From 7317edd17df5668feccb1786ec562f3309aaf968 Mon Sep 17 00:00:00 2001
From: Alex Leitner <leitnersalex@gmail.com>
Date: Tue, 7 May 2024 08:23:50 +0900
Subject: [PATCH] GUACAMOLE-1948: Provide a comprehensive error message for
 input exceeding database column.

---
 .../jdbc/connection/ConnectionService.java    | 49 +++++++++++++++++++
 .../src/main/resources/translations/en.json   |  6 ++-
 2 files changed, 54 insertions(+), 1 deletion(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java
index b3ed89ce8c..f7c1203f5f 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java
@@ -29,6 +29,8 @@
 import java.util.Map;
 import java.util.Set;
 import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
+import org.apache.guacamole.language.TranslatableGuacamoleClientOverrunException;
+import org.apache.guacamole.language.TranslatableMessage;
 import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
 import org.apache.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
 import org.apache.guacamole.GuacamoleClientException;
@@ -89,6 +91,11 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
      */
     @Inject
     private GuacamoleTunnelService tunnelService;
+
+    /**
+     * Known limit for the size of the connection parameter values.
+     */
+    private static final int CONNECTION_PARAMETER_VALUE_LIMIT = 4096;
     
     @Override
     protected ModeledDirectoryObjectMapper<ConnectionModel> getObjectMapper() {
@@ -154,11 +161,50 @@ protected ObjectPermissionSet getParentEffectivePermissionSet(ModeledAuthenticat
 
     }
 
+    /**
+     * Validates that all connection parameter values are within the expected size limit.
+     *
+     * @param parameters
+     *     The map of connection parameter name/value pairs to validate.
+     *
+     * @throws GuacamoleClientException
+     *     If any of the parameter values exceed the defined limit.
+     */
+    private void validateParameters(Map<String, String> parameters) throws GuacamoleClientException {
+        // Iterate through each parameter to validate its size
+        for (Map.Entry<String, String> parameter : parameters.entrySet()) {
+            String value = parameter.getValue();
+
+            // Check if parameter value exceeds size limit
+            if (value != null && value.length() > CONNECTION_PARAMETER_VALUE_LIMIT) {
+                
+                Map<String, Object> vars = new HashMap<>();
+                vars.put("MAX_SIZE", CONNECTION_PARAMETER_VALUE_LIMIT);
+                vars.put("PARAMETER_NAME", parameter.getKey());
+                
+                // Create a translatable message with the error key and substitution variables
+                TranslatableMessage translatableMessage = new TranslatableMessage(
+                    "CONNECTION_PARAMETERS.DATABASE_PARAMETER_VALUE_TOO_LONG",
+                    vars
+                );
+                
+                throw new TranslatableGuacamoleClientOverrunException(
+                    "The value provided for connection parameter \"" + parameter.getKey() +
+                    "\" exceeds the maximum allowed length.",
+                    translatableMessage
+                );
+            }
+        }
+    }
+
     @Override
     protected void beforeCreate(ModeledAuthenticatedUser user,
             Connection object, ConnectionModel model)
             throws GuacamoleException {
 
+        // Validate parameters before saving
+        validateParameters(object.getConfiguration().getParameters());
+
         super.beforeCreate(user, object, model);
         
         // Name must not be blank
@@ -177,6 +223,9 @@ protected void beforeUpdate(ModeledAuthenticatedUser user,
             ModeledConnection object, ConnectionModel model)
             throws GuacamoleException {
 
+        // Validate parameters before saving
+        validateParameters(object.getConfiguration().getParameters());
+
         super.beforeUpdate(user, object, model);
 
         // Name must not be blank
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en.json b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en.json
index b286f0c491..68e96a83b3 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en.json
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en.json
@@ -108,6 +108,10 @@
 
         "SECTION_HEADER_RESTRICTIONS" : "Group Restrictions"
 
-    }
+    },
+
+    "CONNECTION_PARAMETERS": {
+        "DATABASE_PARAMETER_VALUE_TOO_LONG": "The value provided for connection parameter {PARAMETER_NAME} exceeds the maximum allowed length of {MAX_SIZE} {MAX_SIZE, plural, one{character} other{characters}}."
+    } 
 
 }