Merge branch 'release-5.6.3'

.babelrc

@@ -1,3 +1,3 @@
 {
-"presets": ["es2015"]
-}
+"presets": ["env"]
+}

package.json

@@ -1,6 +1,6 @@
 {
   "name": "wise",
-  "version": "5.6.2",
+  "version": "5.6.3",
   "description": "Web-based Inquiry Science Environment",
   "main": "app.js",
   "dependencies": {
@@ -10,7 +10,7 @@
     "autoprefixer": "^6.3.1",
     "babel-cli": "6.14.0",
     "babel-core": "6.24.1",
-    "babel-preset-env": "^1.6.0",
+    "babel-preset-env": "^1.6.1",
     "babel-preset-es2015": "6.14.0",
     "browser-sync": "^2.11.1",
     "concurrently": "^3.4.0",
@@ -99,6 +99,7 @@
       "jquery": "npm:jquery@^2.2.0",
       "moment": "npm:moment@^2.11.1",
       "ng-file-upload": "npm:ng-file-upload@^12.0.4",
+      "ng-onload": "npm:ng-onload@^0.8.0",
       "oclazyload": "npm:oclazyload@^1.0.9",
       "svg.draggable.js": "npm:[email protected]",
       "svg.js": "github:svgdotjs/[email protected]",

pom.xml

@@ -35,7 +35,7 @@
   <artifactId>wise</artifactId>
   <packaging>war</packaging>
   <name>Web-based Inquiry Science Environment</name>
-  <version>5.6.2</version>
+  <version>5.6.3</version>
   <url>http://wise5.org</url>
 
   <licenses>

src/main/java/org/wise/portal/domain/project/impl/ProjectImpl.java

@@ -132,7 +132,7 @@ public class ProjectImpl implements Project {
   protected String metadata;
 
   @Column(name = "modulePath", nullable = false)
-  protected String modulePath;
+  protected String modulePath = "";
 
   @ManyToOne(targetEntity = UserImpl.class, fetch = FetchType.LAZY)
   @JoinColumn(name = "owner_fk", nullable = false, unique = false)

src/main/java/org/wise/portal/domain/user/impl/UserImpl.java

@@ -82,28 +82,28 @@ public void setUserDetails(MutableUserDetails userDetails) {
   /**
    * @see User#isStudent()
    */
-  public boolean isStudent(){
+  public boolean isStudent() {
     return this.userDetails.hasGrantedAuthority(UserDetailsService.STUDENT_ROLE);
   }
 
   /**
    * @see User#isTeacher()
    */
-  public boolean isTeacher(){
+  public boolean isTeacher() {
     return this.userDetails.hasGrantedAuthority(UserDetailsService.TEACHER_ROLE);
   }
 
   /**
    * @see User#isAdmin()
    */
-  public boolean isAdmin(){
+  public boolean isAdmin() {
     return this.userDetails.hasGrantedAuthority(UserDetailsService.ADMIN_ROLE);
   }
 
   /**
    * @see User#isTrustedAuthor()
    */
-  public boolean isTrustedAuthor(){
+  public boolean isTrustedAuthor() {
     return this.userDetails.hasGrantedAuthority(UserDetailsService.TRUSTED_AUTHOR_ROLE);
   }
 

src/main/java/org/wise/portal/presentation/validators/ChangePasswordParametersValidator.java

@@ -31,9 +31,11 @@
 import org.springframework.validation.Errors;
 import org.springframework.validation.ValidationUtils;
 import org.springframework.validation.Validator;
+import org.wise.portal.dao.ObjectNotFoundException;
 import org.wise.portal.domain.authentication.impl.BatchStudentChangePasswordParameters;
 import org.wise.portal.domain.authentication.impl.ChangePasswordParameters;
 import org.wise.portal.domain.user.User;
+import org.wise.portal.service.user.UserService;
 
 /**
  * Validator for student's ChangePasswordParameters
@@ -49,35 +51,32 @@ public class ChangePasswordParametersValidator implements Validator {
   @Autowired
   private SystemWideSaltSource systemSaltSource;
 
+  @Autowired
+  private UserService userService;
+
   /**
    * @see Validator#supports(Class)
    */
   @SuppressWarnings("unchecked")
   public boolean supports(Class clazz) {
-    return ChangePasswordParameters.class.isAssignableFrom(clazz)
-        || BatchStudentChangePasswordParameters.class.isAssignableFrom(clazz);
+    return ChangePasswordParameters.class.isAssignableFrom(clazz) ||
+        BatchStudentChangePasswordParameters.class.isAssignableFrom(clazz);
   }
 
-  /**
-   * @see Validator#validate(Object, Errors)
-   */
   public void validate(Object paramsIn, Errors errors) {
     ChangePasswordParameters params = (ChangePasswordParameters) paramsIn;
 
     validatePasswd0(errors,params);
-
     if (errors.getErrorCount() != 0) {
       return;
     }
 
     validatePasswd1(errors,params);
-
     if (errors.getErrorCount() != 0) {
       return;
     }
 
     validatePasswd2(errors,params);
-
     if (errors.getErrorCount() != 0) {
       return;
     }
@@ -91,7 +90,7 @@ public void validate(Object paramsIn, Errors errors) {
    * @param params
    */
   public void validatePasswd0(Errors errors, ChangePasswordParameters params) {
-    User userToCheckPasswordFor = null;
+    User userToCheckPasswordFor;
 
     if (params.getTeacherUser() != null) {
       /*
@@ -108,15 +107,21 @@ public void validatePasswd0(Errors errors, ChangePasswordParameters params) {
       userToCheckPasswordFor = params.getUser();
     }
 
-    //if the user is not an admin we need to make sure they typed in the current teacher password
+    try {
+      userToCheckPasswordFor = userService.retrieveById(userToCheckPasswordFor.getId());
+    } catch (ObjectNotFoundException e) {
+      errors.rejectValue("passwd0", "presentation.validators.ChangePasswordParametersValidator.errorIncorrectCurrentPassword");
+    } catch (Exception e) {
+      System.out.println("error");
+    }
     if (!userToCheckPasswordFor.isAdmin()) {
       Md5PasswordEncoder encoder = new Md5PasswordEncoder();
-      String typedInCurrentPassword = params.getPasswd0();
-      if (typedInCurrentPassword != null) {
-        String hashedTypedInCurrentPassword = encoder.encodePassword(typedInCurrentPassword, systemSaltSource.getSystemWideSalt());
+      String currentPassword = params.getPasswd0();
+      if (currentPassword != null) {
+        String hasedCurrentPassword = encoder.encodePassword(currentPassword, systemSaltSource.getSystemWideSalt());
         String hashedActualCurrentPassword = userToCheckPasswordFor.getUserDetails().getPassword();
-        if (hashedTypedInCurrentPassword != null && hashedActualCurrentPassword != null &&
-          hashedTypedInCurrentPassword.equals(hashedActualCurrentPassword)) {
+        if (hasedCurrentPassword != null && hashedActualCurrentPassword != null &&
+            hasedCurrentPassword.equals(hashedActualCurrentPassword)) {
         } else {
           errors.rejectValue("passwd0", "presentation.validators.ChangePasswordParametersValidator.errorIncorrectCurrentPassword");
         }

src/main/java/org/wise/portal/presentation/validators/StudentAccountFormValidator.java

@@ -1,5 +1,5 @@
 /**
- * Copyright (c) 2008-2015 Regents of the University of California (Regents).
+ * Copyright (c) 2008-2017 Regents of the University of California (Regents).
  * Created by WISE, Graduate School of Education, University of California, Berkeley.
  *
  * This software is distributed under the GNU General Public License, v3,
@@ -24,9 +24,8 @@
 package org.wise.portal.presentation.validators;
 
 import java.util.Set;
-
-
-
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@@ -59,29 +58,45 @@ public boolean supports(Class clazz) {
   public void validate(Object userAccountFormIn, Errors errors) {
     super.validate(userAccountFormIn, errors);
 
-    if (errors.hasErrors())
+    if (errors.hasErrors()) {
       return;
+    }
 
     StudentAccountForm studentAccountForm = (StudentAccountForm) userAccountFormIn;
     StudentUserDetails userDetails = (StudentUserDetails) studentAccountForm.getUserDetails();
 
     if (studentAccountForm.isNewAccount()) {
       if (userDetails.getPassword() == null || userDetails.getPassword().length() < 1 ||
-        !userDetails.getPassword().equals(studentAccountForm.getRepeatedPassword())) {
+          !userDetails.getPassword().equals(studentAccountForm.getRepeatedPassword())) {
         errors.reject("error.passwords-mismatch",
-          "Passwords did not match or were not provided. Matching passwords are required.");
+            "Passwords did not match or were not provided. Matching passwords are required.");
+      }
+
+      String firstName = userDetails.getFirstname();
+      String lastName = userDetails.getLastname();
+
+      Pattern pattern = Pattern.compile("[a-zA-Z]*");
+      Matcher firstNameMatcher = pattern.matcher(firstName);
+      Matcher lastNameMatcher = pattern.matcher(lastName);
+
+      if (!firstNameMatcher.matches()) {
+        errors.rejectValue("userDetails.firstname", "error.firstname-illegal-characters");
+      }
+
+      if (!lastNameMatcher.matches()) {
+        errors.rejectValue("userDetails.lastname", "error.lastname-illegal-characters");
       }
 
       String projectCode = studentAccountForm.getProjectCode();
       if (projectCode == null || projectCode.length() < 1) {
         errors.reject("error.projectcode-empty",
-          "Project Code must be specified. Get this from your teacher.");
+            "Project Code must be specified. Get this from your teacher.");
         return;
       } else {
         Projectcode projectcode = new Projectcode(projectCode);
         if (!projectcode.isLegalProjectcode()) {
           errors.reject("error.projectcode-invalid",
-            "Project Code is invalid. Get this from your teacher.");
+              "Project Code is invalid. Get this from your teacher.");
           return;
         }
         String runcode = projectcode.getRuncode();
@@ -91,12 +106,12 @@ public void validate(Object userAccountFormIn, Errors errors) {
           run = runService.retrieveRunByRuncode(runcode);
         } catch (ObjectNotFoundException e) {
           errors.reject("error.projectcode-not-in-db",
-            "Project Code is invalid. Get this from your teacher.");
+              "Project Code is invalid. Get this from your teacher.");
           return;
         }
         if (run == null) {
           errors.reject("error.projectcode-not-in-db",
-            "Project Code is invalid. Get this from your teacher.");
+              "Project Code is invalid. Get this from your teacher.");
           return;
         } else {
           boolean periodExists = false;
@@ -108,30 +123,29 @@ public void validate(Object userAccountFormIn, Errors errors) {
           }
           if (!periodExists) {
             errors.reject("error.projectcode-not-in-db",
-              "Project Code is invalid. Get this from your teacher.");
+                "Project Code is invalid. Get this from your teacher.");
             return;
           }
         }
       }
     } else {
-      // if this is not a new account form (student is updating account info), we don't need to check any more.
+      // if student is updating account, we don't need to check any more.
       return;
     }
 
     ValidationUtils.rejectIfEmptyOrWhitespace(errors, "userDetails.gender",
-      "error.gender-not-specified");
+        "error.gender-not-specified");
 
     ValidationUtils.rejectIfEmptyOrWhitespace(errors, "userDetails.accountQuestion",
-      "error.no-accountquestion");
+        "error.no-accountquestion");
 
     ValidationUtils.rejectIfEmptyOrWhitespace(errors, "userDetails.accountAnswer",
-      "error.no-accountanswer");
+        "error.no-accountanswer");
 
+    ValidationUtils.rejectIfEmptyOrWhitespace(errors, "projectCode", "error.no-projectcode");
 
-    ValidationUtils.rejectIfEmptyOrWhitespace(errors, "projectCode",
-      "error.no-projectcode");
-
-    if (errors.hasErrors())
+    if (errors.hasErrors()) {
       userDetails.setPassword("");
+    }
   }
 }

src/main/java/org/wise/portal/presentation/validators/TeacherAccountFormValidator.java

@@ -1,5 +1,5 @@
 /**
- * Copyright (c) 2008-2015 Regents of the University of California (Regents).
+ * Copyright (c) 2008-2017 Regents of the University of California (Regents).
  * Created by WISE, Graduate School of Education, University of California, Berkeley.
  *
  * This software is distributed under the GNU General Public License, v3,
@@ -52,17 +52,19 @@ public boolean supports(Class clazz) {
   public void validate(Object userAccountFormIn, Errors errors) {
     super.validate(userAccountFormIn, errors);
 
-    if (errors.hasErrors())
+    if (errors.hasErrors()) {
       return;
+    }
     TeacherAccountForm teacherAccountForm = (TeacherAccountForm) userAccountFormIn;
     TeacherUserDetails userDetails = (TeacherUserDetails) teacherAccountForm.getUserDetails();
 
     if (!teacherAccountForm.isNewAccount()) {
       ValidationUtils.rejectIfEmptyOrWhitespace(errors, "userDetails.displayname",
         "error.displayname-not-specified");
     } else {
-      if (!errors.hasErrors() && (userDetails.getPassword() == null || userDetails.getPassword().length() < 1 ||
-        !userDetails.getPassword().equals(teacherAccountForm.getRepeatedPassword()))) {
+      if (!errors.hasErrors() &&
+          (userDetails.getPassword() == null || userDetails.getPassword().length() < 1 ||
+          !userDetails.getPassword().equals(teacherAccountForm.getRepeatedPassword()))) {
         errors.reject("error.passwords-mismatch",
           "Passwords did not match or were not provided. Matching passwords are required.");
       }
@@ -77,9 +79,6 @@ public void validate(Object userAccountFormIn, Errors errors) {
     ValidationUtils.rejectIfEmptyOrWhitespace(errors, "userDetails.schoolname",
       "error.schoolname-not-specified");
 
-    //ValidationUtils.rejectIfEmptyOrWhitespace(errors, "userDetails.curriculumsubjects",
-    //        "error.curriculumsubjects-not-specified");
-
     ValidationUtils.rejectIfEmptyOrWhitespace(errors, "userDetails.schoollevel",
       "error.schoollevel-not-specified");
 
@@ -96,13 +95,13 @@ public void validate(Object userAccountFormIn, Errors errors) {
     // TODO HT: CHECK FOR ILLEGAL EMAIL ADDRESS FORMAT
     String email = userDetails.getEmailAddress();
 
-    //validate email if it is not null and not empty
     if (email != null && !email.trim().equals("")) {
       validateEmail(email, errors);
     }
 
-    if (errors.hasErrors())
+    if (errors.hasErrors()) {
       userDetails.setPassword("");
+    }
   }
 
   /*