From 5ab0af68ad6a0bdf3d1eb84df571f30b25caf040 Mon Sep 17 00:00:00 2001
From: Ancuta Morarasu <ancuta.morarasu@ness.com>
Date: Wed, 11 May 2016 12:12:55 +0000
Subject: [PATCH] Merged HEAD (5.2) to 5.2.N (5.2.1)    126586 jkaabimofrad:
 Merged FILE-FOLDER-API (5.2.0) to HEAD (5.2)       124792 jvonka: RA-767:
 Queries API - min 3 alphanumeric chars in search 'term' (pending requirement
 review)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@126931 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../alfresco/rest/api/impl/QueriesImpl.java   | 26 ++++++++++++++++++-
 .../rest/api/tests/QueriesApiTest.java        | 10 +++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/source/java/org/alfresco/rest/api/impl/QueriesImpl.java b/source/java/org/alfresco/rest/api/impl/QueriesImpl.java
index 5b751f5bee..118f76be80 100644
--- a/source/java/org/alfresco/rest/api/impl/QueriesImpl.java
+++ b/source/java/org/alfresco/rest/api/impl/QueriesImpl.java
@@ -66,6 +66,9 @@ public class QueriesImpl implements Queries, InitializingBean
 
     private final static String QUERY_LIVE_SEARCH_NODES = "live-search-nodes";
 
+    private final static int TERM_MIN_LEN = 3; // review: should this be configurable system-wide (&/or per-tenant in the cloud) ?
+
+
     private final static Map<String,QName> MAP_PARAM_SORT_QNAME;
     static
     {
@@ -112,12 +115,33 @@ public class QueriesImpl implements Queries, InitializingBean
 
         StringBuilder sb = new StringBuilder();
 
-        // TODO check min length, excluding quotes etc
         String term = parameters.getParameter(PARAM_TERM);
         if (term == null)
         {
             throw new InvalidArgumentException("Query 'term' not specified");
         }
+        else
+        {
+            String s = term.trim();
+            int cnt = 0;
+            for (int i = 0; i <  s.length(); i++)
+            {
+                char c = s.charAt(i);
+                if (Character.isLetterOrDigit(c))
+                {
+                    cnt++;
+                    if (cnt == TERM_MIN_LEN)
+                    {
+                        break;
+                    }
+                }
+            }
+
+            if (cnt < TERM_MIN_LEN)
+            {
+                throw new InvalidArgumentException("Query 'term' is too short. Must have at least "+TERM_MIN_LEN+" alphanumeric chars");
+            }
+        }
 
         String rootNodeId = parameters.getParameter(PARAM_ROOT_NODE_ID);
         if (rootNodeId != null)
diff --git a/source/test-java/org/alfresco/rest/api/tests/QueriesApiTest.java b/source/test-java/org/alfresco/rest/api/tests/QueriesApiTest.java
index f5ccd631f7..a6310bb5a7 100644
--- a/source/test-java/org/alfresco/rest/api/tests/QueriesApiTest.java
+++ b/source/test-java/org/alfresco/rest/api/tests/QueriesApiTest.java
@@ -393,6 +393,16 @@ public class QueriesApiTest extends AbstractBaseApiTest
             params.put(Queries.PARAM_ROOT_NODE_ID, myFolderNodeId);
             getAll(URL_QUERIES_LSN, user1, paging, params, 400);
 
+            // -ve test - term too short
+            params = new HashMap<>(1);
+            params.put(Queries.PARAM_TERM, "ab");
+            getAll(URL_QUERIES_LSN, user1, paging, params, 400);
+
+            // -ve test - term is still too short
+            params = new HashMap<>(1);
+            params.put(Queries.PARAM_TERM, "  \"a b *\"  ");
+            getAll(URL_QUERIES_LSN, user1, paging, params, 400);
+
             // -ve test - invalid sort field
             params = new HashMap<>(2);
             params.put(Queries.PARAM_TERM, testTerm);