fix: validate usernames on registration
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
60cd1250a0
commit
11810c9b3e
@ -29,7 +29,7 @@ func TestRegister(t *testing.T) {
|
||||
t.Run("normal register", func(t *testing.T) {
|
||||
rec, err := newTestRequest(t, http.MethodPost, apiv1.RegisterUser, `{
|
||||
"username": "newUser",
|
||||
"password": "1234",
|
||||
"password": "12345678",
|
||||
"email": "email@example.com"
|
||||
}`, nil, nil)
|
||||
assert.NoError(t, err)
|
||||
@ -43,7 +43,7 @@ func TestRegister(t *testing.T) {
|
||||
t.Run("Empty username", func(t *testing.T) {
|
||||
_, err := newTestRequest(t, http.MethodPost, apiv1.RegisterUser, `{
|
||||
"username": "",
|
||||
"password": "1234",
|
||||
"password": "12345678",
|
||||
"email": "email@example.com"
|
||||
}`, nil, nil)
|
||||
assert.Error(t, err)
|
||||
@ -61,7 +61,7 @@ func TestRegister(t *testing.T) {
|
||||
t.Run("Empty email", func(t *testing.T) {
|
||||
_, err := newTestRequest(t, http.MethodPost, apiv1.RegisterUser, `{
|
||||
"username": "newUser",
|
||||
"password": "1234",
|
||||
"password": "12345678",
|
||||
"email": ""
|
||||
}`, nil, nil)
|
||||
assert.Error(t, err)
|
||||
@ -70,7 +70,7 @@ func TestRegister(t *testing.T) {
|
||||
t.Run("Already existing username", func(t *testing.T) {
|
||||
_, err := newTestRequest(t, http.MethodPost, apiv1.RegisterUser, `{
|
||||
"username": "user1",
|
||||
"password": "1234",
|
||||
"password": "12345678",
|
||||
"email": "email@example.com"
|
||||
}`, nil, nil)
|
||||
assert.Error(t, err)
|
||||
@ -79,7 +79,7 @@ func TestRegister(t *testing.T) {
|
||||
t.Run("Already existing email", func(t *testing.T) {
|
||||
_, err := newTestRequest(t, http.MethodPost, apiv1.RegisterUser, `{
|
||||
"username": "newUser",
|
||||
"password": "1234",
|
||||
"password": "12345678",
|
||||
"email": "user1@example.com"
|
||||
}`, nil, nil)
|
||||
assert.Error(t, err)
|
||||
|
@ -17,6 +17,7 @@
|
||||
package v1
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"net/http"
|
||||
|
||||
"code.vikunja.io/api/pkg/db"
|
||||
@ -44,11 +45,19 @@ func RegisterUser(c echo.Context) error {
|
||||
return echo.ErrNotFound
|
||||
}
|
||||
// Check for Request Content
|
||||
var datUser *user.APIUserPassword
|
||||
if err := c.Bind(&datUser); err != nil {
|
||||
var userIn *user.APIUserPassword
|
||||
if err := c.Bind(&userIn); err != nil {
|
||||
return c.JSON(http.StatusBadRequest, models.Message{Message: "No or invalid user model provided."})
|
||||
}
|
||||
if datUser == nil {
|
||||
if err := c.Validate(userIn); err != nil {
|
||||
e := models.ValidationHTTPError{}
|
||||
if is := errors.As(err, &e); is {
|
||||
return c.JSON(e.HTTPCode, e)
|
||||
}
|
||||
|
||||
return handler.HandleHTTPError(err, c)
|
||||
}
|
||||
if userIn == nil {
|
||||
return c.JSON(http.StatusBadRequest, models.Message{Message: "No or invalid user model provided."})
|
||||
}
|
||||
|
||||
@ -56,7 +65,7 @@ func RegisterUser(c echo.Context) error {
|
||||
defer s.Close()
|
||||
|
||||
// Insert the user
|
||||
newUser, err := user.CreateUser(s, datUser.APIFormat())
|
||||
newUser, err := user.CreateUser(s, userIn.APIFormat())
|
||||
if err != nil {
|
||||
_ = s.Rollback()
|
||||
return handler.HandleHTTPError(err, c)
|
||||
|
@ -17,6 +17,8 @@
|
||||
package routes
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"code.vikunja.io/api/pkg/models"
|
||||
|
||||
"code.vikunja.io/web"
|
||||
@ -41,15 +43,14 @@ func (cv *CustomValidator) Validate(i interface{}) error {
|
||||
errs = append(errs, field+": "+e)
|
||||
}
|
||||
|
||||
httperr := models.ValidationHTTPError{
|
||||
return models.ValidationHTTPError{
|
||||
HTTPError: web.HTTPError{
|
||||
Code: models.ErrCodeInvalidData,
|
||||
Message: "Invalid Data",
|
||||
HTTPCode: http.StatusPreconditionFailed,
|
||||
Code: models.ErrCodeInvalidData,
|
||||
Message: "Invalid Data",
|
||||
},
|
||||
InvalidFields: errs,
|
||||
}
|
||||
|
||||
return httperr
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -183,8 +183,8 @@ func GetFromAuth(a web.Auth) (*User, error) {
|
||||
type APIUserPassword struct {
|
||||
// The unique, numeric id of this user.
|
||||
ID int64 `json:"id"`
|
||||
// The username of the username. Is always unique.
|
||||
Username string `json:"username" valid:"length(3|250)" minLength:"3" maxLength:"250"`
|
||||
// The user's username. Cannot contain anything that looks like an url or whitespaces.
|
||||
Username string `json:"username" valid:"length(3|250),username" minLength:"3" maxLength:"250"`
|
||||
// The user's password in clear text. Only used when registering the user.
|
||||
Password string `json:"password" valid:"length(8|250)" minLength:"8" maxLength:"250"`
|
||||
// The user's email address
|
||||
|
36
pkg/user/username_valid.go
Normal file
36
pkg/user/username_valid.go
Normal file
@ -0,0 +1,36 @@
|
||||
// Vikunja is a to-do list application to facilitate your life.
|
||||
// Copyright 2018-present Vikunja and contributors. All rights reserved.
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public Licensee as published by
|
||||
// the Free Software Foundation, either version 3 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public Licensee for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public Licensee
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
package user
|
||||
|
||||
import "github.com/asaskevich/govalidator"
|
||||
|
||||
func init() {
|
||||
govalidator.TagMap["username"] = func(i string) bool {
|
||||
// To avoid making this overly complicated, we only two things:
|
||||
// 1. No Spaces
|
||||
// 2. Should not look like an url
|
||||
if govalidator.IsURL(i) {
|
||||
return false
|
||||
}
|
||||
|
||||
if govalidator.HasWhitespace(i) {
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user