From 0c5936834f927e0b124bd11b2ff147ba7cec8efe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Mili=C4=87?= <marko@tesobe.com>
Date: Fri, 16 Dec 2022 09:09:11 +0100
Subject: [PATCH] feature/Add function which validates UUID strings

---
 obp-api/src/main/scala/code/api/util/APIUtil.scala | 14 +++++++++++++-
 .../src/main/scala/code/api/util/ConsentUtil.scala |  2 +-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala
index 9098c5905..27ebba6f2 100644
--- a/obp-api/src/main/scala/code/api/util/APIUtil.scala
+++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala
@@ -112,8 +112,9 @@ import javassist.{ClassPool, LoaderClassPath}
 import javassist.expr.{ExprEditor, MethodCall}
 import org.apache.commons.io.IOUtils
 import org.apache.commons.lang3.StringUtils
-
 import java.security.AccessControlException
+import java.util.regex.Pattern
+
 import code.users.Users
 
 import scala.collection.mutable
@@ -3482,6 +3483,17 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
    */
   def generateUUID(): String = UUID.randomUUID().toString
 
+  /**
+   * This function validates UUID (Universally Unique Identifier) strings 
+   * @param value a string we're trying to validate
+   * @return false in case the string doesn't represent a UUID, true in case the string represents a UUID
+   */
+  def checkIfStringIsUUID(value: String): Boolean = {
+    Pattern.compile("^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$")
+      .matcher(value).matches()
+  }
+  
+
   def mockedDataText(isMockedData: Boolean) =
     if (isMockedData)
       """**NOTE: This endpoint currently only returns example data.**
diff --git a/obp-api/src/main/scala/code/api/util/ConsentUtil.scala b/obp-api/src/main/scala/code/api/util/ConsentUtil.scala
index 937b92928..d4727ef22 100644
--- a/obp-api/src/main/scala/code/api/util/ConsentUtil.scala
+++ b/obp-api/src/main/scala/code/api/util/ConsentUtil.scala
@@ -381,7 +381,7 @@ object Consent {
   }
   
   def getConsentsJwtValueByConsentId(consentId: String): Option[String] = {
-    ControlHelpers.tryo(UUID.fromString(consentId)).isDefined match {
+    APIUtil.checkIfStringIsUUID(consentId) match {
       case true => // String is a UUID
         Consents.consentProvider.vend.getConsentByConsentId(consentId) match {
           case Full(consent) => Some(consent.jsonWebToken)