You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by md...@apache.org on 2017/07/28 22:11:42 UTC
[1/3] usergrid git commit: Fix check for missing keyspace in
Astayanax bad request exception
Repository: usergrid
Updated Branches:
refs/heads/hotfix-20170728 436cb8046 -> ceba1fa44
Fix check for missing keyspace in Astayanax bad request exception
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/57c55f00
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/57c55f00
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/57c55f00
Branch: refs/heads/hotfix-20170728
Commit: 57c55f0085dfae8741f9602d32da5c90f57411d9
Parents: 436cb80
Author: Mike Dunker <md...@google.com>
Authored: Fri Jul 28 14:04:49 2017 -0700
Committer: Mike Dunker <md...@google.com>
Committed: Fri Jul 28 14:04:49 2017 -0700
----------------------------------------------------------------------
.../persistence/core/migration/util/AstayanxUtils.java | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/usergrid/blob/57c55f00/stack/corepersistence/common/src/main/java/org/apache/usergrid/persistence/core/migration/util/AstayanxUtils.java
----------------------------------------------------------------------
diff --git a/stack/corepersistence/common/src/main/java/org/apache/usergrid/persistence/core/migration/util/AstayanxUtils.java b/stack/corepersistence/common/src/main/java/org/apache/usergrid/persistence/core/migration/util/AstayanxUtils.java
index 7ae4748..d500c68 100644
--- a/stack/corepersistence/common/src/main/java/org/apache/usergrid/persistence/core/migration/util/AstayanxUtils.java
+++ b/stack/corepersistence/common/src/main/java/org/apache/usergrid/persistence/core/migration/util/AstayanxUtils.java
@@ -35,13 +35,10 @@ public class AstayanxUtils {
if ( cassandraException instanceof BadRequestException ) {
- //check if it's b/c the keyspace is missing, if so
- final String message = cassandraException.getMessage();
-
- //no op, just swallow
- if(message.contains( "why:Keyspace" ) && message.contains( "does not exist" )){
+ //check if it's b/c the keyspace is missing
+ if (((BadRequestException) cassandraException).isKeyspaceDoestNotExist()) {
return;
- };
+ }
}
throw new RuntimeException( rethrowMessage, cassandraException );
[3/3] usergrid git commit: add password complexity check before
submitting during reset password flow
Posted by md...@apache.org.
add password complexity check before submitting during reset password flow
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/ceba1fa4
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/ceba1fa4
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/ceba1fa4
Branch: refs/heads/hotfix-20170728
Commit: ceba1fa44455a6c8f962c5e7badd615a382dddae
Parents: c0c489e
Author: Mike Dunker <md...@google.com>
Authored: Fri Jul 28 15:09:09 2017 -0700
Committer: Mike Dunker <md...@google.com>
Committed: Fri Jul 28 15:09:09 2017 -0700
----------------------------------------------------------------------
.../rest/applications/users/UserResource.java | 8 +
.../rest/management/users/UserResource.java | 9 ++
.../usergrid/management/ManagementService.java | 10 +-
.../cassandra/ManagementServiceImpl.java | 14 ++
.../usergrid/security/PasswordPolicy.java | 53 +++++++
.../usergrid/security/PasswordPolicyFig.java | 79 ++++++++++
.../usergrid/security/PasswordPolicyImpl.java | 156 +++++++++++++++++++
.../services/guice/ServiceModuleImpl.java | 7 +
8 files changed, 331 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/usergrid/blob/ceba1fa4/stack/rest/src/main/java/org/apache/usergrid/rest/applications/users/UserResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/applications/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/applications/users/UserResource.java
index 5435f7e..f0dbc14 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/applications/users/UserResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/applications/users/UserResource.java
@@ -17,6 +17,7 @@
package org.apache.usergrid.rest.applications.users;
+import java.util.Collection;
import java.util.Map;
import java.util.UUID;
@@ -465,6 +466,13 @@ public class UserResource extends ServiceResource {
if ( ( password1 != null ) || ( password2 != null ) ) {
if ( management.checkPasswordResetTokenForAppUser( getApplicationId(), getUserUuid(), token ) ) {
if ( ( password1 != null ) && password1.equals( password2 ) ) {
+ // validate password
+ Collection<String> violations = management.passwordPolicyCheck(password1, false);
+ if (violations.size() > 0) {
+ // password not valid
+ errorMsg = management.getPasswordDescription(false);
+ return handleViewable( "resetpw_set_form", this, getOrganizationName() );
+ }
management.setAppUserPassword( getApplicationId(), getUser().getUuid(), password1 );
management.revokeAccessTokenForAppUser( token );
return handleViewable( "resetpw_set_success", this, getOrganizationName() );
http://git-wip-us.apache.org/repos/asf/usergrid/blob/ceba1fa4/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
index 95f607b..cac5f2b 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
@@ -43,6 +43,7 @@ import javax.ws.rs.*;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriInfo;
+import java.util.Collection;
import java.util.Map;
import java.util.UUID;
@@ -297,6 +298,14 @@ public class UserResource extends AbstractContextResource {
if ( ( password1 != null ) || ( password2 != null ) ) {
if ( management.checkPasswordResetTokenForAdminUser( user.getUuid(), tokenInfo ) ) {
if ( ( password1 != null ) && password1.equals( password2 ) ) {
+ // validate password
+ Collection<String> violations = management.passwordPolicyCheck(password1, true);
+ if (violations.size() > 0) {
+ // password not valid
+ errorMsg = management.getPasswordDescription(true);
+ return handleViewable( "resetpw_set_form", this, organizationId );
+ }
+
management.setAdminUserPassword( user.getUuid(), password1 );
management.revokeAccessTokenForAdminUser( user.getUuid(), token );
loginEndpoint = properties.getProperty("usergrid.viewable.loginEndpoint");
http://git-wip-us.apache.org/repos/asf/usergrid/blob/ceba1fa4/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java b/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
index 2b88b07..df42d6a 100644
--- a/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
+++ b/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
@@ -17,11 +17,7 @@
package org.apache.usergrid.management;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-import java.util.UUID;
+import java.util.*;
import org.apache.usergrid.persistence.CredentialsInfo;
import org.apache.usergrid.persistence.Entity;
@@ -372,6 +368,10 @@ public interface ManagementService {
Observable<Id> deleteAllEntities(final UUID applicationId,final int limit);
+ Collection<String> passwordPolicyCheck(String password, boolean isAdminUser);
+
+ String getPasswordDescription(boolean isAdminUser);
+
// DO NOT REMOVE BELOW METHODS, THEY ARE HERE TO ALLOW EXTERNAL CLASSES TO OVERRIDE AND HOOK INTO POST PROCESSING
void createOrganizationPostProcessing( final OrganizationInfo orgInfo,
http://git-wip-us.apache.org/repos/asf/usergrid/blob/ceba1fa4/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
index 876cd5b..2d60441 100644
--- a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
+++ b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
@@ -54,6 +54,7 @@ import org.apache.usergrid.persistence.model.entity.Id;
import org.apache.usergrid.persistence.model.entity.SimpleId;
import org.apache.usergrid.security.AuthPrincipalInfo;
import org.apache.usergrid.security.AuthPrincipalType;
+import org.apache.usergrid.security.PasswordPolicy;
import org.apache.usergrid.security.crypto.EncryptionService;
import org.apache.usergrid.security.oauth.AccessInfo;
import org.apache.usergrid.security.oauth.ClientCredentialsInfo;
@@ -172,6 +173,8 @@ public class ManagementServiceImpl implements ManagementService {
protected LocalShiroCache localShiroCache;
+ protected PasswordPolicy passwordPolicy;
+
private LoadingCache<UUID, OrganizationConfig> orgConfigByAppCache = CacheBuilder.newBuilder().maximumSize( 1000 )
.expireAfterWrite( Long.valueOf( System.getProperty(ORG_CONFIG_CACHE_PROP, "30000") ) , TimeUnit.MILLISECONDS)
@@ -215,6 +218,7 @@ public class ManagementServiceImpl implements ManagementService {
this.service = injector.getInstance(ApplicationService.class);
this.localShiroCache = injector.getInstance(LocalShiroCache.class);
+ this.passwordPolicy = injector.getInstance(PasswordPolicy.class);
}
@Autowired
@@ -3497,6 +3501,16 @@ public class ManagementServiceImpl implements ManagementService {
}
@Override
+ public Collection<String> passwordPolicyCheck(String password, boolean isAdminUser) {
+ return passwordPolicy.policyCheck(password, isAdminUser);
+ }
+
+ @Override
+ public String getPasswordDescription(boolean isAdminUser) {
+ return passwordPolicy.getDescription(isAdminUser);
+ }
+
+ @Override
public void createOrganizationPostProcessing( final OrganizationInfo orgInfo,
final Map<String,String> properties ){
// do nothing, this is a hook for any classes extending the ManagementServiceInterface
http://git-wip-us.apache.org/repos/asf/usergrid/blob/ceba1fa4/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicy.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicy.java b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicy.java
new file mode 100644
index 0000000..cc29b20
--- /dev/null
+++ b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicy.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.usergrid.security;
+
+
+import java.util.Collection;
+
+
+/**
+ * Interface to password policy.
+ */
+public interface PasswordPolicy {
+
+ String ERROR_POLICY_VIOLIATION = "error_password_policy_violation";
+
+ String ERROR_UPPERCASE_POLICY = "error_uppercase_policy";
+
+ String ERROR_DIGITS_POLICY = "error_digits_policy";
+
+ String ERROR_SPECIAL_CHARS_POLICY = "error_special_chars_policy";
+
+ String ERROR_LENGTH_POLICY = "error_length_policy";
+
+
+ /**
+ * Check to see if password conforms to policy.
+ *
+ * @param password Password to check.
+ * @return Collection of error strings, one for each policy violated or empty if password conforms.
+ */
+ Collection<String> policyCheck( String password, boolean isAdminUser );
+
+
+ /**
+ * Get description of password policy for error messages.
+ */
+ String getDescription( boolean isAdminUser );
+}
http://git-wip-us.apache.org/repos/asf/usergrid/blob/ceba1fa4/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyFig.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyFig.java b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyFig.java
new file mode 100644
index 0000000..e93f8e4
--- /dev/null
+++ b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyFig.java
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.usergrid.security;
+
+import org.safehaus.guicyfig.Default;
+import org.safehaus.guicyfig.FigSingleton;
+import org.safehaus.guicyfig.GuicyFig;
+import org.safehaus.guicyfig.Key;
+
+
+@FigSingleton
+public interface PasswordPolicyFig extends GuicyFig {
+
+ String ALLOWED_SPECIAL_CHARS = "usergrid.password-policy.allowed-special-chars";
+
+ String MIN_UPPERCASE_ADMIN = "usergrid.password-policy.min-uppercase-admin";
+ String MIN_UPPERCASE = "usergrid.password-policy.min-uppercase";
+
+ String MIN_DIGITS_ADMIN = "usergrid.password-policy.min-digits-admin";
+ String MIN_DIGITS = "usergrid.password-policy.min-digits";
+
+ String MIN_SPECIAL_CHARS_ADMIN = "usergrid.password-policy.min-special-chars-admin";
+ String MIN_SPECIAL_CHARS = "usergrid.password-policy.min-special-chars";
+
+ String MIN_LENGTH_ADMIN = "usergrid.password-policy.min-length-admin";
+ String MIN_LENGTH = "usergrid.password-policy.min-length";
+
+
+ @Key(MIN_UPPERCASE_ADMIN)
+ @Default("0")
+ int getMinUppercaseAdmin();
+
+ @Key(MIN_UPPERCASE)
+ @Default("0")
+ int getMinUppercase();
+
+ @Key(MIN_DIGITS_ADMIN)
+ @Default("0")
+ int getMinDigitsAdmin();
+
+ @Key(MIN_DIGITS)
+ @Default("0")
+ int getMinDigits();
+
+ @Key(MIN_SPECIAL_CHARS_ADMIN)
+ @Default("0")
+ int getMinSpecialCharsAdmin();
+
+ @Key(MIN_SPECIAL_CHARS)
+ @Default("0")
+ int getMinSpecialChars();
+
+ @Key(MIN_LENGTH_ADMIN)
+ @Default("4")
+ int getMinLengthAdmin();
+
+ @Key(MIN_LENGTH)
+ @Default("4")
+ int getMinLength();
+
+ @Key(ALLOWED_SPECIAL_CHARS)
+ @Default("`~!@#$%^&*()-_=+[{]}\\|;:'\",<.>/?")
+ String getAllowedSpecialChars();
+}
http://git-wip-us.apache.org/repos/asf/usergrid/blob/ceba1fa4/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyImpl.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyImpl.java b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyImpl.java
new file mode 100644
index 0000000..500592a
--- /dev/null
+++ b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyImpl.java
@@ -0,0 +1,156 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.usergrid.security;
+
+import com.google.inject.Inject;
+import org.apache.commons.lang3.StringUtils;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+
+public class PasswordPolicyImpl implements PasswordPolicy {
+
+ private final PasswordPolicyFig passwordPolicyFig;
+
+
+ @Inject
+ PasswordPolicyImpl( PasswordPolicyFig passwordPolicyFig ) {
+ this.passwordPolicyFig = passwordPolicyFig;
+ }
+
+
+ @Override
+ public String getDescription( boolean isAdminUser ) {
+
+ final int minLength;
+ final int minUppercase;
+ final int minDigits;
+ final int minSpecialChars;
+
+ if ( isAdminUser ) {
+ minLength = passwordPolicyFig.getMinLengthAdmin();
+ minUppercase = passwordPolicyFig.getMinUppercaseAdmin();
+ minDigits = passwordPolicyFig.getMinDigitsAdmin();
+ minSpecialChars = passwordPolicyFig.getMinSpecialCharsAdmin();
+ } else {
+ minLength = passwordPolicyFig.getMinLength();
+ minUppercase = passwordPolicyFig.getMinUppercase();
+ minDigits = passwordPolicyFig.getMinDigits();
+ minSpecialChars = passwordPolicyFig.getMinSpecialChars();
+ }
+
+ StringBuilder sb = new StringBuilder();
+ sb.append( "Password must be at least " ).append( minLength ).append(" characters. ");
+ if ( minUppercase > 0 ) {
+ sb.append( "Must include " ).append( minUppercase ).append(" uppercase characters. ");
+ }
+ if ( minDigits > 0 ) {
+ sb.append( "Must include " ).append( minDigits ).append(" numbers. ");
+ }
+ if ( minSpecialChars > 0 ) {
+ sb.append( "Must include " ).append( minUppercase ).append(" special characters. ");
+ }
+ return sb.toString();
+ }
+
+
+ @Override
+ public Collection<String> policyCheck( String password, boolean isAdminUser ) {
+
+ final int minLength;
+ final int minUppercase;
+ final int minDigits;
+ final int minSpecialChars;
+
+ if ( isAdminUser ) {
+ minLength = passwordPolicyFig.getMinLengthAdmin();
+ minUppercase = passwordPolicyFig.getMinUppercaseAdmin();
+ minDigits = passwordPolicyFig.getMinDigitsAdmin();
+ minSpecialChars = passwordPolicyFig.getMinSpecialCharsAdmin();
+ } else {
+ minLength = passwordPolicyFig.getMinLength();
+ minUppercase = passwordPolicyFig.getMinUppercase();
+ minDigits = passwordPolicyFig.getMinDigits();
+ minSpecialChars = passwordPolicyFig.getMinSpecialChars();
+ }
+
+ return policyCheck( password, minLength, minUppercase, minDigits, minSpecialChars );
+ }
+
+
+ public Collection<String> policyCheck(
+ String password, int minLength, int minUppercase, int minDigits, int minSpecialChars ) {
+
+
+ List<String> violations = new ArrayList<>(3);
+
+ // check length
+ if ( password == null || password.length() < minLength ) {
+ violations.add( PasswordPolicy.ERROR_LENGTH_POLICY
+ + ": must be at least " + minLength + " characters" );
+ }
+
+ // count upper case
+ if ( minUppercase > 0 ) {
+ int upperCaseCount = 0;
+ for (char c : password.toCharArray()) {
+ if (StringUtils.isAllUpperCase( String.valueOf( c ) )) {
+ upperCaseCount++;
+ }
+ }
+ if (upperCaseCount < minUppercase) {
+ violations.add( PasswordPolicy.ERROR_UPPERCASE_POLICY
+ + ": requires " + minUppercase + " uppercase characters" );
+ }
+ }
+
+ // count digits case
+ if ( minDigits > 0 ) {
+ int digitCount = 0;
+ for (char c : password.toCharArray()) {
+ if (StringUtils.isNumeric( String.valueOf( c ) )) {
+ digitCount++;
+ }
+ }
+ if (digitCount < minDigits) {
+ violations.add( PasswordPolicy.ERROR_DIGITS_POLICY
+ + ": requires " + minDigits + " digits" );
+ }
+ }
+
+ // count special characters
+ if ( minSpecialChars > 0 ) {
+ int specialCharCount = 0;
+ for (char c : password.toCharArray()) {
+ if (passwordPolicyFig.getAllowedSpecialChars().contains( String.valueOf( c ) )) {
+ specialCharCount++;
+ }
+ }
+ if (specialCharCount < minSpecialChars) {
+ violations.add( PasswordPolicy.ERROR_SPECIAL_CHARS_POLICY
+ + ": requires " + minSpecialChars + " special characters" );
+ }
+ }
+
+ return violations;
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/usergrid/blob/ceba1fa4/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java b/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java
index 58b301a..9e5485b 100644
--- a/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java
+++ b/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java
@@ -31,8 +31,12 @@ import org.apache.usergrid.persistence.cache.impl.CacheFactoryImpl;
import org.apache.usergrid.persistence.cache.impl.ScopedCacheSerialization;
import org.apache.usergrid.persistence.cache.impl.ScopedCacheSerializationImpl;
import org.apache.usergrid.persistence.core.migration.data.MigrationPlugin;
+import org.apache.usergrid.security.PasswordPolicy;
+import org.apache.usergrid.security.PasswordPolicyFig;
+import org.apache.usergrid.security.PasswordPolicyImpl;
import org.apache.usergrid.security.shiro.UsergridAuthenticationInfo;
import org.apache.usergrid.security.shiro.UsergridAuthorizationInfo;
+import org.safehaus.guicyfig.GuicyFigModule;
// <bean id="notificationsQueueListener" class="org.apache.usergrid.services.notifications.QueueListener"
@@ -70,5 +74,8 @@ public class ServiceModuleImpl extends AbstractModule implements ServiceModule {
bind( new TypeLiteral<ScopedCacheSerialization<String, UsergridAuthenticationInfo>>() {})
.to( new TypeLiteral<ScopedCacheSerializationImpl<String, UsergridAuthenticationInfo>>() {});
+ bind( PasswordPolicy.class ).to( PasswordPolicyImpl.class );
+
+ install( new GuicyFigModule( PasswordPolicyFig.class ) );
}
}
[2/3] usergrid git commit: fix html encode in jsp
Posted by md...@apache.org.
fix html encode in jsp
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/c0c489ea
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/c0c489ea
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/c0c489ea
Branch: refs/heads/hotfix-20170728
Commit: c0c489ea2d23efab99f65de3414d7e3d07a86bf3
Parents: 57c55f0
Author: Mike Dunker <md...@google.com>
Authored: Fri Jul 28 14:11:31 2017 -0700
Committer: Mike Dunker <md...@google.com>
Committed: Fri Jul 28 14:11:31 2017 -0700
----------------------------------------------------------------------
.../org/apache/usergrid/rest/TestResource/error.jsp | 4 ++--
.../org/apache/usergrid/rest/TestResource/test.jsp | 5 +++--
.../ApplicationResource/authorize_form.jsp | 15 ++++++++-------
.../rest/applications/ApplicationResource/error.jsp | 4 ++--
.../applications/users/UserResource/activate.jsp | 4 ++--
.../rest/applications/users/UserResource/confirm.jsp | 4 ++--
.../rest/applications/users/UserResource/error.jsp | 4 ++--
.../users/UserResource/resetpw_email_form.jsp | 11 ++++++-----
.../users/UserResource/resetpw_email_success.jsp | 4 ++--
.../users/UserResource/resetpw_set_form.jsp | 9 +++++----
.../users/UserResource/resetpw_set_success.jsp | 4 ++--
.../rest/applications/users/UsersResource/error.jsp | 4 ++--
.../users/UsersResource/resetpw_email_form.jsp | 9 +++++----
.../users/UsersResource/resetpw_email_success.jsp | 4 ++--
.../management/ManagementResource/authorize_form.jsp | 15 ++++++++-------
.../rest/management/ManagementResource/error.jsp | 4 ++--
.../organizations/OrganizationResource/activate.jsp | 4 ++--
.../organizations/OrganizationResource/confirm.jsp | 4 ++--
.../organizations/OrganizationResource/error.jsp | 4 ++--
.../rest/management/users/UserResource/activate.jsp | 4 ++--
.../rest/management/users/UserResource/confirm.jsp | 4 ++--
.../rest/management/users/UserResource/error.jsp | 4 ++--
.../users/UserResource/resetpw_email_form.jsp | 9 +++++----
.../users/UserResource/resetpw_email_success.jsp | 4 ++--
.../users/UserResource/resetpw_set_form.jsp | 8 ++++----
.../users/UserResource/resetpw_set_success.jsp | 4 ++--
.../rest/management/users/UsersResource/error.jsp | 4 ++--
.../users/UsersResource/resetpw_email_form.jsp | 6 +++---
.../users/UsersResource/resetpw_email_success.jsp | 4 ++--
29 files changed, 87 insertions(+), 80 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
</head>
<body>
- <p>An error occurred <c:out value="${it}"/>.</p>
+ <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp
index 83a6ad1..68c12f2 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp
@@ -1,5 +1,6 @@
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
@@ -24,6 +25,6 @@ limitations under the License.
<link rel="stylesheet" type="text/css" href="/css/styles.css" />
</head>
<body>
-<h1>${it.foo}</h1>
+<h1>${fn:escapeXml(it.foo)}</h1>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp
index 6b1b8b2..0079bcf 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp
@@ -2,6 +2,7 @@
pageEncoding="ISO-8859-1"%>
<%@ page import="org.apache.usergrid.rest.AbstractContextResource"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
@@ -28,13 +29,13 @@ limitations under the License.
<body>
<div class="dialog-area">
- <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if>
+ <c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if>
<form class="dialog-form" action="" method="post">
- <input type="hidden" name="response_type" value="${it.responseType}">
- <input type="hidden" name="client_id" value="${it.clientId}">
- <input type="hidden" name="redirect_uri" value="${it.redirectUri}">
- <input type="hidden" name="scope" value="${it.scope}">
- <input type="hidden" name="state" value="${it.state}">
+ <input type="hidden" name="response_type" value="${fn:escapeXml(it.responseType)}">
+ <input type="hidden" name="client_id" value="${fn:escapeXml(it.clientId)}">
+ <input type="hidden" name="redirect_uri" value="${fn:escapeXml(it.redirectUri)}">
+ <input type="hidden" name="scope" value="${fn:escapeXml(it.scope)}">
+ <input type="hidden" name="state" value="${fn:escapeXml(it.state)}">
<fieldset>
<p>
<label for="username">Username</label>
@@ -56,4 +57,4 @@ limitations under the License.
</div>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
</head>
<body>
- <p>An error occurred <c:out value="${it}"/>.</p>
+ <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp
index dfcf3b7..20e69b8 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp
@@ -26,7 +26,7 @@ limitations under the License.
</head>
<body>
- <p>Your account with email address <c:out value="${it.user.email}"/> has been successfully activated.</p>
+ <p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully activated.</p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp
index 02e9ee3..d7f3acc 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp
@@ -26,8 +26,8 @@ limitations under the License.
</head>
<body>
- <p>Your account with email address <c:out value="${it.user.email}"/> has been successfully confirmed.
+ <p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully confirmed.
You will received an email soon to let you know when you account has been activated</p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
</head>
<body>
- <p>An error occurred <c:out value="${it}"/>.</p>
+ <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp
index 0f53bfc..59026bf 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp
@@ -1,6 +1,7 @@
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
@@ -26,17 +27,17 @@ limitations under the License.
</head>
<body>
<div class="dialog-area">
- <c:if test="${!empty it.errorMsg}">
- <div class="dialog-form-message">${it.errorMsg}</div>
+ <c:if test="${!empty fn:escapeXml(it.errorMsg)}">
+ <div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div>
</c:if>
<form class="dialog-form" action="" method="post">
<fieldset>
<p>
Enter the captcha to have your password reset instructions sent to
- <c:out value="${it.user.email}" />
+ <c:out value="${it.user.email}" escapeXml="true" />
</p>
<p id="human-proof"></p>
- ${it.reCaptchaHtml}
+ ${fn:escapeXml(it.reCaptchaHtml)}
<p class="buttons">
<input type="submit" value="submit" />
</p>
@@ -44,4 +45,4 @@ limitations under the License.
</form>
</div>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp
index 23f8508..41c5176 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp
@@ -29,7 +29,7 @@ limitations under the License.
</head>
<body>
- <p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p>
+ <p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp
index a83d80d..19b6528 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp
@@ -4,6 +4,7 @@
<%@ page import="net.tanesha.recaptcha.ReCaptchaFactory"%>
<%@ page import="org.apache.usergrid.rest.AbstractContextResource"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
@@ -30,12 +31,12 @@ limitations under the License.
<body>
<div class="dialog-area">
- <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if>
+ <c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if>
<form class="dialog-form" action="" method="post">
- <input type="hidden" name="token" value="${it.token}">
+ <input type="hidden" name="token" value="${fn:escapeXml(it.token)}">
<fieldset>
<p>
- <label for="password1">Please enter your new password for <c:out value="${it.user.email}"/>.</label>
+ <label for="password1">Please enter your new password for <c:out value="${it.user.email}" escapeXml="true"/>.</label>
</p>
<p>
<input class="text_field" id="password1" name="password1" type="password" />
@@ -54,4 +55,4 @@ limitations under the License.
</div>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp
index 9de90ba..3915084 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp
@@ -29,7 +29,7 @@ limitations under the License.
</head>
<body>
- <p>New password set for <c:out value="${it.user.email}"/></p>
+ <p>New password set for <c:out value="${it.user.email}" escapeXml="true"/></p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
</head>
<body>
- <p>An error occurred <c:out value="${it}"/>.</p>
+ <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp
index 3211a3a..f86240f 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp
@@ -1,6 +1,7 @@
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
@@ -27,8 +28,8 @@ limitations under the License.
<body>
<div class="dialog-area">
- <c:if test="${!empty it.errorMsg}">
- <div class="dialog-form-message">${it.errorMsg}</div>
+ <c:if test="${!empty fn:escapeXml(it.errorMsg)}">
+ <div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div>
</c:if>
<form class="dialog-form" action="" method="post">
<fieldset>
@@ -41,7 +42,7 @@ limitations under the License.
<input class="text_field" id="email" name="email" type="text" />
</p>
<p id="human-proof"></p>
- ${it.reCaptchaHtml}
+ ${fn:escapeXml(it.reCaptchaHtml)}
<p class="buttons">
<button type="submit">Submit</button>
</p>
@@ -50,4 +51,4 @@ limitations under the License.
</div>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp
index 23f8508..41c5176 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp
@@ -29,7 +29,7 @@ limitations under the License.
</head>
<body>
- <p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p>
+ <p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp
index 6b1b8b2..0079bcf 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp
@@ -2,6 +2,7 @@
pageEncoding="ISO-8859-1"%>
<%@ page import="org.apache.usergrid.rest.AbstractContextResource"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
@@ -28,13 +29,13 @@ limitations under the License.
<body>
<div class="dialog-area">
- <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if>
+ <c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if>
<form class="dialog-form" action="" method="post">
- <input type="hidden" name="response_type" value="${it.responseType}">
- <input type="hidden" name="client_id" value="${it.clientId}">
- <input type="hidden" name="redirect_uri" value="${it.redirectUri}">
- <input type="hidden" name="scope" value="${it.scope}">
- <input type="hidden" name="state" value="${it.state}">
+ <input type="hidden" name="response_type" value="${fn:escapeXml(it.responseType)}">
+ <input type="hidden" name="client_id" value="${fn:escapeXml(it.clientId)}">
+ <input type="hidden" name="redirect_uri" value="${fn:escapeXml(it.redirectUri)}">
+ <input type="hidden" name="scope" value="${fn:escapeXml(it.scope)}">
+ <input type="hidden" name="state" value="${fn:escapeXml(it.state)}">
<fieldset>
<p>
<label for="username">Username</label>
@@ -56,4 +57,4 @@ limitations under the License.
</div>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
</head>
<body>
- <p>An error occurred <c:out value="${it}"/>.</p>
+ <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp
index 85114cd..f5fa14d 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp
@@ -26,7 +26,7 @@ limitations under the License.
</head>
<body>
- <p>Your organization <c:out value="${it.organization.name}"/> has been successfully activated.</p>
+ <p>Your organization <c:out value="${it.organization.name}" escapeXml="true"/> has been successfully activated.</p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp
index f4307b7..5fb41c7 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp
@@ -26,8 +26,8 @@ limitations under the License.
</head>
<body>
- <p>Your organization <c:out value="${it.organization.name}"/> has been successfully confirmed.
+ <p>Your organization <c:out value="${it.organization.name}" escapeXml="true"/> has been successfully confirmed.
You will received an email soon to let you know when you organization has been activated</p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
</head>
<body>
- <p>An error occurred <c:out value="${it}"/>.</p>
+ <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp
index dfcf3b7..20e69b8 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp
@@ -26,7 +26,7 @@ limitations under the License.
</head>
<body>
- <p>Your account with email address <c:out value="${it.user.email}"/> has been successfully activated.</p>
+ <p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully activated.</p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp
index 02e9ee3..d7f3acc 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp
@@ -26,8 +26,8 @@ limitations under the License.
</head>
<body>
- <p>Your account with email address <c:out value="${it.user.email}"/> has been successfully confirmed.
+ <p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully confirmed.
You will received an email soon to let you know when you account has been activated</p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
</head>
<body>
- <p>An error occurred <c:out value="${it}"/>.</p>
+ <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp
index 3e56cd1..c9f8309 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp
@@ -1,6 +1,7 @@
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
@@ -26,17 +27,17 @@ limitations under the License.
</head>
<body>
<div class="dialog-area password-reset-form">
- <c:if test="${!empty it.errorMsg}">
- <div class="dialog-form-message">${it.errorMsg}</div>
+ <c:if test="${!empty fn:escapeXml(it.errorMsg)}">
+ <div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div>
</c:if>
<form class="dialog-form" action="" method="post">
<fieldset>
<p>
Enter the captcha to have your password reset instructions sent to
- <c:out value="${it.user.email}" />
+ <c:out value="${it.user.email}" escapeXml="true" />
</p>
<p id="human-proof"></p>
- ${it.reCaptchaHtml}
+ ${fn:escapeXml(it.reCaptchaHtml)}
<p class="buttons">
<input type="submit" value="submit" />
</p>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp
index 23f8508..41c5176 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp
@@ -29,7 +29,7 @@ limitations under the License.
</head>
<body>
- <p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p>
+ <p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp
index a83d80d..60384c4 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp
@@ -30,12 +30,12 @@ limitations under the License.
<body>
<div class="dialog-area">
- <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if>
+ <c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if>
<form class="dialog-form" action="" method="post">
- <input type="hidden" name="token" value="${it.token}">
+ <input type="hidden" name="token" value="${fn:escapeXml(it.token)}">
<fieldset>
<p>
- <label for="password1">Please enter your new password for <c:out value="${it.user.email}"/>.</label>
+ <label for="password1">Please enter your new password for <c:out value="${it.user.email}" escapeXml="true"/>.</label>
</p>
<p>
<input class="text_field" id="password1" name="password1" type="password" />
@@ -54,4 +54,4 @@ limitations under the License.
</div>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp
index 9de90ba..3915084 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp
@@ -29,7 +29,7 @@ limitations under the License.
</head>
<body>
- <p>New password set for <c:out value="${it.user.email}"/></p>
+ <p>New password set for <c:out value="${it.user.email}" escapeXml="true"/></p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
</head>
<body>
- <p>An error occurred <c:out value="${it}"/>.</p>
+ <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp
index 8643016..8b15cd4 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp
@@ -27,7 +27,7 @@ limitations under the License.
<body>
<div class="dialog-area">
- <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if>
+ <c:if test="${!empty fn:escnapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if>
<form class="dialog-form" action="" method="post">
<fieldset>
<p>
@@ -38,7 +38,7 @@ limitations under the License.
<input class="text_field" id="email" name="email" type="text" />
</p>
<p id="human-proof"></p>
- ${it.reCaptchaHtml}
+ ${fn:escapeXml(it.reCaptchaHtml)}
<p class="buttons">
<button type="submit">Submit</button>
</p>
@@ -47,4 +47,4 @@ limitations under the License.
</div>
</body>
-</html>
\ No newline at end of file
+</html>
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c0c489ea/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp
index 23f8508..41c5176 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp
@@ -29,7 +29,7 @@ limitations under the License.
</head>
<body>
- <p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p>
+ <p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p>
</body>
-</html>
\ No newline at end of file
+</html>