From 4aa272b6d8cb2fb3926906fd39a48e8e0aa84687 Mon Sep 17 00:00:00 2001
From: Andrey Belousov <groundhog448@gmail.com>
Date: Wed, 18 Dec 2019 00:57:13 +0000
Subject: [PATCH] Added UUID validation

---
 .../controllers/CinemasController.kt               | 14 +++++++++++++-
 .../controllers/TicketsController.kt               | 12 +++++++++++-
 .../corporate_app2/controllers/UsersController.kt  | 12 +++++++++++-
 3 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/src/main/kotlin/com/s3ai/corporate_app2/controllers/CinemasController.kt b/src/main/kotlin/com/s3ai/corporate_app2/controllers/CinemasController.kt
index 7d6f4a9..132b58c 100644
--- a/src/main/kotlin/com/s3ai/corporate_app2/controllers/CinemasController.kt
+++ b/src/main/kotlin/com/s3ai/corporate_app2/controllers/CinemasController.kt
@@ -3,10 +3,15 @@ package com.s3ai.corporate_app2.controllers
 import com.s3ai.corporate_app2.Cinema
 import com.s3ai.corporate_app2.CinemaService
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.http.HttpStatus
 import org.springframework.stereotype.Controller
 import org.springframework.ui.Model
 import org.springframework.web.bind.annotation.*
+import org.springframework.web.client.HttpClientErrorException
+import org.springframework.web.server.ResponseStatusException
 import org.springframework.web.servlet.view.RedirectView
+import java.lang.IllegalArgumentException
+import java.util.*
 import java.util.UUID.fromString
 import java.util.UUID.randomUUID
 
@@ -30,7 +35,14 @@ class CinemasController {
             cinema.id = randomUUID()
             model.addAttribute("action", "Create")
         } else {
-            cinema = cinemaService.findById(fromString(id))
+            val idParsed: UUID
+            try {
+                idParsed = fromString(id)
+            }
+            catch (e: IllegalArgumentException){
+                throw ResponseStatusException(HttpStatus.BAD_REQUEST)
+            }
+            cinema = cinemaService.findById(idParsed)
             model.addAttribute("action", "Edit")
         }
         model.addAttribute("cinema", cinema)
diff --git a/src/main/kotlin/com/s3ai/corporate_app2/controllers/TicketsController.kt b/src/main/kotlin/com/s3ai/corporate_app2/controllers/TicketsController.kt
index 3893625..4c865d0 100644
--- a/src/main/kotlin/com/s3ai/corporate_app2/controllers/TicketsController.kt
+++ b/src/main/kotlin/com/s3ai/corporate_app2/controllers/TicketsController.kt
@@ -5,10 +5,13 @@ import com.s3ai.corporate_app2.Ticket
 import com.s3ai.corporate_app2.TicketService
 import com.s3ai.corporate_app2.UserService
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.http.HttpStatus
 import org.springframework.stereotype.Controller
 import org.springframework.ui.Model
 import org.springframework.web.bind.annotation.*
+import org.springframework.web.server.ResponseStatusException
 import org.springframework.web.servlet.view.RedirectView
+import java.lang.IllegalArgumentException
 import java.util.*
 
 @Controller
@@ -35,7 +38,14 @@ class TicketsController {
             ticket.id = UUID.randomUUID()
             model.addAttribute("action", "Create")
         } else {
-            ticket = ticketService.findById(UUID.fromString(id))
+            val idParsed: UUID
+            try {
+                idParsed = UUID.fromString(id)
+            }
+            catch (e: IllegalArgumentException){
+                throw ResponseStatusException(HttpStatus.BAD_REQUEST)
+            }
+            ticket = ticketService.findById(idParsed)
             model.addAttribute("action", "Edit")
         }
         model.addAttribute("ticket", ticket)
diff --git a/src/main/kotlin/com/s3ai/corporate_app2/controllers/UsersController.kt b/src/main/kotlin/com/s3ai/corporate_app2/controllers/UsersController.kt
index 5417954..786a293 100644
--- a/src/main/kotlin/com/s3ai/corporate_app2/controllers/UsersController.kt
+++ b/src/main/kotlin/com/s3ai/corporate_app2/controllers/UsersController.kt
@@ -3,10 +3,13 @@ package com.s3ai.corporate_app2.controllers
 import com.s3ai.corporate_app2.User
 import com.s3ai.corporate_app2.UserService
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.http.HttpStatus
 import org.springframework.stereotype.Controller
 import org.springframework.ui.Model
 import org.springframework.web.bind.annotation.*
+import org.springframework.web.server.ResponseStatusException
 import org.springframework.web.servlet.view.RedirectView
+import java.lang.IllegalArgumentException
 import java.util.*
 
 @Controller
@@ -29,7 +32,14 @@ class UsersController {
             user.id = UUID.randomUUID()
             model.addAttribute("action", "Create")
         } else {
-            user = userService.findById(UUID.fromString(id))
+            val idParsed: UUID
+            try {
+                idParsed = UUID.fromString(id)
+            }
+            catch (e: IllegalArgumentException){
+                throw ResponseStatusException(HttpStatus.BAD_REQUEST)
+            }
+            user = userService.findById(idParsed)
             model.addAttribute("action", "Edit")
         }
         model.addAttribute("user", user)
-- 
GitLab