diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java index 9ff378fca..08f40b08d 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java @@ -157,6 +157,12 @@ public Response getFENCEProfile(String callback_url, Map authReq logger.debug("getFENCEProfile() starting..."); String fence_code = authRequest.get("code"); + // Validate that the fence code is alphanumeric + if (!fence_code.matches("[a-zA-Z0-9]+")) { + logger.error("getFENCEProfile() fence code is not alphanumeric"); + throw new NotAuthorizedException("The fence code is not alphanumeric"); + } + JsonNode fence_user_profile = null; // Get the Gen3/FENCE user profile. It is a JsonNode object try { diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/OpenAuthenticationService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/OpenAuthenticationService.java index 368b9d6fa..ed9e41620 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/OpenAuthenticationService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/OpenAuthenticationService.java @@ -36,8 +36,12 @@ public Response authenticate(Map authRequest) { // Try to get the user by UUID if (StringUtils.isNotBlank(userUUID)) { - UUID uuid = UUID.fromString(userUUID); - current_user = userRepository.findByUUID(uuid); + try { + UUID uuid = UUID.fromString(userUUID); + current_user = userRepository.findByUUID(uuid); + } catch (IllegalArgumentException e) { + logger.error("Invalid UUID: " + userUUID); + } } // If we can't find the user by UUID, create a new one