[Improvement][API]optimize tenant code validation (#5093)

* optimize tenant code validation * fix code style and test err * fix test error, and remove duplicate tenant code validate
4 years ago · 5d7dc1cb2a
5 changed files with 38 additions and 10 deletions
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java
@ -90,7 +90,7 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService
            return result;
        }
-        if (RegexUtils.isNumeric(tenantCode)) {
+        if (!RegexUtils.isValidLinuxUserName(tenantCode)) {
            putMsg(result, Status.CHECK_OS_TENANT_CODE_ERROR);
            return result;
        }
@ -102,11 +102,6 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService
        Tenant tenant = new Tenant();
        Date now = new Date();
        if (!tenantCode.matches("^[0-9a-zA-Z_.-]{1,}$") || tenantCode.startsWith("-") || tenantCode.startsWith(".")) {
            putMsg(result, Status.VERIFY_OS_TENANT_CODE_ERROR);
            return result;
        }
        tenant.setTenantCode(tenantCode);
        tenant.setQueueId(queueId);
        tenant.setDescription(desc);
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/utils/RegexUtils.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/utils/RegexUtils.java
@ -30,6 +30,8 @@ public class RegexUtils {
     */
    private static final String CHECK_NUMBER = "^-?\\d+(\\.\\d+)?$";
    private static final String LINUX_USERNAME_PATTERN = "[a-z_][a-z\\d_]{0,30}";
    private RegexUtils() {
    }
@ -45,6 +47,16 @@ public class RegexUtils {
        return isNum.matches();
    }
    /**
     * check if the input is a valid linux username
     * @param str input
     * @return boolean
     */
    public static boolean isValidLinuxUserName(String str) {
        Pattern pattern = Pattern.compile(LINUX_USERNAME_PATTERN);
        return pattern.matcher(str).matches();
    }
    public static String escapeNRT(String str) {
        // Logging should not be vulnerable to injection attacks: Replace pattern-breaking characters
        if (str != null && !str.isEmpty()) {
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/TenantControllerTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/TenantControllerTest.java
@ -45,7 +45,7 @@ public class TenantControllerTest extends AbstractControllerTest{
    @Test
    public void testCreateTenant() throws Exception {
        MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();
-        paramsMap.add("tenantCode","tenantCode");
+        paramsMap.add("tenantCode","hayden");
        paramsMap.add("queueId","1");
        paramsMap.add("description","tenant description");
@ -124,7 +124,7 @@ public class TenantControllerTest extends AbstractControllerTest{
    @Test
    public void testVerifyTenantCodeExists() throws Exception {
        MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();
-        paramsMap.add("tenantCode", "tenantCode");
+        paramsMap.add("tenantCode", "hayden");
        MvcResult mvcResult = mockMvc.perform(get("/tenant/verify-tenant-code")
                .header(SESSION_ID, sessionId)
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TenantServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TenantServiceTest.java
@ -73,7 +73,7 @@ public class TenantServiceTest {
    @Mock
    private UserMapper userMapper;
-    private static final String tenantCode = "TenantServiceTest";
+    private static final String tenantCode = "hayden";
    @Test
    public void testCreateTenant() {
@ -85,7 +85,7 @@ public class TenantServiceTest {
            Map<String, Object> result =
                tenantService.createTenant(getLoginUser(), "%!1111", 1, "TenantServiceTest");
            logger.info(result.toString());
-            Assert.assertEquals(Status.VERIFY_OS_TENANT_CODE_ERROR, result.get(Constants.STATUS));
+            Assert.assertEquals(Status.CHECK_OS_TENANT_CODE_ERROR, result.get(Constants.STATUS));
            //check exist
            result = tenantService.createTenant(loginUser, tenantCode, 1, "TenantServiceTest");
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/utils/RegexUtilsTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/utils/RegexUtilsTest.java
@ -36,6 +36,27 @@ public class RegexUtilsTest {
        Assert.assertFalse(numeric2);
    }
    @Test
    public void testIsValidLinuxUserName() {
        String name1 = "10000";
        Assert.assertFalse(RegexUtils.isValidLinuxUserName(name1));
        String name2 = "00hayden";
        Assert.assertFalse(RegexUtils.isValidLinuxUserName(name2));
        String name3 = "hayde123456789123456789123456789";
        Assert.assertFalse(RegexUtils.isValidLinuxUserName(name3));
        String name4 = "hayd123456789123456789123456789";
        Assert.assertTrue(RegexUtils.isValidLinuxUserName(name4));
        String name5 = "h";
        Assert.assertTrue(RegexUtils.isValidLinuxUserName(name5));
        String name6 = "hayden";
        Assert.assertTrue(RegexUtils.isValidLinuxUserName(name6));
    }
    @Test
    public void testEscapeNRT() {
        String result1 = RegexUtils.escapeNRT("abc\n");