Added a check for OAuth2 client, VC, and group name length.

Change-Id: I716854dd0f93c4cda80304c4c6cf34fc35e890ea
diff --git a/full/Changes b/full/Changes
index 372efbe..3670dcc 100644
--- a/full/Changes
+++ b/full/Changes
@@ -10,14 +10,15 @@
    - Removed UserGroupJson & updated listUserGroups and createUserGroup 
      services (margaretha)
    - Added prefixes to username and groupname parameters in service paths 
-     (margaretha, resolved #35)  
+     (margaretha, resolved #35)
 13/11/2019
    - Added tests for issue #43 (margaretha)
 14/11/2019
    - Added client description and URL to list-authorized-clients service 
-     (margaretha, close #53)     
+     (margaretha, close #53)
    - Implemented a service to list clients registered by a user (margaretha, 
-     close #52)   
+     close #52)
+   - Added a check for OAuth2 client, VC, and group name length (margaretha)
 
 # version 0.62.1
 08/07/2019
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
index de7a90c..cfe962d 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
@@ -32,6 +32,7 @@
 import de.ids_mannheim.korap.oauth2.entity.Authorization;
 import de.ids_mannheim.korap.oauth2.entity.OAuth2Client;
 import de.ids_mannheim.korap.oauth2.entity.RefreshToken;
+import de.ids_mannheim.korap.utils.ParameterChecker;
 import de.ids_mannheim.korap.web.input.OAuth2ClientJson;
 
 /**
@@ -80,6 +81,9 @@
 
     public OAuth2ClientDto registerClient (OAuth2ClientJson clientJson,
             String registeredBy) throws KustvaktException {
+        
+        ParameterChecker.checkNameValue(clientJson.getName(), "clientName");
+        
         String url = clientJson.getUrl();
         int urlHashCode = 0;
         if (url != null && !url.isEmpty()) {
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/UserGroupService.java b/full/src/main/java/de/ids_mannheim/korap/service/UserGroupService.java
index 14391d0..090660e 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/UserGroupService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/UserGroupService.java
@@ -214,7 +214,7 @@
      */
     public boolean createUserGroup (String groupName, String members, String createdBy)
             throws KustvaktException {
-        ParameterChecker.checkStringValue(groupName, "groupName");
+        ParameterChecker.checkNameValue(groupName, "groupName");
         ParameterChecker.checkStringValue(createdBy, "createdBy");
         
         if (!groupNamePattern.matcher(groupName).matches()) {
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java b/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
index 4ebb07a..4532991 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
@@ -314,26 +314,26 @@
         }
     }
 
-    public int storeVC (VirtualCorpusJson vc, String name, String createdBy)
+    public void storeVC (VirtualCorpusJson vc, String vcName, String createdBy)
             throws KustvaktException {
         ParameterChecker.checkStringValue(vc.getCorpusQuery(), "corpusQuery");
         String koralQuery = serializeCorpusQuery(vc.getCorpusQuery());
 
-        return storeVC(name, vc.getType(), koralQuery, vc.getDefinition(),
+        storeVC(vcName, vc.getType(), koralQuery, vc.getDefinition(),
                 vc.getDescription(), vc.getStatus(), vc.isCached(), createdBy);
     }
 
-    public int storeVC (String name, VirtualCorpusType type, String koralQuery,
+    public void storeVC (String vcName, VirtualCorpusType type, String koralQuery,
             String definition, String description, String status,
             boolean isCached, String username) throws KustvaktException {
-        ParameterChecker.checkStringValue(name, "name");
+        ParameterChecker.checkNameValue(vcName, "vcName");
         ParameterChecker.checkObjectValue(type, "type");
 
-        if (!vcNamePattern.matcher(name).matches()) {
+        if (!vcNamePattern.matcher(vcName).matches()) {
             throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,
                     "Virtual corpus name must only contains letters, numbers, "
                             + "underscores, hypens and spaces",
-                    name);
+                    vcName);
         }
 
         if (type.equals(VirtualCorpusType.SYSTEM) && !username.equals("system")
@@ -343,12 +343,12 @@
         }
 
         CorpusAccess requiredAccess =
-                determineRequiredAccess(isCached, name, koralQuery);
+                determineRequiredAccess(isCached, vcName, koralQuery);
 
-        if (DEBUG) jlog.debug("Storing VC " + name + "in the database ");
+        if (DEBUG) jlog.debug("Storing VC " + vcName + "in the database ");
         int vcId = 0;
         try {
-            vcId = vcDao.createVirtualCorpus(name, type, requiredAccess,
+            vcId = vcDao.createVirtualCorpus(vcName, type, requiredAccess,
                     koralQuery, definition, description, status, isCached,
                     username);
 
@@ -369,8 +369,6 @@
         if (type.equals(VirtualCorpusType.PUBLISHED)) {
             publishVC(vcId);
         }
-        // EM: should this return anything?
-        return vcId;
     }
 
     private String serializeCorpusQuery (String corpusQuery)
diff --git a/full/src/main/resources/db/mysql/V1.4__oauth2_tables.sql b/full/src/main/resources/db/mysql/V1.4__oauth2_tables.sql
index ff575ee..ff0230f 100644
--- a/full/src/main/resources/db/mysql/V1.4__oauth2_tables.sql
+++ b/full/src/main/resources/db/mysql/V1.4__oauth2_tables.sql
@@ -3,12 +3,12 @@
 -- oauth2 db tables
 CREATE TABLE IF NOT EXISTS oauth2_client (
 	id VARCHAR(100) PRIMARY KEY NOT NULL,
-	name VARCHAR(200) NOT NULL,
-	secret VARCHAR(200) DEFAULT NULL,
-	type VARCHAR(200) NOT NULL,
+	name VARCHAR(100) NOT NULL,
+	secret VARCHAR(255) DEFAULT NULL,
+	type VARCHAR(50) NOT NULL,
 	super BOOLEAN DEFAULT FALSE,
 	redirect_uri TEXT DEFAULT NULL,
-	description VARCHAR(250) NOT NULL,
+	description VARCHAR(255) NOT NULL,
 	registered_by VARCHAR(100) NOT NULL,
 	url_hashcode INTEGER NOT NULL,	
 	url TEXT DEFAULT NULL,
@@ -16,7 +16,7 @@
 );
 
 CREATE TABLE IF NOT EXISTS oauth2_access_scope (
-	id VARCHAR(255) PRIMARY KEY NOT NULL
+	id VARCHAR(100) PRIMARY KEY NOT NULL
 );
 
 -- authorization tables are not needed if using cache 
diff --git a/full/src/main/resources/db/sqlite/V1.4__oauth2_tables.sql b/full/src/main/resources/db/sqlite/V1.4__oauth2_tables.sql
index 2b55824..00be974 100644
--- a/full/src/main/resources/db/sqlite/V1.4__oauth2_tables.sql
+++ b/full/src/main/resources/db/sqlite/V1.4__oauth2_tables.sql
@@ -3,9 +3,9 @@
 -- oauth2 db tables
 CREATE TABLE IF NOT EXISTS oauth2_client (
 	id VARCHAR(100) PRIMARY KEY NOT NULL,
-	name VARCHAR(255) NOT NULL,
+	name VARCHAR(100) NOT NULL,
 	secret VARCHAR(255) DEFAULT NULL,
-	type VARCHAR(255) NOT NULL,
+	type VARCHAR(50) NOT NULL,
 	super BOOLEAN DEFAULT FALSE,
 	redirect_uri TEXT DEFAULT NULL,
 	description VARCHAR(255) NOT NULL,
@@ -17,7 +17,7 @@
 CREATE UNIQUE INDEX client_url_index on oauth2_client(url_hashcode);
 
 CREATE TABLE IF NOT EXISTS oauth2_access_scope (
-	id VARCHAR(255) PRIMARY KEY NOT NULL
+	id VARCHAR(100) PRIMARY KEY NOT NULL
 );
 
 -- authorization tables are not needed if using cache
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
index dfbcee8..59b96f1 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
@@ -153,6 +153,24 @@
     }
 
     @Test
+    public void testRegisterClientNameTooShort ()
+            throws UniformInterfaceException, ClientHandlerException,
+            KustvaktException {
+        OAuth2ClientJson json = new OAuth2ClientJson();
+        json.setName("R");
+        json.setType(OAuth2ClientType.PUBLIC);
+
+        ClientResponse response = registerClient(username, json);
+        String entity = response.getEntity(String.class);
+        JsonNode node = JsonUtils.readTree(entity);
+        assertEquals(StatusCodes.INVALID_ARGUMENT,
+                node.at("/errors/0/0").asInt());
+        assertEquals("clientName must contain at least 3 characters",
+                node.at("/errors/0/1").asText());
+        assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+    }
+    
+    @Test
     public void testRegisterPublicClient () throws UniformInterfaceException,
             ClientHandlerException, KustvaktException {
         OAuth2ClientJson json = new OAuth2ClientJson();
@@ -196,7 +214,7 @@
         testDeregisterPublicClientMissingId();
         testDeregisterPublicClient(clientId,username);
     }
-
+    
     private void testAccessTokenAfterDeregistration (String clientId,
             String clientSecret) throws KustvaktException {
         String userAuthHeader = HttpAuthorizationHandler
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
index 59524af..2770714 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
@@ -205,6 +205,22 @@
     }
     
     @Test
+    public void testCreateGroupNameTooShort () throws UniformInterfaceException,
+            ClientHandlerException, KustvaktException {
+        String groupName = "a"; 
+        String members = "marlin,nemo";
+
+        ClientResponse response = testCreateUserGroup(groupName, members);
+        assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+        
+        JsonNode node = JsonUtils.readTree(response.getEntity(String.class));
+        assertEquals(StatusCodes.INVALID_ARGUMENT, node.at("/errors/0/0").asInt());
+        assertEquals("groupName must contain at least 3 characters",
+                node.at("/errors/0/1").asText());
+        assertEquals("groupName", node.at("/errors/0/2").asText());
+    }
+    
+    @Test
     public void testUserGroup () throws UniformInterfaceException,
             ClientHandlerException, KustvaktException {
 
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
index 418ffb5..a696b57 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
@@ -485,6 +485,28 @@
                 node.at("/errors/0/0").asInt());
     }
 
+    
+    @Test
+    public void testCreateVCNameTooShort () throws KustvaktException {
+        String json = "{\"type\": \"PRIVATE\","
+                + "\"corpusQuery\": \"creationDate since 1820\"}";
+
+        ClientResponse response = resource().path(API_VERSION).path("vc")
+                .path("~"+testUser).path("ne")
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(testUser, "pass"))
+                .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
+                .entity(json).put(ClientResponse.class);
+        String entity = response.getEntity(String.class);
+        assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+
+        JsonNode node = JsonUtils.readTree(entity);
+        assertEquals(StatusCodes.INVALID_ARGUMENT,
+                node.at("/errors/0/0").asInt());
+        assertEquals("vcName must contain at least 3 characters",
+                node.at("/errors/0/1").asText());
+    }
+
     @Test
     public void testCreateVCUnauthorized () throws KustvaktException {
         String json = "{\"type\": \"PRIVATE\","