Merge pull request #2 from EUSurvey/develop

Develop

pom.xml

@@ -7,7 +7,7 @@
 	<artifactId>eusurvey</artifactId>
 	<name>eusurvey</name>
 	<packaging>war</packaging>
-	<version>1.4.4</version>
+	<version>1.4.5</version>
 	<properties>
 		<java-version>1.8</java-version>
 		<org.springframework-version>4.3.20.RELEASE</org.springframework-version>

sonar-project.properties

@@ -1,6 +1,6 @@
 sonar.projectKey=EUSURVEY
 sonar.projectName=eusurvey
-sonar.projectVersion=1.4.4
+sonar.projectVersion=1.4.5
 
 # Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
 # Since SonarQube 4.2, this property is optional if sonar.modules is set. 

src/main/java/com/ec/survey/controller/AddressBookController.java

@@ -316,7 +316,7 @@ public ModelAndView batchEdit(HttpServletRequest request) throws Exception {
 	}
 
 	@RequestMapping(value = "/batchEdit", method = RequestMethod.POST)
-	public ModelAndView batchEditPOST(HttpServletRequest request, Locale locale) throws IntrusionException, NotAgreedToTosException {
+	public ModelAndView batchEditPOST(HttpServletRequest request, Locale locale) throws IntrusionException, NotAgreedToTosException, WeakAuthenticationException {
 		User user = sessionService.getCurrentUser(request);		
 		boolean userChanged = false;
 
@@ -1349,7 +1349,7 @@ public ModelAndView edit(@PathVariable("id") String id, HttpServletRequest reque
 	}
 
 	@RequestMapping( value = "/configureAttributes", method = RequestMethod.POST)
-	public String configureAttributes(HttpServletRequest request) throws NotAgreedToTosException {		
+	public String configureAttributes(HttpServletRequest request) throws NotAgreedToTosException, WeakAuthenticationException {		
 		User user = sessionService.getCurrentUser(request);
 		Map<String, String[]> parameterMap = Ucs2Utf8.requestToHashMap(request);
 
@@ -1389,7 +1389,7 @@ public String configureAttributes(HttpServletRequest request) throws NotAgreedTo
 	}
 
 	@RequestMapping(value = "/configureAttributesJSON", headers="Accept=*/*", method=RequestMethod.GET)
-	public @ResponseBody List<AttributeName> configureAttributesJSON(HttpServletRequest request, HttpServletResponse response ) throws NotAgreedToTosException {
+	public @ResponseBody List<AttributeName> configureAttributesJSON(HttpServletRequest request, HttpServletResponse response ) throws NotAgreedToTosException, WeakAuthenticationException {
 		User user = sessionService.getCurrentUser(request);
 		Map<String, String[]> parameterMap = Ucs2Utf8.requestToHashMap(request);
 

src/main/java/com/ec/survey/controller/AdministrationController.java

@@ -12,6 +12,7 @@
 import com.ec.survey.tools.RecreateAllOLAPTablesExecutor;
 import com.ec.survey.tools.Tools;
 import com.ec.survey.tools.UpdateAllOLAPTablesExecutor;
+import com.ec.survey.tools.WeakAuthenticationException;
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.poi.hssf.usermodel.HSSFRow;
@@ -116,7 +117,7 @@ public class AdministrationController extends BasicController {
 	}
 
 	@RequestMapping(value = "/saveUserConfiguration", method = {RequestMethod.POST})
-	public @ResponseBody String saveUserConfiguration(HttpServletRequest request) throws NotAgreedToTosException {
+	public @ResponseBody String saveUserConfiguration(HttpServletRequest request) throws NotAgreedToTosException, WeakAuthenticationException {
 		int userId = sessionService.getCurrentUser(request).getId();
 		UsersConfiguration usersConfiguration = administrationService.getUsersConfiguration(userId);
 

src/main/java/com/ec/survey/controller/BasicController.java

@@ -28,6 +28,7 @@
 import org.springframework.web.servlet.ModelAndView;
 
 import com.ec.survey.exception.ForbiddenURLException;
+import com.ec.survey.exception.FrozenSurveyException;
 import com.ec.survey.exception.InvalidURLException;
 import com.ec.survey.exception.MessageException;
 import com.ec.survey.exception.NoFormLoadedException;
@@ -58,6 +59,7 @@
 import com.ec.survey.tools.ConversionTools;
 import com.ec.survey.tools.InvalidXHTMLException;
 import com.ec.survey.tools.NotAgreedToTosException;
+import com.ec.survey.tools.WeakAuthenticationException;
 import com.octo.captcha.service.CaptchaServiceException;
 import com.octo.captcha.service.multitype.MultiTypeCaptchaService;
 
@@ -133,6 +135,8 @@ public class BasicController implements BeanFactoryAware {
 	public @Value("${ecashost}") String ecashost;	
 	public @Value("${sender}") String sender;
 	public @Value("${captcha.bypass:@null}") String bypassCaptcha;
+	public @Value("${ui.enablepublicsurveys}") String enablepublicsurveys;
+
 	//OCAS
 	public @Value("${casoss}") String cassOss;
 	protected @Value("${contextpath}") String contextpath;	
@@ -190,6 +194,22 @@ public boolean isByPassCaptcha(){
 		return bypassCaptcha !=null && bypassCaptcha.equalsIgnoreCase("true");
 	}
 
+	@ExceptionHandler(com.ec.survey.tools.Bad2faCredentialsException.class) 
+    public ModelAndView handleBad2faCredentialsException(Exception e, HttpServletRequest request) {
+		logger.info(e.getLocalizedMessage(), e);
+		ModelAndView model =  new ModelAndView("redirect:/errors/2fa.html");
+		model.addObject("contextpath", contextpath);
+		return model;
+    }
+
+	@ExceptionHandler(com.ec.survey.tools.FrozenCredentialsException.class) 
+    public ModelAndView handleFrozenCredentialsException(Exception e, HttpServletRequest request) {
+		logger.info(e.getLocalizedMessage(), e);
+		ModelAndView model =  new ModelAndView("redirect:/errors/frozen.html");
+		model.addObject("contextpath", contextpath);
+		return model;
+    }
+
 	@ExceptionHandler(InvalidURLException.class) 
     public ModelAndView handleInvalidURLException(Exception e, HttpServletRequest request) {
 		logger.info(e.getLocalizedMessage(), e);
@@ -199,6 +219,16 @@ public ModelAndView handleInvalidURLException(Exception e, HttpServletRequest re
 		return model;
     }
 
+	@ExceptionHandler(FrozenSurveyException.class) 
+    public ModelAndView handleFrozenSurveyException(Exception e, HttpServletRequest request, Locale locale) {
+		logger.error(e.getLocalizedMessage(), e);
+		ModelAndView model = new ModelAndView("error/generic");
+		String message = resources.getMessage("error.FrozenSurvey", null, "This survey has been blocked due to an infringement to our policy. We are sorry for the inconvenience this may cause. Please try again later.", locale);
+		model.addObject("message", message);
+		model.addObject("contextpath", contextpath);
+		return model;
+    }
+
 	@ExceptionHandler(ForbiddenURLException.class) 
     public ModelAndView handleForbiddenURLException(Exception e, HttpServletRequest request) {
 		logger.info(e.getLocalizedMessage(), e);
@@ -214,6 +244,16 @@ public ModelAndView handleNotAgreedToTosException(Exception e, HttpServletReques
 		return model;
     }
 
+	@ExceptionHandler(WeakAuthenticationException.class) 
+    public ModelAndView handleWeakAuthenticationException(Exception e, HttpServletRequest request, Locale locale) {
+		logger.error(e.getLocalizedMessage(), e);
+		ModelAndView model = new ModelAndView("error/generic");
+		String message = resources.getMessage("error.WeakAuthentication", null, "Please log in using two factor authentication in order to access the system.", locale);
+		model.addObject("message", message);
+		model.addObject("contextpath", contextpath);
+		return model;
+    }
+
 	@ExceptionHandler(TooManyFiltersException.class) 
     public ModelAndView handleTooManyFiltersException(Exception e, HttpServletRequest request, Locale locale) {
 		logger.error(e.getLocalizedMessage(), e);

src/main/java/com/ec/survey/controller/ContributionController.java

@@ -19,6 +19,8 @@
 import com.ec.survey.tools.QuizHelper;
 import com.ec.survey.tools.SurveyHelper;
 import com.ec.survey.tools.Tools;
+import com.ec.survey.tools.WeakAuthenticationException;
+
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -57,7 +59,7 @@ public class ContributionController extends BasicController {
 	private @Value("${export.fileDir}") String fileDir;	
 	private @Value("${server.prefix}") String serverPrefix;
 
-	public AnswerSet getAnswerSet(String code, HttpServletRequest request) throws NotAgreedToTosException
+	public AnswerSet getAnswerSet(String code, HttpServletRequest request) throws NotAgreedToTosException, WeakAuthenticationException
 	{
 		AnswerSet answerSet = null;
 		User user = sessionService.getCurrentUser(request);

src/main/java/com/ec/survey/controller/DashboardController.java

@@ -68,6 +68,8 @@ public ModelAndView dashboard(HttpServletRequest request, Locale locale, Model m
 			archiveService.delete(archive);
 		}		
 
+		//check user (e.g. weak authentication)
+		sessionService.getCurrentUser(request);
 		ModelAndView result = new ModelAndView("dashboard");
 
 		if (request.getParameter("archived") != null)
@@ -82,6 +84,12 @@ public ModelAndView dashboard(HttpServletRequest request, Locale locale, Model m
 			result.addObject("deleted", shortname);
 		}
 
+		if (request.getParameter("frozen") != null)
+		{
+			String shortname = request.getParameter("frozen");
+			result.addObject("frozen", shortname);
+		}
+
 		result.addObject("filter", new ArchiveFilter());
 
 		return result;
@@ -281,8 +289,18 @@ public ModelAndView dashboard(HttpServletRequest request, Locale locale, Model m
 				filter.setSortOrder(request.getParameter("asc") != null && request.getParameter("asc").equalsIgnoreCase("true") ? "ASC" : "DESC");				
 			}
 
+			if (request.getParameter("reported") != null)
+			{
+				filter.setSurveys("REPORTED");
+			}
+
+			if (request.getParameter("frozen") != null)
+			{
+				filter.setSurveys("FROZEN");
+			}
+
 			SqlPagination paging = new SqlPagination(page, 10);
-			List<Survey> result = surveyService.getSurveysIncludingTranslationLanguages(filter, paging, false);
+			List<Survey> result = surveyService.getSurveysIncludingTranslationLanguages(filter, paging, false, false);
 
 			surveyService.generateAccessInformation(result, u);
 

src/main/java/com/ec/survey/controller/ExportsController.java

@@ -13,6 +13,7 @@
 import com.ec.survey.service.SurveyService;
 import com.ec.survey.tools.NotAgreedToTosException;
 import com.ec.survey.tools.Tools;
+import com.ec.survey.tools.WeakAuthenticationException;
 
 import org.apache.maven.surefire.shade.org.apache.maven.shared.utils.StringUtils;
 import org.apache.poi.util.IOUtils;
@@ -225,7 +226,7 @@ public class ExportsController extends BasicController {
 
 
 	@RequestMapping(value = "/list")
-	public ModelAndView root(HttpServletRequest request) throws NotAgreedToTosException {
+	public ModelAndView root(HttpServletRequest request) throws NotAgreedToTosException, WeakAuthenticationException {
 		sessionService.getCurrentUser(request);
 
 		//default
@@ -251,7 +252,7 @@ public ModelAndView root(HttpServletRequest request) throws NotAgreedToTosExcept
 	}
 
 	@RequestMapping(value = "/exportsjson", method = {RequestMethod.GET, RequestMethod.HEAD})
-	public @ResponseBody List<Export> exportsjson(HttpServletRequest request) throws NotAgreedToTosException {	
+	public @ResponseBody List<Export> exportsjson(HttpServletRequest request) throws NotAgreedToTosException, WeakAuthenticationException {	
 
 		int itemsPerPage = -1;
 		int page = -1;
@@ -396,7 +397,7 @@ public ResponseEntity<byte[]> downloadExport(@PathVariable int exportId, HttpSer
 	}
 
 	@RequestMapping(value = "/recreate/{exportId}", method = {RequestMethod.GET, RequestMethod.HEAD})
-	public ModelAndView recreateExport(@PathVariable int exportId, HttpServletRequest request, Locale locale) throws NotAgreedToTosException {
+	public ModelAndView recreateExport(@PathVariable int exportId, HttpServletRequest request, Locale locale) throws NotAgreedToTosException, WeakAuthenticationException {
 		Export export = exportService.getExport(exportId, true);		
 		if (export == null || !(sessionService.checkUser(export.getUserId(), request) || sessionService.getCurrentUser(request).getGlobalPrivileges().get(GlobalPrivilege.FormManagement).equals(2))) {
 			return new ModelAndView("error/generic", "message", "Access denied");
@@ -406,7 +407,7 @@ public ModelAndView recreateExport(@PathVariable int exportId, HttpServletReques
 	}
 
 	@RequestMapping(value = "/recreateMany/{exportIdList}", method = {RequestMethod.GET, RequestMethod.HEAD})
-	public ModelAndView recreateExport(@PathVariable String exportIdList, HttpServletRequest request, Locale locale) throws NotAgreedToTosException {
+	public ModelAndView recreateExport(@PathVariable String exportIdList, HttpServletRequest request, Locale locale) throws NotAgreedToTosException, WeakAuthenticationException {
 		String[] exportIds = exportIdList.split("-");
 		List<Export> exports = new ArrayList<>();
 

src/main/java/com/ec/survey/controller/HomeController.java

@@ -1,5 +1,6 @@
 package com.ec.survey.controller;
 
+import com.ec.survey.exception.InvalidURLException;
 import com.ec.survey.model.*;
 import com.ec.survey.model.administration.User;
 import com.ec.survey.model.survey.Survey;
@@ -626,7 +627,7 @@ public ModelAndView processSubmit(HttpServletRequest request, Locale locale) {
 
 			Survey survey = surveyService.getSurvey(Integer.parseInt(request.getParameter("survey.id")), false, true);
 
-			User user = sessionService.getCurrentUser(request, false);
+			User user = sessionService.getCurrentUser(request, false, false);
 			AnswerSet answerSet = SurveyHelper.parseAndMergeAnswerSet(request, survey, fileDir, uniqueCode, oldAnswerSet, oldAnswerSet.getLanguageCode(), user, fileService);
 
 			saveAnswerSet(answerSet, fileDir, null, -1);
@@ -670,6 +671,11 @@ public ModelAndView publicsurveysrunner(HttpServletRequest request) throws Excep
 
 	public ModelAndView publicsurveys(HttpServletRequest request) throws Exception {	
 
+		if (!enablepublicsurveys.equalsIgnoreCase("true"))
+		{
+			throw new InvalidURLException();
+		}
+
 		SurveyFilter filter = sessionService.getSurveyFilter(request, false);
 		filter.setUser(null);		
 		String newPage = request.getParameter("newPage");				
@@ -723,6 +729,11 @@ else if (sortKey.equalsIgnoreCase("popularity"))
 	@RequestMapping(value = "/home/publicsurveysjson", method = {RequestMethod.GET, RequestMethod.HEAD})
 	public @ResponseBody List<Survey> publicsurveysjson(HttpServletRequest request) throws Exception {	
 
+		if (!enablepublicsurveys.equalsIgnoreCase("true"))
+		{
+			throw new InvalidURLException();
+		}
+
 		int itemsPerPage = 10;
 		int newPage = 1;
 
@@ -753,7 +764,7 @@ else if (sortKey.equalsIgnoreCase("popularity"))
 		SurveyFilter filter = (SurveyFilter) request.getSession().getAttribute("lastPublicSurveyFilter");
 
 		SqlPagination sqlPagination = new SqlPagination(newPage, itemsPerPage);
-		return surveyService.getSurveysIncludingTranslationLanguages(filter, sqlPagination, false);
+		return surveyService.getSurveysIncludingTranslationLanguages(filter, sqlPagination, false, false);
 	}
 
 	@RequestMapping(value = "/validate/{id}/{code}", method = {RequestMethod.GET, RequestMethod.HEAD})
@@ -811,4 +822,82 @@ public void notifyError(HttpServletRequest request, Locale locale, HttpServletRe
 		machineTranslationService.saveErrorResponse(requestId,targetLanguage,errorCode,errorMessage);
 	}
 
+	@RequestMapping(value = "/home/reportAbuse", method = RequestMethod.GET)
+	public String reportAbuse (HttpServletRequest request, Locale locale, Model model) throws InvalidURLException {	
+		model.addAttribute("lang", locale.getLanguage());
+		model.addAttribute("runnermode", true);
+
+		String surveyid = request.getParameter("survey");
+		if (surveyid == null || surveyid.trim().length() == 0)
+		{
+			throw new InvalidURLException();
+		}
+
+		try {
+			int id = Integer.parseInt(surveyid);
+
+			Survey survey = surveyService.getSurvey(id);
+
+			if (survey == null)
+			{
+				throw new InvalidURLException();
+			}
+
+			model.addAttribute("AbuseSurvey", survey.getUniqueId());
+			model.addAttribute("AbuseType", "");
+			model.addAttribute("AbuseText", "");
+			model.addAttribute("AbuseEmail", "");
+
+		} catch (NumberFormatException e)
+		{
+			throw new InvalidURLException();
+		}
+
+		return "home/reportabuse";
+	}
+
+	@RequestMapping(value = "home/reportAbuse", method = RequestMethod.POST)
+	public ModelAndView reportAbusePOST(HttpServletRequest request, Locale locale, HttpServletResponse response) throws NumberFormatException, Exception {
+		ModelAndView model = new ModelAndView("home/reportabuse");
+
+		String uid = request.getParameter("abuseSurvey");
+		String type = request.getParameter("abuseType");
+		String text = request.getParameter("abuseText");
+		String email = request.getParameter("abuseEmail");
+
+		Survey survey = surveyService.getSurveyByUniqueId(uid, false, true);
+
+		if (survey == null)
+		{
+			throw new InvalidURLException();
+		}
+
+		if (!checkCaptcha(request)) {			
+			model.addObject("wrongcaptcha", true);
+			model.addObject("contextpath", contextpath);
+
+			model.addObject("AbuseSurvey", uid);
+			model.addObject("AbuseType", type);
+			model.addObject("AbuseText", text);
+			model.addObject("AbuseEmail", email);
+
+			return model;
+		}		
+
+		logger.info("HomeController.reportAbuse called with abuseType " + type);
+
+		surveyService.reportAbuse(survey, type, text, email);
+
+		model = new ModelAndView("error/info");
+		String message = resources.getMessage("info.ReportAbuseSent", null, "The abuse has been reported to the team in charge of the service.", locale);
+
+		model.addObject("message", message);
+		model.addObject("contextpath", contextpath);
+
+		String link = serverPrefix + "runner/" + survey.getShortname();
+		model.addObject("SurveyLink", link);
+
+		return model;
+	}
+
 }

src/main/java/com/ec/survey/controller/HttpErrorController.java

@@ -51,6 +51,18 @@ public ModelAndView handleException(HttpServletRequest request){
 		request.getSession().setAttribute("lastErrorTime", new Date());
 		request.getSession().setAttribute("lastErrorURL", request.getAttribute("javax.servlet.error.request_uri"));
 		return new ModelAndView("error/500","error","exception" );
+	}
+
+	@RequestMapping(value = "/2fa.html")
+	@ResponseStatus(value = HttpStatus.INTERNAL_SERVER_ERROR)
+	public ModelAndView handle2fa(HttpServletRequest request){
+		return new ModelAndView("error/2fa","error","exception" );
+	}
+
+	@RequestMapping(value = "/frozen.html")
+	@ResponseStatus(value = HttpStatus.INTERNAL_SERVER_ERROR)
+	public ModelAndView handlefrozen(HttpServletRequest request){
+		return new ModelAndView("error/frozen","error","exception" );
 	}	
 
 }