Closes #2635: Make owner-is-null=owner-is-null not valid, allow use c…

…ase "owner-is-null=true"

rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/util/QueryParamsValidator.java

@@ -2,14 +2,13 @@
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 import jakarta.servlet.http.HttpServletRequest;
+import java.util.Arrays;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
-import pro.taskana.common.api.exceptions.InvalidArgumentException;
 
 public class QueryParamsValidator {
 
@@ -35,21 +34,57 @@ public static void validateParams(HttpServletRequest request, Class<?>... filter
     if (!providedParams.isEmpty()) {
       throw new IllegalArgumentException("Unknown request parameters found: " + providedParams);
     }
-    checkExactParam(request, "owner-is-null");
   }
 
-  public static void checkExactParam(HttpServletRequest request, String queryParameter) {
-    String queryString = request.getQueryString();
-    boolean containParam = queryString != null && queryString.contains(queryParameter);
-    if (containParam) {
-      Pattern pattern = Pattern.compile("\\b" + queryParameter + "(&|$)");
-      Matcher matcher = pattern.matcher(queryString);
-
-      boolean hasExactParam = matcher.find();
-      if (!hasExactParam) {
-        throw new InvalidArgumentException(
-            "It is prohibited to use the param " + queryParameter + " with values.");
-      }
+  public static boolean hasQueryParameterValues(HttpServletRequest request, String queryParameter) {
+
+    Map<String, String[]> queryParametersMap = request.getParameterMap();
+
+    if (queryParametersMap.isEmpty()) {
+      return false;
+    }
+
+    String[] queryParameterValues = queryParametersMap.get(queryParameter);
+
+    if (queryParameterValues == null) {
+      return false;
     }
+
+    boolean hasQueryParameterNotEmptyValues =
+        Arrays.stream(queryParameterValues).anyMatch(value -> !value.isBlank());
+
+    /* Workaround to manage the case "query-param=".
+    It should be safe enough to use because we have checked all other possibilities before. */
+    boolean hasQueryParameterEmptyValues = request.getQueryString().contains(queryParameter + "=");
+
+    return hasQueryParameterNotEmptyValues || hasQueryParameterEmptyValues;
+  }
+
+  public static boolean hasQueryParameterValuesOrIsNotTrue(
+      HttpServletRequest request, String queryParameter) {
+
+    Map<String, String[]> queryParametersMap = request.getParameterMap();
+
+    if (queryParametersMap.isEmpty()) {
+      return false;
+    }
+
+    String[] queryParameterValues = queryParametersMap.get(queryParameter);
+
+    if (queryParameterValues == null) {
+      return false;
+    }
+
+    boolean hasQueryParameterProhibitedValues =
+        Arrays.stream(queryParameterValues)
+            .anyMatch(value -> !value.isBlank() && !Boolean.parseBoolean(value));
+
+    /* Workaround to manage the case "query-param=".
+    It should be safe enough to use because we have checked all other possibilities before. */
+    boolean hasQueryParameterEmptyValues =
+        Arrays.stream(queryParameterValues).allMatch(String::isBlank)
+            && request.getQueryString().contains(queryParameter + "=");
+
+    return hasQueryParameterProhibitedValues || hasQueryParameterEmptyValues;
   }
 }

rest/taskana-rest-spring/src/main/java/pro/taskana/task/rest/TaskController.java

@@ -139,6 +139,7 @@ public ResponseEntity<TaskRepresentationModel> createTask(
    * @param sortParameter the sort parameters
    * @param pagingParameter the paging parameters
    * @return the Tasks with the given filter, sort and paging options.
+   * @throws InvalidArgumentException if the query parameter "owner-is-null" has values
    */
   @GetMapping(path = RestEndpoints.URL_TASKS)
   @Transactional(readOnly = true, rollbackFor = Exception.class)
@@ -158,6 +159,12 @@ public ResponseEntity<TaskSummaryPagedRepresentationModel> getTasks(
         TaskQueryGroupByParameter.class,
         QuerySortParameter.class,
         QueryPagingParameter.class);
+
+    if (QueryParamsValidator.hasQueryParameterValuesOrIsNotTrue(request, "owner-is-null")) {
+      throw new InvalidArgumentException(
+          "It is prohibited to use the param owner-is-null with values.");
+    }
+
     TaskQuery query = taskService.createTaskQuery();
 
     filterParameter.apply(query);