fix parsing rule

src/server/routes/apiv3/security-setting.js

@@ -664,8 +664,13 @@ module.exports = (crowi) => {
     const rule = req.body.ABLCRule;
     // Empty string disables attribute-based login control.
     // So, when rule is empty string, validation is passed.
-    if (rule != null && (rule == null || luceneQueryParser.parse(rule) == null)) {
-      return res.apiv3Err(req.t('form_validation.invalid_syntax', req.t('security_setting.form_item_name.ABLCRule')), 400);
+    if (rule != null) {
+      try {
+        crowi.passportService.parseABLCRule(rule);
+      }
+      catch (err) {
+        return res.apiv3Err(req.t('form_validation.invalid_syntax', req.t('security_setting.form_item_name.ABLCRule')), 400);
+      }
     }
 
     const requestParams = {

src/server/service/passport.js

@@ -666,6 +666,18 @@ class PassportService {
     return missingRequireds;
   }
 
+  /**
+   * Parse Attribute-Based Login Control Rule as Lucene Query
+   * @param {string} rule Lucene syntax string
+   * @returns {object} Expression Tree Structure generated by lucene-query-parser
+   * @see https://github.com/thoward/lucene-query-parser.js/wiki
+   */
+  parseABLCRule(rule) {
+    // parse with lucene-query-parser
+    // see https://github.com/thoward/lucene-query-parser.js/wiki
+    return luceneQueryParser.parse(rule);
+  }
+
   /**
    * Verify that a SAML response meets the attribute-base login control rule
    */
@@ -675,12 +687,7 @@ class PassportService {
       return true;
     }
 
-    // parse with lucene-query-parser
-    // see https://github.com/thoward/lucene-query-parser.js/wiki
-    const luceneRule = luceneQueryParser.parse(rule);
-    if (luceneRule == null) {
-      return false;
-    }
+    const luceneRule = this.parseABLCRule(rule);
     debug({ 'Parsed Rule': JSON.stringify(luceneRule, null, 2) });
 
     const attributes = this.extractAttributesFromSAMLResponse(response);