genericDataService;
- this.columnValidator = columnValidator;
}
@Override
@@ -204,13 +198,12 @@ public class ReadReportingServiceImpl implements ReadReportingService {
}
private String getSql(final String name, final String type) {
- final String inputSql = "select " + type + "_sql as the_sql from stretchy_" + type + " where " + type + "_name = '" + name + "'";
- validateReportName(name);
+ final String inputSql = "select " + type + "_sql as the_sql from stretchy_" + type + " where " + type + "_name = ?";
final String inputSqlWrapped = this.genericDataService.wrapSQL(inputSql);
// the return statement contains the exact sql required
- final SqlRowSet rs = this.jdbcTemplate.queryForRowSet(inputSqlWrapped);
+ final SqlRowSet rs = this.jdbcTemplate.queryForRowSet(inputSqlWrapped, name);
if (rs.next() && rs.getString("the_sql") != null) {
return rs.getString("the_sql");
@@ -220,14 +213,11 @@ public class ReadReportingServiceImpl implements ReadReportingService {
@Override
public String getReportType(final String reportName, final boolean isSelfServiceUserReport) {
- final String sql = "SELECT ifnull(report_type,'') as report_type FROM `stretchy_report` where report_name = '" + reportName
- + "' and self_service_user_report = ?";
- validateReportName(reportName);
- this.columnValidator.validateSqlInjection(sql, reportName);
+ final String sql = "SELECT ifNull(report_type,'') AS report_type FROM `stretchy_report` WHERE report_name = ? AND self_service_user_report = ?";
final String sqlWrapped = this.genericDataService.wrapSQL(sql);
- final SqlRowSet rs = this.jdbcTemplate.queryForRowSet(sqlWrapped, isSelfServiceUserReport);
+ final SqlRowSet rs = this.jdbcTemplate.queryForRowSet(sqlWrapped, reportName, isSelfServiceUserReport);
if (rs.next()) {
return rs.getString("report_type");
@@ -323,7 +313,8 @@ public class ReadReportingServiceImpl implements ReadReportingService {
final String sql = rm.schema(id);
- final Collection<ReportParameterJoinData> rpJoins = this.jdbcTemplate.query(sql, rm);
+ final Collection<ReportParameterJoinData> rpJoins = this.jdbcTemplate.query(sql, rm,
+ id != null ? new Object[] { id } : new Object[] {});
final Collection<ReportData> reportList = new ArrayList<>();
if (rpJoins == null || rpJoins.size() == 0) {
@@ -416,7 +407,7 @@ public class ReadReportingServiceImpl implements ReadReportingService {
sql += " from stretchy_report r" + " left join stretchy_report_parameter rp on rp.report_id = r.id"
+ " left join stretchy_parameter p on p.id = rp.parameter_id";
if (reportId != null) {
- sql += " where r.id = " + reportId;
+ sql += " where r.id = ?";
} else {
sql += " order by r.id, rp.parameter_id";
}
@@ -498,7 +489,6 @@ public class ReadReportingServiceImpl implements ReadReportingService {
final Set<String> keys = queryParams.keySet();
for (String key : keys) {
final String pValue = queryParams.get(key);
- // LOG.info("(" + key + " : " + pValue + ")");
key = "${" + key + "}";
sql = this.genericDataService.replace(sql, key, pValue);
}
@@ -568,10 +558,4 @@ public class ReadReportingServiceImpl implements ReadReportingService {
*/
return null;
}
-
- private void validateReportName(final String name) {
- if (!StringUtils.isBlank(name) && !name.matches(REPORT_NAME_REGEX_PATTERN)) {
- throw new SQLInjectionException();
- }
- }
}
[fineract] 05/11: Use prepared statements instead of string
concatenated SQL everywhere - WIP (FINERACT-854)
Posted by pt...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ptuomola pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git
commit 237c0c12931bf186880f1254afdb710fd6134bf9
Author: Joseph Makara <jo...@strathmore.edu>
AuthorDate: Sat Mar 27 18:54:53 2021 +0300
Use prepared statements instead of string concatenated SQL everywhere - WIP (FINERACT-854)
---
.../service/GenericDataServiceImpl.java | 23 ++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java
index 078d3d3..8c11f88 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java
@@ -261,9 +261,9 @@ public class GenericDataServiceImpl implements GenericDataService {
final List<ResultsetColumnValueData> columnValues = new ArrayList<>();
final String sql = "select v.id, v.code_score, v.code_value from m_code m " + " join m_code_value v on v.code_id = m.id "
- + " where m.code_name = ? order by v.order_position, v.id";
+ + " where m.code_name = '" + codeName + "' order by v.order_position, v.id";
- final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql, String.class, new Object[] { codeName });
+ final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql);
rsValues.beforeFirst();
while (rsValues.next()) {
@@ -281,8 +281,9 @@ public class GenericDataServiceImpl implements GenericDataService {
final List<ResultsetColumnValueData> columnValues = new ArrayList<>();
if (codeId != null) {
- final String sql = "select v.id, v.code_value from m_code_value v where v.code_id =? order by v.order_position, v.id";
- final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql, Integer.class, new Object[] { codeId });
+ final String sql = "select v.id, v.code_value from m_code_value v where v.code_id =" + codeId
+ + " order by v.order_position, v.id";
+ final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql);
rsValues.beforeFirst();
while (rsValues.next()) {
final Integer id = rsValues.getInt("id");
@@ -297,9 +298,10 @@ public class GenericDataServiceImpl implements GenericDataService {
private SqlRowSet getDatatableMetaData(final String datatable) {
final String sql = "select COLUMN_NAME, IS_NULLABLE, DATA_TYPE, CHARACTER_MAXIMUM_LENGTH, COLUMN_KEY"
- + " from INFORMATION_SCHEMA.COLUMNS " + " where TABLE_SCHEMA = schema() and TABLE_NAME = ? order by ORDINAL_POSITION";
+ + " from INFORMATION_SCHEMA.COLUMNS " + " where TABLE_SCHEMA = schema() and TABLE_NAME = '" + datatable
+ + "'order by ORDINAL_POSITION";
- final SqlRowSet columnDefinitions = this.jdbcTemplate.queryForRowSet(sql, String.class, new Object[] { datatable });
+ final SqlRowSet columnDefinitions = this.jdbcTemplate.queryForRowSet(sql);
if (columnDefinitions.next()) {
return columnDefinitions;
}
@@ -307,10 +309,11 @@ public class GenericDataServiceImpl implements GenericDataService {
throw new DatatableNotFoundException(datatable);
}
- private SqlRowSet getDatatableCodeData(final String aDatatable, final String aColumnName) {
- String datatableColumnName = aDatatable.toLowerCase().replaceAll("\\s", "_") + "_" + aColumnName;
- final String sql = "select mc.id,mc.code_name from m_code mc join x_table_column_code_mappings xcc on xcc.code_id = mc.id where xcc.column_alias_name=?";
- final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql, String.class, new Object[] { datatableColumnName });
+ private SqlRowSet getDatatableCodeData(final String datatable, final String columnName) {
+
+ final String sql = "select mc.id,mc.code_name from m_code mc join x_table_column_code_mappings xcc on xcc.code_id = mc.id where xcc.column_alias_name='"
+ + datatable.toLowerCase().replaceAll("\\s", "_") + "_" + columnName + "'";
+ final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql);
return rsValues;
}
[fineract] 07/11: Fix Tenant SQLi (FINERACT-854)
Posted by pt...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ptuomola pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git
commit 678bc3a5f3771359e568e2b21a7e30896535c76c
Author: Joseph Makara <jo...@strathmore.edu>
AuthorDate: Sun Mar 28 22:02:12 2021 +0300
Fix Tenant SQLi (FINERACT-854)
---
.../service/BasicAuthTenantDetailsServiceJdbc.java | 13 ++++-----
.../security/service/JdbcTenantDetailsService.java | 31 ++++++++++++++--------
.../list_db/V6__add_unique_tenant_identifier.sql | 20 ++++++++++++++
3 files changed, 47 insertions(+), 17 deletions(-)
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/BasicAuthTenantDetailsServiceJdbc.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/BasicAuthTenantDetailsServiceJdbc.java
index c0783d6..a5c1596 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/BasicAuthTenantDetailsServiceJdbc.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/BasicAuthTenantDetailsServiceJdbc.java
@@ -49,7 +49,7 @@ public class BasicAuthTenantDetailsServiceJdbc implements BasicAuthTenantDetails
private static final class TenantMapper implements RowMapper<FineractPlatformTenant> {
private final boolean isReport;
- private final StringBuilder sqlBuilder = new StringBuilder(" t.id, ts.id as connectionId , ")//
+ private final StringBuilder sqlBuilder = new StringBuilder("SELECT t.id, ts.id as connectionId, ")//
.append(" t.timezone_id as timezoneId , t.name,t.identifier, ts.schema_name as schemaName, ts.schema_server as schemaServer,")//
.append(" ts.schema_server_port as schemaServerPort, ts.schema_connection_parameters as schemaConnectionParameters, ts.auto_update as autoUpdate,")//
.append(" ts.schema_username as schemaUsername, ts.schema_password as schemaPassword , ts.pool_initial_size as initialSize,")//
@@ -60,7 +60,7 @@ public class BasicAuthTenantDetailsServiceJdbc implements BasicAuthTenantDetails
.append(" ts.pool_min_evictable_idle_time_millis as poolMinEvictableIdleTimeMillis,")//
.append(" ts.deadlock_max_retries as maxRetriesOnDeadlock,")//
.append(" ts.deadlock_max_retry_interval as maxIntervalBetweenRetries ")//
- .append(" from tenants t left join tenant_server_connections ts ");
+ .append("FROM tenants t LEFT JOIN tenant_server_connections ts ");
TenantMapper(boolean isReport) {
this.isReport = isReport;
@@ -68,10 +68,11 @@ public class BasicAuthTenantDetailsServiceJdbc implements BasicAuthTenantDetails
public String schema() {
if (this.isReport) {
- this.sqlBuilder.append(" on t.report_Id = ts.id");
+ this.sqlBuilder.append(" ON t.report_Id = ts.id");
} else {
- this.sqlBuilder.append(" on t.oltp_Id = ts.id");
+ this.sqlBuilder.append(" ON t.oltp_Id = ts.id");
}
+ this.sqlBuilder.append(" WHERE t.identifier = ?");
return this.sqlBuilder.toString();
}
@@ -138,9 +139,9 @@ public class BasicAuthTenantDetailsServiceJdbc implements BasicAuthTenantDetails
try {
final TenantMapper rm = new TenantMapper(isReport);
- final String sql = "select " + rm.schema() + " where t.identifier like ?";
+ final String sql = rm.schema();
- return this.jdbcTemplate.queryForObject(sql, rm, new Object[] { tenantIdentifier });
+ return this.jdbcTemplate.queryForObject(sql, rm, tenantIdentifier);
} catch (final EmptyResultDataAccessException e) {
throw new InvalidTenantIdentiferException("The tenant identifier: " + tenantIdentifier + " is not valid.", e);
}
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/JdbcTenantDetailsService.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/JdbcTenantDetailsService.java
index dd1551a..879fec9 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/JdbcTenantDetailsService.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/JdbcTenantDetailsService.java
@@ -49,7 +49,9 @@ public class JdbcTenantDetailsService implements TenantDetailsService {
private static final class TenantMapper implements RowMapper<FineractPlatformTenant> {
- private final StringBuilder sqlBuilder = new StringBuilder("t.id, ts.id as connectionId , ")//
+ private final String tenantIdentifier;
+
+ private final StringBuilder sqlBuilder = new StringBuilder("SELECT t.id, ts.id as connectionId, ")//
.append(" t.timezone_id as timezoneId , t.name,t.identifier, ts.schema_name as schemaName, ts.schema_server as schemaServer,")//
.append(" ts.schema_server_port as schemaServerPort, ts.schema_connection_parameters as schemaConnectionParameters, ts.auto_update as autoUpdate,")//
.append(" ts.schema_username as schemaUsername, ts.schema_password as schemaPassword , ts.pool_initial_size as initialSize,")//
@@ -60,21 +62,28 @@ public class JdbcTenantDetailsService implements TenantDetailsService {
.append(" ts.pool_min_evictable_idle_time_millis as poolMinEvictableIdleTimeMillis,")//
.append(" ts.deadlock_max_retries as maxRetriesOnDeadlock,")//
.append(" ts.deadlock_max_retry_interval as maxIntervalBetweenRetries ")//
- .append(" from tenants t left join tenant_server_connections ts on t.oltp_Id=ts.id ");
+ .append("FROM tenants t LEFT JOIN tenant_server_connections ts ON t.oltp_Id=ts.id ");
+
+ TenantMapper(String aTenantIdentifier) {
+ this.tenantIdentifier = aTenantIdentifier;
+ }
public String schema() {
+ if (tenantIdentifier != null) {
+ this.sqlBuilder.append(" WHERE t.identifier = ?");
+ }
return this.sqlBuilder.toString();
}
@Override
public FineractPlatformTenant mapRow(final ResultSet rs, @SuppressWarnings("unused") final int rowNum) throws SQLException {
final Long id = rs.getLong("id");
- final String tenantIdentifier = rs.getString("identifier");
+ final String identifier = rs.getString("identifier");
final String name = rs.getString("name");
final String timezoneId = rs.getString("timezoneId");
final FineractPlatformTenantConnection connection = getDBConnection(rs);
- return new FineractPlatformTenant(id, tenantIdentifier, name, timezoneId, connection);
+ return new FineractPlatformTenant(id, identifier, name, timezoneId, connection);
}
// gets the DB connection
@@ -127,22 +136,22 @@ public class JdbcTenantDetailsService implements TenantDetailsService {
@Override
@Cacheable(value = "tenantsById")
- public FineractPlatformTenant loadTenantById(final String tenantIdentifier) {
+ public FineractPlatformTenant loadTenantById(final String aTenantIdentifier) {
try {
- final TenantMapper rm = new TenantMapper();
- final String sql = "select " + rm.schema() + " where t.identifier like ?";
+ final TenantMapper rm = new TenantMapper(aTenantIdentifier);
+ final String sql = rm.schema();
- return this.jdbcTemplate.queryForObject(sql, rm, new Object[] { tenantIdentifier });
+ return this.jdbcTemplate.queryForObject(sql, rm, aTenantIdentifier);
} catch (final EmptyResultDataAccessException e) {
- throw new InvalidTenantIdentiferException("The tenant identifier: " + tenantIdentifier + " is not valid.", e);
+ throw new InvalidTenantIdentiferException("The tenant identifier: " + aTenantIdentifier + " is not valid.", e);
}
}
@Override
public List<FineractPlatformTenant> findAllTenants() {
- final TenantMapper rm = new TenantMapper();
- final String sql = "select " + rm.schema();
+ final TenantMapper rm = new TenantMapper(null);
+ final String sql = rm.schema();
final List<FineractPlatformTenant> fineractPlatformTenants = this.jdbcTemplate.query(sql, rm, new Object[] {});
return fineractPlatformTenants;
diff --git a/fineract-provider/src/main/resources/sql/migrations/list_db/V6__add_unique_tenant_identifier.sql b/fineract-provider/src/main/resources/sql/migrations/list_db/V6__add_unique_tenant_identifier.sql
new file mode 100644
index 0000000..f94da8f
--- /dev/null
+++ b/fineract-provider/src/main/resources/sql/migrations/list_db/V6__add_unique_tenant_identifier.sql
@@ -0,0 +1,20 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership. The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied. See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+--
+
+ALTER TABLE tenants ADD UNIQUE (identifier);
[fineract] 02/11: Use prepared statements instead of string
concatenated SQL everywhere - WIP (FINERACT-854)
Posted by pt...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ptuomola pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git
commit 5919d38f69fcd9b3f4619051d2656b58de0dc2fb
Author: Joseph Makara <jo...@strathmore.edu>
AuthorDate: Sun Mar 21 13:28:07 2021 +0300
Use prepared statements instead of string concatenated SQL everywhere - WIP (FINERACT-854)
---
.../service/GenericDataServiceImpl.java | 23 +++++++++++-----------
1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java
index 8c11f88..b75df1f 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java
@@ -261,9 +261,9 @@ public class GenericDataServiceImpl implements GenericDataService {
final List<ResultsetColumnValueData> columnValues = new ArrayList<>();
final String sql = "select v.id, v.code_score, v.code_value from m_code m " + " join m_code_value v on v.code_id = m.id "
- + " where m.code_name = '" + codeName + "' order by v.order_position, v.id";
+ + " where m.code_name = ? order by v.order_position, v.id";
- final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql);
+ final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql, String.class, new Object[] {codeName});
rsValues.beforeFirst();
while (rsValues.next()) {
@@ -281,9 +281,9 @@ public class GenericDataServiceImpl implements GenericDataService {
final List<ResultsetColumnValueData> columnValues = new ArrayList<>();
if (codeId != null) {
- final String sql = "select v.id, v.code_value from m_code_value v where v.code_id =" + codeId
+ final String sql = "select v.id, v.code_value from m_code_value v where v.code_id =?"
+ " order by v.order_position, v.id";
- final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql);
+ final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql, Integer.class, new Object[] {codeId});
rsValues.beforeFirst();
while (rsValues.next()) {
final Integer id = rsValues.getInt("id");
@@ -298,10 +298,10 @@ public class GenericDataServiceImpl implements GenericDataService {
private SqlRowSet getDatatableMetaData(final String datatable) {
final String sql = "select COLUMN_NAME, IS_NULLABLE, DATA_TYPE, CHARACTER_MAXIMUM_LENGTH, COLUMN_KEY"
- + " from INFORMATION_SCHEMA.COLUMNS " + " where TABLE_SCHEMA = schema() and TABLE_NAME = '" + datatable
- + "'order by ORDINAL_POSITION";
+ + " from INFORMATION_SCHEMA.COLUMNS " + " where TABLE_SCHEMA = schema() and TABLE_NAME = ?"
+ + " order by ORDINAL_POSITION";
- final SqlRowSet columnDefinitions = this.jdbcTemplate.queryForRowSet(sql);
+ final SqlRowSet columnDefinitions = this.jdbcTemplate.queryForRowSet(sql, String.class, new Object[] {datatable});
if (columnDefinitions.next()) {
return columnDefinitions;
}
@@ -309,11 +309,10 @@ public class GenericDataServiceImpl implements GenericDataService {
throw new DatatableNotFoundException(datatable);
}
- private SqlRowSet getDatatableCodeData(final String datatable, final String columnName) {
-
- final String sql = "select mc.id,mc.code_name from m_code mc join x_table_column_code_mappings xcc on xcc.code_id = mc.id where xcc.column_alias_name='"
- + datatable.toLowerCase().replaceAll("\\s", "_") + "_" + columnName + "'";
- final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql);
+ private SqlRowSet getDatatableCodeData(final String aDatatable, final String aColumnName) {
+ String datatableColumnName = aDatatable.toLowerCase().replaceAll("\\s", "_") + "_" + aColumnName;
+ final String sql = "select mc.id,mc.code_name from m_code mc join x_table_column_code_mappings xcc on xcc.code_id = mc.id where xcc.column_alias_name=?";
+ final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql, String.class, new Object[] {datatableColumnName});
return rsValues;
}
[fineract] 03/11: Fix format (FINERACT-854)
Posted by pt...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ptuomola pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git
commit f96fc7df39d73bde6522fa54a5e4b121ee286f9e
Author: Joseph Makara <jo...@strathmore.edu>
AuthorDate: Sun Mar 21 14:07:47 2021 +0300
Fix format (FINERACT-854)
---
...ProvisioningEntriesReadPlatformServiceImpl.java | 8 +++----
.../service/EmailReadPlatformServiceImpl.java | 25 +++++++++-------------
.../ConfigurationReadPlatformServiceImpl.java | 5 +++--
.../service/GenericDataServiceImpl.java | 14 ++++++------
4 files changed, 23 insertions(+), 29 deletions(-)
diff --git a/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
index 89059b1..2d19a68 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
@@ -60,7 +60,7 @@ public class ProvisioningEntriesReadPlatformServiceImpl implements ProvisioningE
formattedDate = "'" + formattedDate + "'";
LoanProductProvisioningEntryMapper mapper = new LoanProductProvisioningEntryMapper();
final String sql = mapper.schema();
- return this.jdbcTemplate.query(sql, mapper, new Object[] {formattedDate, formattedDate, formattedDate});
+ return this.jdbcTemplate.query(sql, mapper, new Object[] { formattedDate, formattedDate, formattedDate });
}
private static final class LoanProductProvisioningEntryMapper implements RowMapper<LoanProductProvisioningEntryData> {
@@ -76,9 +76,9 @@ public class ProvisioningEntriesReadPlatformServiceImpl implements ProvisioningE
.append(" LEFT JOIN m_loan loan on sch.loan_id = loan.id")
.append(" JOIN m_loanproduct_provisioning_mapping lpm on lpm.product_id = loan.product_id")
.append(" JOIN m_provisioning_criteria_definition pcd on pcd.criteria_id = lpm.criteria_id and ")
- .append("(pcd.min_age <= GREATEST(datediff(?").append(",sch.duedate),0) and ")
- .append("GREATEST(datediff(?").append(",sch.duedate),0) <= pcd.max_age) and ")
- .append("pcd.criteria_id is not null ").append("LEFT JOIN m_client mclient ON mclient.id = loan.client_id ")
+ .append("(pcd.min_age <= GREATEST(datediff(?").append(",sch.duedate),0) and ").append("GREATEST(datediff(?")
+ .append(",sch.duedate),0) <= pcd.max_age) and ").append("pcd.criteria_id is not null ")
+ .append("LEFT JOIN m_client mclient ON mclient.id = loan.client_id ")
.append("LEFT JOIN m_group mgroup ON mgroup.id = loan.group_id ")
.append("where loan.loan_status_id=300 and sch.duedate = ")
.append("(select MIN(sch1.duedate) from m_loan_repayment_schedule sch1 where sch1.loan_id=loan.id and sch1.completed_derived=false)");
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/campaigns/email/service/EmailReadPlatformServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/campaigns/email/service/EmailReadPlatformServiceImpl.java
index 7465a48..126a404 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/campaigns/email/service/EmailReadPlatformServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/campaigns/email/service/EmailReadPlatformServiceImpl.java
@@ -130,46 +130,41 @@ public class EmailReadPlatformServiceImpl implements EmailReadPlatformService {
@Override
public Collection<EmailData> retrieveAllPending(final SearchParameters searchParameters) {
final String sqlPlusLimit = (searchParameters.getLimit() > 0) ? " limit 0, " + searchParameters.getLimit() : "";
- final String sql = "select " + this.emailRowMapper.schema() + " where emo.status_enum = "
- + EmailMessageStatusType.PENDING.getValue() + sqlPlusLimit;
+ final String sql = "select " + this.emailRowMapper.schema() + " where emo.status_enum = " + sqlPlusLimit;
- return this.jdbcTemplate.query(sql, this.emailRowMapper, new Object[] {});
+ return this.jdbcTemplate.query(sql, this.emailRowMapper, new Object[] { EmailMessageStatusType.PENDING.getValue() });
}
@Override
public Collection<EmailData> retrieveAllSent(final SearchParameters searchParameters) {
final String sqlPlusLimit = (searchParameters.getLimit() > 0) ? " limit 0, " + searchParameters.getLimit() : "";
- final String sql = "select " + this.emailRowMapper.schema() + " where emo.status_enum = " + EmailMessageStatusType.SENT.getValue()
- + sqlPlusLimit;
+ final String sql = "select " + this.emailRowMapper.schema() + " where emo.status_enum = ?" + sqlPlusLimit;
- return this.jdbcTemplate.query(sql, this.emailRowMapper, new Object[] {});
+ return this.jdbcTemplate.query(sql, this.emailRowMapper, new Object[] { EmailMessageStatusType.SENT.getValue() });
}
@Override
public List<Long> retrieveExternalIdsOfAllSent(final Integer limit) {
final String sqlPlusLimit = (limit > 0) ? " limit 0, " + limit : "";
- final String sql = "select external_id from " + this.emailRowMapper.tableName() + " where status_enum = "
- + EmailMessageStatusType.SENT.getValue() + sqlPlusLimit;
+ final String sql = "select external_id from " + this.emailRowMapper.tableName() + " where status_enum = " + sqlPlusLimit;
- return this.jdbcTemplate.queryForList(sql, Long.class);
+ return this.jdbcTemplate.queryForList(sql, Long.class, new Object[] { EmailMessageStatusType.SENT.getValue() });
}
@Override
public Collection<EmailData> retrieveAllDelivered(final Integer limit) {
final String sqlPlusLimit = (limit > 0) ? " limit 0, " + limit : "";
- final String sql = "select " + this.emailRowMapper.schema() + " where emo.status_enum = "
- + EmailMessageStatusType.DELIVERED.getValue() + sqlPlusLimit;
+ final String sql = "select " + this.emailRowMapper.schema() + " where emo.status_enum = ?" + sqlPlusLimit;
- return this.jdbcTemplate.query(sql, this.emailRowMapper, new Object[] {});
+ return this.jdbcTemplate.query(sql, this.emailRowMapper, new Object[] { EmailMessageStatusType.DELIVERED.getValue() });
}
@Override
public Collection<EmailData> retrieveAllFailed(final SearchParameters searchParameters) {
final String sqlPlusLimit = (searchParameters.getLimit() > 0) ? " limit 0, " + searchParameters.getLimit() : "";
- final String sql = "select " + this.emailRowMapper.schema() + " where emo.status_enum = " + EmailMessageStatusType.FAILED.getValue()
- + sqlPlusLimit;
+ final String sql = "select " + this.emailRowMapper.schema() + " where emo.status_enum = ?" + sqlPlusLimit;
- return this.jdbcTemplate.query(sql, this.emailRowMapper, new Object[] {});
+ return this.jdbcTemplate.query(sql, this.emailRowMapper, new Object[] { EmailMessageStatusType.FAILED.getValue() });
}
@Override
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/configuration/service/ConfigurationReadPlatformServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/configuration/service/ConfigurationReadPlatformServiceImpl.java
index 1034401..d41a020 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/configuration/service/ConfigurationReadPlatformServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/configuration/service/ConfigurationReadPlatformServiceImpl.java
@@ -56,12 +56,13 @@ public class ConfigurationReadPlatformServiceImpl implements ConfigurationReadPl
if (survey) {
sql += " JOIN x_registered_table on x_registered_table.registered_table_name = c.name ";
- sql += " WHERE x_registered_table.category =" + DataTableApiConstant.CATEGORY_PPI;
+ sql += " WHERE x_registered_table.category = ?";
}
sql += " order by c.id";
- final List<GlobalConfigurationPropertyData> globalConfiguration = this.jdbcTemplate.query(sql, this.rm, new Object[] {});
+ final List<GlobalConfigurationPropertyData> globalConfiguration = this.jdbcTemplate.query(sql, this.rm,
+ new Object[] { DataTableApiConstant.CATEGORY_PPI });
return new GlobalConfigurationData(globalConfiguration);
}
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java
index b75df1f..3341389 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/GenericDataServiceImpl.java
@@ -263,7 +263,7 @@ public class GenericDataServiceImpl implements GenericDataService {
final String sql = "select v.id, v.code_score, v.code_value from m_code m " + " join m_code_value v on v.code_id = m.id "
+ " where m.code_name = ? order by v.order_position, v.id";
- final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql, String.class, new Object[] {codeName});
+ final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql, String.class, new Object[] { codeName });
rsValues.beforeFirst();
while (rsValues.next()) {
@@ -281,9 +281,8 @@ public class GenericDataServiceImpl implements GenericDataService {
final List<ResultsetColumnValueData> columnValues = new ArrayList<>();
if (codeId != null) {
- final String sql = "select v.id, v.code_value from m_code_value v where v.code_id =?"
- + " order by v.order_position, v.id";
- final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql, Integer.class, new Object[] {codeId});
+ final String sql = "select v.id, v.code_value from m_code_value v where v.code_id =?" + " order by v.order_position, v.id";
+ final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql, Integer.class, new Object[] { codeId });
rsValues.beforeFirst();
while (rsValues.next()) {
final Integer id = rsValues.getInt("id");
@@ -298,10 +297,9 @@ public class GenericDataServiceImpl implements GenericDataService {
private SqlRowSet getDatatableMetaData(final String datatable) {
final String sql = "select COLUMN_NAME, IS_NULLABLE, DATA_TYPE, CHARACTER_MAXIMUM_LENGTH, COLUMN_KEY"
- + " from INFORMATION_SCHEMA.COLUMNS " + " where TABLE_SCHEMA = schema() and TABLE_NAME = ?"
- + " order by ORDINAL_POSITION";
+ + " from INFORMATION_SCHEMA.COLUMNS " + " where TABLE_SCHEMA = schema() and TABLE_NAME = ?" + " order by ORDINAL_POSITION";
- final SqlRowSet columnDefinitions = this.jdbcTemplate.queryForRowSet(sql, String.class, new Object[] {datatable});
+ final SqlRowSet columnDefinitions = this.jdbcTemplate.queryForRowSet(sql, String.class, new Object[] { datatable });
if (columnDefinitions.next()) {
return columnDefinitions;
}
@@ -312,7 +310,7 @@ public class GenericDataServiceImpl implements GenericDataService {
private SqlRowSet getDatatableCodeData(final String aDatatable, final String aColumnName) {
String datatableColumnName = aDatatable.toLowerCase().replaceAll("\\s", "_") + "_" + aColumnName;
final String sql = "select mc.id,mc.code_name from m_code mc join x_table_column_code_mappings xcc on xcc.code_id = mc.id where xcc.column_alias_name=?";
- final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql, String.class, new Object[] {datatableColumnName});
+ final SqlRowSet rsValues = this.jdbcTemplate.queryForRowSet(sql, String.class, new Object[] { datatableColumnName });
return rsValues;
}
[fineract] 06/11: Use prepared statements instead of string
concatenated SQL everywhere - WIP (FINERACT-854)
Posted by pt...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ptuomola pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git
commit adb8caf002be44dc5ade1110c46d25816b110c40
Author: Joseph Makara <jo...@strathmore.edu>
AuthorDate: Sat Mar 27 20:01:47 2021 +0300
Use prepared statements instead of string concatenated SQL everywhere - WIP (FINERACT-854)
---
.../provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java | 1 -
1 file changed, 1 deletion(-)
diff --git a/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
index 2d19a68..5396bfc 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
@@ -57,7 +57,6 @@ public class ProvisioningEntriesReadPlatformServiceImpl implements ProvisioningE
@Override
public Collection<LoanProductProvisioningEntryData> retrieveLoanProductsProvisioningData(Date date) {
String formattedDate = new SimpleDateFormat("yyyy-MM-dd").format(date);
- formattedDate = "'" + formattedDate + "'";
LoanProductProvisioningEntryMapper mapper = new LoanProductProvisioningEntryMapper();
final String sql = mapper.schema();
return this.jdbcTemplate.query(sql, mapper, new Object[] { formattedDate, formattedDate, formattedDate });
[fineract] 11/11: Use prepared statements instead of string
concatenated SQL everywhere (FINERACT-854)
Posted by pt...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ptuomola pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git
commit 134ea4d837b0c530aa77dca3cc2c761d86518a62
Author: Joseph Makara <jo...@strathmore.edu>
AuthorDate: Mon Apr 12 19:59:40 2021 +0300
Use prepared statements instead of string concatenated SQL everywhere (FINERACT-854)
---
.../service/ProvisioningEntriesReadPlatformServiceImpl.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
index 5396bfc..bb8994d 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/accounting/provisioning/service/ProvisioningEntriesReadPlatformServiceImpl.java
@@ -75,8 +75,8 @@ public class ProvisioningEntriesReadPlatformServiceImpl implements ProvisioningE
.append(" LEFT JOIN m_loan loan on sch.loan_id = loan.id")
.append(" JOIN m_loanproduct_provisioning_mapping lpm on lpm.product_id = loan.product_id")
.append(" JOIN m_provisioning_criteria_definition pcd on pcd.criteria_id = lpm.criteria_id and ")
- .append("(pcd.min_age <= GREATEST(datediff(?").append(",sch.duedate),0) and ").append("GREATEST(datediff(?")
- .append(",sch.duedate),0) <= pcd.max_age) and ").append("pcd.criteria_id is not null ")
+ .append("(pcd.min_age <= GREATEST(datediff(?,sch.duedate),0) and GREATEST(datediff(?")
+ .append(",sch.duedate),0) <= pcd.max_age) and pcd.criteria_id is not null ")
.append("LEFT JOIN m_client mclient ON mclient.id = loan.client_id ")
.append("LEFT JOIN m_group mgroup ON mgroup.id = loan.group_id ")
.append("where loan.loan_status_id=300 and sch.duedate = ")
[fineract] 10/11: Code review changes (FINERACT-854)
Posted by pt...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ptuomola pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git
commit d3ef3b8f70292c82d7bac50582bf3441ad301ca8
Author: Joseph Makara <jo...@strathmore.edu>
AuthorDate: Sun Apr 11 13:19:02 2021 +0300
Code review changes (FINERACT-854)
---
.../service/EmailReadPlatformServiceImpl.java | 14 +++++-----
.../dataqueries/api/RunreportsApiResource.java | 10 +------
.../service/BasicAuthTenantDetailsServiceJdbc.java | 13 +++++----
.../security/service/JdbcTenantDetailsService.java | 31 ++++++++--------------
.../V365__reportCategoryList-FINERACT-1306.sql | 9 ++-----
5 files changed, 27 insertions(+), 50 deletions(-)
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/campaigns/email/service/EmailReadPlatformServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/campaigns/email/service/EmailReadPlatformServiceImpl.java
index 126a404..71b8332 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/campaigns/email/service/EmailReadPlatformServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/campaigns/email/service/EmailReadPlatformServiceImpl.java
@@ -130,9 +130,9 @@ public class EmailReadPlatformServiceImpl implements EmailReadPlatformService {
@Override
public Collection<EmailData> retrieveAllPending(final SearchParameters searchParameters) {
final String sqlPlusLimit = (searchParameters.getLimit() > 0) ? " limit 0, " + searchParameters.getLimit() : "";
- final String sql = "select " + this.emailRowMapper.schema() + " where emo.status_enum = " + sqlPlusLimit;
+ final String sql = "select " + this.emailRowMapper.schema() + " where emo.status_enum =? " + sqlPlusLimit;
- return this.jdbcTemplate.query(sql, this.emailRowMapper, new Object[] { EmailMessageStatusType.PENDING.getValue() });
+ return this.jdbcTemplate.query(sql, this.emailRowMapper, EmailMessageStatusType.PENDING.getValue());
}
@Override
@@ -140,15 +140,15 @@ public class EmailReadPlatformServiceImpl implements EmailReadPlatformService {
final String sqlPlusLimit = (searchParameters.getLimit() > 0) ? " limit 0, " + searchParameters.getLimit() : "";
final String sql = "select " + this.emailRowMapper.schema() + " where emo.status_enum = ?" + sqlPlusLimit;
- return this.jdbcTemplate.query(sql, this.emailRowMapper, new Object[] { EmailMessageStatusType.SENT.getValue() });
+ return this.jdbcTemplate.query(sql, this.emailRowMapper, EmailMessageStatusType.SENT.getValue());
}
@Override
public List<Long> retrieveExternalIdsOfAllSent(final Integer limit) {
final String sqlPlusLimit = (limit > 0) ? " limit 0, " + limit : "";
- final String sql = "select external_id from " + this.emailRowMapper.tableName() + " where status_enum = " + sqlPlusLimit;
+ final String sql = "select external_id from " + this.emailRowMapper.tableName() + " where status_enum =? " + sqlPlusLimit;
- return this.jdbcTemplate.queryForList(sql, Long.class, new Object[] { EmailMessageStatusType.SENT.getValue() });
+ return this.jdbcTemplate.queryForList(sql, Long.class, EmailMessageStatusType.SENT.getValue());
}
@Override
@@ -156,7 +156,7 @@ public class EmailReadPlatformServiceImpl implements EmailReadPlatformService {
final String sqlPlusLimit = (limit > 0) ? " limit 0, " + limit : "";
final String sql = "select " + this.emailRowMapper.schema() + " where emo.status_enum = ?" + sqlPlusLimit;
- return this.jdbcTemplate.query(sql, this.emailRowMapper, new Object[] { EmailMessageStatusType.DELIVERED.getValue() });
+ return this.jdbcTemplate.query(sql, this.emailRowMapper, EmailMessageStatusType.DELIVERED.getValue());
}
@Override
@@ -164,7 +164,7 @@ public class EmailReadPlatformServiceImpl implements EmailReadPlatformService {
final String sqlPlusLimit = (searchParameters.getLimit() > 0) ? " limit 0, " + searchParameters.getLimit() : "";
final String sql = "select " + this.emailRowMapper.schema() + " where emo.status_enum = ?" + sqlPlusLimit;
- return this.jdbcTemplate.query(sql, this.emailRowMapper, new Object[] { EmailMessageStatusType.FAILED.getValue() });
+ return this.jdbcTemplate.query(sql, this.emailRowMapper, EmailMessageStatusType.FAILED.getValue());
}
@Override
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/api/RunreportsApiResource.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/api/RunreportsApiResource.java
index aa9bbb8..0f0c4c5 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/api/RunreportsApiResource.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/api/RunreportsApiResource.java
@@ -39,7 +39,6 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.fineract.infrastructure.core.api.ApiParameterHelper;
import org.apache.fineract.infrastructure.core.exception.PlatformServiceUnavailableException;
-import org.apache.fineract.infrastructure.dataqueries.service.DatatableReportingProcessService;
import org.apache.fineract.infrastructure.dataqueries.service.ReadReportingService;
import org.apache.fineract.infrastructure.report.provider.ReportingProcessServiceProvider;
import org.apache.fineract.infrastructure.report.service.ReportingProcessService;
@@ -61,16 +60,13 @@ public class RunreportsApiResource {
private final PlatformSecurityContext context;
private final ReadReportingService readExtraDataAndReportingService;
private final ReportingProcessServiceProvider reportingProcessServiceProvider;
- private final DatatableReportingProcessService datatableReportingProcessService;
@Autowired
public RunreportsApiResource(final PlatformSecurityContext context, final ReadReportingService readExtraDataAndReportingService,
- final ReportingProcessServiceProvider reportingProcessServiceProvider,
- DatatableReportingProcessService aDatatableReportingProcessService) {
+ final ReportingProcessServiceProvider reportingProcessServiceProvider) {
this.context = context;
this.readExtraDataAndReportingService = readExtraDataAndReportingService;
this.reportingProcessServiceProvider = reportingProcessServiceProvider;
- datatableReportingProcessService = aDatatableReportingProcessService;
}
@GET
@@ -109,10 +105,6 @@ public class RunreportsApiResource {
// Pass through isSelfServiceUserReport so that ReportingProcessService implementations can use it
queryParams.putSingle(IS_SELF_SERVICE_USER_REPORT_PARAMETER, Boolean.toString(isSelfServiceUserReport));
- if (parameterType) {
- return datatableReportingProcessService.processRequest(reportName, queryParams);
- }
-
String reportType = this.readExtraDataAndReportingService.getReportType(reportName, isSelfServiceUserReport);
ReportingProcessService reportingProcessService = this.reportingProcessServiceProvider.findReportingProcessService(reportType);
if (reportingProcessService == null) {
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/BasicAuthTenantDetailsServiceJdbc.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/BasicAuthTenantDetailsServiceJdbc.java
index a5c1596..bbbff0a 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/BasicAuthTenantDetailsServiceJdbc.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/BasicAuthTenantDetailsServiceJdbc.java
@@ -49,7 +49,7 @@ public class BasicAuthTenantDetailsServiceJdbc implements BasicAuthTenantDetails
private static final class TenantMapper implements RowMapper<FineractPlatformTenant> {
private final boolean isReport;
- private final StringBuilder sqlBuilder = new StringBuilder("SELECT t.id, ts.id as connectionId, ")//
+ private final StringBuilder sqlBuilder = new StringBuilder(" t.id, ts.id as connectionId , ")//
.append(" t.timezone_id as timezoneId , t.name,t.identifier, ts.schema_name as schemaName, ts.schema_server as schemaServer,")//
.append(" ts.schema_server_port as schemaServerPort, ts.schema_connection_parameters as schemaConnectionParameters, ts.auto_update as autoUpdate,")//
.append(" ts.schema_username as schemaUsername, ts.schema_password as schemaPassword , ts.pool_initial_size as initialSize,")//
@@ -60,7 +60,7 @@ public class BasicAuthTenantDetailsServiceJdbc implements BasicAuthTenantDetails
.append(" ts.pool_min_evictable_idle_time_millis as poolMinEvictableIdleTimeMillis,")//
.append(" ts.deadlock_max_retries as maxRetriesOnDeadlock,")//
.append(" ts.deadlock_max_retry_interval as maxIntervalBetweenRetries ")//
- .append("FROM tenants t LEFT JOIN tenant_server_connections ts ");
+ .append(" from tenants t left join tenant_server_connections ts ");
TenantMapper(boolean isReport) {
this.isReport = isReport;
@@ -68,11 +68,10 @@ public class BasicAuthTenantDetailsServiceJdbc implements BasicAuthTenantDetails
public String schema() {
if (this.isReport) {
- this.sqlBuilder.append(" ON t.report_Id = ts.id");
+ this.sqlBuilder.append(" on t.report_Id = ts.id");
} else {
- this.sqlBuilder.append(" ON t.oltp_Id = ts.id");
+ this.sqlBuilder.append(" on t.oltp_Id = ts.id");
}
- this.sqlBuilder.append(" WHERE t.identifier = ?");
return this.sqlBuilder.toString();
}
@@ -139,9 +138,9 @@ public class BasicAuthTenantDetailsServiceJdbc implements BasicAuthTenantDetails
try {
final TenantMapper rm = new TenantMapper(isReport);
- final String sql = rm.schema();
+ final String sql = "select " + rm.schema() + " where t.identifier = ?";
- return this.jdbcTemplate.queryForObject(sql, rm, tenantIdentifier);
+ return this.jdbcTemplate.queryForObject(sql, rm, new Object[] { tenantIdentifier });
} catch (final EmptyResultDataAccessException e) {
throw new InvalidTenantIdentiferException("The tenant identifier: " + tenantIdentifier + " is not valid.", e);
}
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/JdbcTenantDetailsService.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/JdbcTenantDetailsService.java
index 879fec9..4e645bf 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/JdbcTenantDetailsService.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/service/JdbcTenantDetailsService.java
@@ -49,9 +49,7 @@ public class JdbcTenantDetailsService implements TenantDetailsService {
private static final class TenantMapper implements RowMapper<FineractPlatformTenant> {
- private final String tenantIdentifier;
-
- private final StringBuilder sqlBuilder = new StringBuilder("SELECT t.id, ts.id as connectionId, ")//
+ private final StringBuilder sqlBuilder = new StringBuilder("t.id, ts.id as connectionId , ")//
.append(" t.timezone_id as timezoneId , t.name,t.identifier, ts.schema_name as schemaName, ts.schema_server as schemaServer,")//
.append(" ts.schema_server_port as schemaServerPort, ts.schema_connection_parameters as schemaConnectionParameters, ts.auto_update as autoUpdate,")//
.append(" ts.schema_username as schemaUsername, ts.schema_password as schemaPassword , ts.pool_initial_size as initialSize,")//
@@ -62,28 +60,21 @@ public class JdbcTenantDetailsService implements TenantDetailsService {
.append(" ts.pool_min_evictable_idle_time_millis as poolMinEvictableIdleTimeMillis,")//
.append(" ts.deadlock_max_retries as maxRetriesOnDeadlock,")//
.append(" ts.deadlock_max_retry_interval as maxIntervalBetweenRetries ")//
- .append("FROM tenants t LEFT JOIN tenant_server_connections ts ON t.oltp_Id=ts.id ");
-
- TenantMapper(String aTenantIdentifier) {
- this.tenantIdentifier = aTenantIdentifier;
- }
+ .append(" from tenants t left join tenant_server_connections ts on t.oltp_Id=ts.id ");
public String schema() {
- if (tenantIdentifier != null) {
- this.sqlBuilder.append(" WHERE t.identifier = ?");
- }
return this.sqlBuilder.toString();
}
@Override
public FineractPlatformTenant mapRow(final ResultSet rs, @SuppressWarnings("unused") final int rowNum) throws SQLException {
final Long id = rs.getLong("id");
- final String identifier = rs.getString("identifier");
+ final String tenantIdentifier = rs.getString("identifier");
final String name = rs.getString("name");
final String timezoneId = rs.getString("timezoneId");
final FineractPlatformTenantConnection connection = getDBConnection(rs);
- return new FineractPlatformTenant(id, identifier, name, timezoneId, connection);
+ return new FineractPlatformTenant(id, tenantIdentifier, name, timezoneId, connection);
}
// gets the DB connection
@@ -136,22 +127,22 @@ public class JdbcTenantDetailsService implements TenantDetailsService {
@Override
@Cacheable(value = "tenantsById")
- public FineractPlatformTenant loadTenantById(final String aTenantIdentifier) {
+ public FineractPlatformTenant loadTenantById(final String tenantIdentifier) {
try {
- final TenantMapper rm = new TenantMapper(aTenantIdentifier);
- final String sql = rm.schema();
+ final TenantMapper rm = new TenantMapper();
+ final String sql = "select " + rm.schema() + " where t.identifier = ?";
- return this.jdbcTemplate.queryForObject(sql, rm, aTenantIdentifier);
+ return this.jdbcTemplate.queryForObject(sql, rm, new Object[] { tenantIdentifier });
} catch (final EmptyResultDataAccessException e) {
- throw new InvalidTenantIdentiferException("The tenant identifier: " + aTenantIdentifier + " is not valid.", e);
+ throw new InvalidTenantIdentiferException("The tenant identifier: " + tenantIdentifier + " is not valid.", e);
}
}
@Override
public List<FineractPlatformTenant> findAllTenants() {
- final TenantMapper rm = new TenantMapper(null);
- final String sql = rm.schema();
+ final TenantMapper rm = new TenantMapper();
+ final String sql = "select " + rm.schema();
final List<FineractPlatformTenant> fineractPlatformTenants = this.jdbcTemplate.query(sql, rm, new Object[] {});
return fineractPlatformTenants;
diff --git a/fineract-provider/src/main/resources/sql/migrations/core_db/V365__reportCategoryList-FINERACT-1306.sql b/fineract-provider/src/main/resources/sql/migrations/core_db/V365__reportCategoryList-FINERACT-1306.sql
index 794ab21..70ffd5d 100644
--- a/fineract-provider/src/main/resources/sql/migrations/core_db/V365__reportCategoryList-FINERACT-1306.sql
+++ b/fineract-provider/src/main/resources/sql/migrations/core_db/V365__reportCategoryList-FINERACT-1306.sql
@@ -18,10 +18,5 @@
--
-- two tables added: ReportCategoryList and FullReportList (FINERACT-1306)
-INSERT INTO stretchy_report (report_name, report_type, report_category, report_sql, description, core_report, use_report)
-SELECT 'ReportCategoryList', 'Table', NULL, NULL, NULL, 1, 1
-ON DUPLICATE key UPDATE report_name = 'ReportCategoryList';
-
-INSERT INTO stretchy_report (report_name, report_type, report_category, report_sql, description, core_report, use_report)
-SELECT 'FullReportList', 'Table', NULL, NULL, NULL, 1, 1
-ON DUPLICATE key UPDATE report_name = 'FullReportList';
+INSERT INTO stretchy_report (report_name, report_type, report_category, report_sql, description, core_report, use_report)VALUES ("ReportCategoryList", 'Table', '(NULL)', '(NULL)', '(NULL)', 1, 1);
+INSERT INTO stretchy_report (report_name, report_type, report_category, report_sql, description, core_report, use_report)VALUES ("FullReportList", 'Table', '(NULL)', '(NULL)', '(NULL)', 1, 1);