europeana · jeortizquan · Oct 14, 2024 · Oct 11, 2024 · Oct 11, 2024
diff --git a/...s-core-common/src/main/java/eu/europeana/metis/core/workflow/plugins/DepublishPlugin.java b/...s-core-common/src/main/java/eu/europeana/metis/core/workflow/plugins/DepublishPlugin.java
@@ -47,8 +47,7 @@ public String getTopologyName() {
   }
 
   @Override
-  public DpsTask prepareDpsTask(String datasetId,
-      DpsTaskSettings dpsTaskSettings) {
+  public DpsTask prepareDpsTask(String datasetId, DpsTaskSettings dpsTaskSettings) {
 
     Map<String, String> extraParameters = new HashMap<>();
     extraParameters.put(PluginParameterKeys.METIS_DATASET_ID, datasetId);
@@ -63,8 +62,8 @@ public DpsTask prepareDpsTask(String datasetId,
         extraParameters.put(PluginParameterKeys.RECORD_IDS_TO_DEPUBLISH, recordIdList);
       }
     }
-    //TODO: 2024-09-24 - Update below key with the PluginParameterKeys equivalent when it's available
-    extraParameters.put("DEPUBLICATION_REASON", getPluginMetadata().getDepublicationReason().name());
+
+    extraParameters.put(PluginParameterKeys.DEPUBLICATION_REASON, getPluginMetadata().getDepublicationReason().name());
     DpsTask dpsTask = new DpsTask();
     dpsTask.setParameters(extraParameters);
     return dpsTask;

diff --git a/metis-core-rest/src/main/java/eu/europeana/metis/core/rest/controller/DatasetController.java b/metis-core-rest/src/main/java/eu/europeana/metis/core/rest/controller/DatasetController.java
@@ -1,6 +1,7 @@
 package eu.europeana.metis.core.rest.controller;
 
 import static eu.europeana.metis.utils.CommonStringValues.CRLF_PATTERN;
+import static eu.europeana.metis.utils.CommonStringValues.sanitizeCRLF;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 import eu.europeana.metis.authentication.rest.client.AuthenticationClient;
@@ -149,8 +150,9 @@ public void updateDataset(@RequestHeader("Authorization") String authorization,
   @DeleteMapping(value = RestEndpoints.DATASETS_DATASETID)
   @ResponseStatus(HttpStatus.NO_CONTENT)
   public void deleteDataset(@RequestHeader("Authorization") String authorization,
-      @PathVariable("datasetId") String datasetId)
-      throws GenericMetisException {
+      @PathVariable("datasetId") String datasetId) throws GenericMetisException {
+    authorization = sanitizeCRLF(authorization);
+    datasetId = sanitizeCRLF(datasetId);
 
     MetisUserView metisUserView = authenticationClient.getUserByAccessTokenInHeader(authorization);
 
@@ -210,12 +212,15 @@ public Dataset getByDatasetId(@RequestHeader("Authorization") String authorizati
   @ResponseStatus(HttpStatus.OK)
   public DatasetXslt getDatasetXsltByDatasetId(@RequestHeader("Authorization") String authorization,
       @PathVariable("datasetId") String datasetId) throws GenericMetisException {
+    authorization = sanitizeCRLF(authorization);
+    datasetId = sanitizeCRLF(datasetId);
 
     MetisUserView metisUserView = authenticationClient.getUserByAccessTokenInHeader(authorization);
 
     DatasetXslt datasetXslt = datasetService.getDatasetXsltByDatasetId(metisUserView, datasetId);
-    LOGGER.info("Dataset XSLT with datasetId '{}' and xsltId: '{}' found", datasetId,
-        datasetXslt.getId());
+    if (LOGGER.isInfoEnabled()) {
+      LOGGER.info("Dataset XSLT with datasetId '{}' and xsltId: '{}' found", sanitizeCRLF(datasetId), datasetXslt.getId());
+    }
     return datasetXslt;
   }
 

diff --git a/...re-rest/src/main/java/eu/europeana/metis/core/rest/controller/OrchestratorController.java b/...re-rest/src/main/java/eu/europeana/metis/core/rest/controller/OrchestratorController.java
@@ -1,5 +1,7 @@
 package eu.europeana.metis.core.rest.controller;
 
+import static eu.europeana.metis.utils.CommonStringValues.sanitizeCRLF;
+
 import eu.europeana.metis.authentication.rest.client.AuthenticationClient;
 import eu.europeana.metis.authentication.user.MetisUserView;
 import eu.europeana.metis.core.common.DaoFieldNames;
@@ -149,8 +151,11 @@ public void updateWorkflow(
       produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE})
   @ResponseStatus(HttpStatus.NO_CONTENT)
   public void deleteWorkflow(
-      @RequestHeader("Authorization") String authorization,
-      @PathVariable("datasetId") String datasetId) throws GenericMetisException {
+      @RequestHeader("Authorization") String authorization, @PathVariable("datasetId") String datasetId)
+      throws GenericMetisException {
+    authorization = sanitizeCRLF(authorization);
+    datasetId = sanitizeCRLF(datasetId);
+
     MetisUserView metisUserView = authenticationClient.getUserByAccessTokenInHeader(authorization);
     orchestratorService.deleteWorkflow(metisUserView, datasetId);
     if (LOGGER.isInfoEnabled()) {

diff --git a/...est/src/main/java/eu/europeana/metis/core/rest/controller/ScheduleWorkflowController.java b/...est/src/main/java/eu/europeana/metis/core/rest/controller/ScheduleWorkflowController.java
@@ -1,6 +1,7 @@
 package eu.europeana.metis.core.rest.controller;
 
 import static eu.europeana.metis.utils.CommonStringValues.CRLF_PATTERN;
+import static eu.europeana.metis.utils.CommonStringValues.sanitizeCRLF;
 
 import eu.europeana.metis.authentication.rest.client.AuthenticationClient;
 import eu.europeana.metis.authentication.user.MetisUserView;
@@ -149,6 +150,9 @@ public void updateScheduledWorkflow(@RequestHeader("Authorization") String autho
   @ResponseStatus(HttpStatus.NO_CONTENT)
   public void deleteScheduledWorkflowExecution(@RequestHeader("Authorization") String authorization,
       @PathVariable("datasetId") String datasetId) throws GenericMetisException {
+    authorization = sanitizeCRLF(authorization);
+    datasetId = sanitizeCRLF(datasetId);
+
     MetisUserView metisUserView = authenticationClient.getUserByAccessTokenInHeader(authorization);
     scheduleWorkflowService.deleteScheduledWorkflow(metisUserView, datasetId);
     if (LOGGER.isInfoEnabled()) {

diff --git a/...-core-service/src/main/java/eu/europeana/metis/core/service/DepublishRecordIdService.java b/...-core-service/src/main/java/eu/europeana/metis/core/service/DepublishRecordIdService.java
@@ -1,10 +1,13 @@
 package eu.europeana.metis.core.service;
 
+import static java.lang.String.format;
+
 import eu.europeana.metis.authentication.user.MetisUserView;
 import eu.europeana.metis.core.dao.DepublishRecordIdDao;
 import eu.europeana.metis.core.dataset.DatasetExecutionInformation;
 import eu.europeana.metis.core.dataset.DatasetExecutionInformation.PublicationStatus;
 import eu.europeana.metis.core.exceptions.NoDatasetFoundException;
+import eu.europeana.metis.core.exceptions.PluginExecutionNotAllowed;
 import eu.europeana.metis.core.rest.DepublishRecordIdView;
 import eu.europeana.metis.core.rest.ResponseListWrapper;
 import eu.europeana.metis.core.util.DepublishRecordIdSortField;
@@ -186,6 +189,11 @@ public WorkflowExecution createAndAddInQueueDepublishWorkflowExecution(
     // Authorize.
     authorizer.authorizeReadExistingDatasetById(metisUserView, datasetId);
 
+    if (depublicationReason == DepublicationReason.UNKNOWN) {
+      throw new PluginExecutionNotAllowed(
+          format("Depublication reason %s, is not allowed", depublicationReason));
+    }
+
     //Prepare depublish workflow, do not save in the database. Only create workflow execution
     final Workflow workflow = new Workflow();
     workflow.setDatasetId(datasetId);