ami/tl-vikunja
1
0
Fork 0
Code

fix: check if usernames contain spaces when creating a new user

Browse Source
This commit is contained in:
kolaente 2023-03-12 15:02:34 +01:00
parent 1f13b5d7b4
commit 672fb35bcb
No known key found for this signature in database
GPG Key ID: F40E70337AB24C9B
4 changed files with 69 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
docs/content/doc/usage/errors.md
View File

@ -24,24 +24,26 @@ This document describes the different errors Vikunja can return.
| ErrorCode | HTTP Status Code | Description | | ErrorCode | HTTP Status Code | Description |
|-----------|------------------|-------------| |-----------|------------------|-------------|
| 1001 | 400 | A user with this username already exists. | | 1001 | 400 | A user with this username already exists. |
| 1002 | 400 | A user with this email address already exists. | | 1002 | 400 | A user with this email address already exists. |
| 1004 | 400 | No username and password specified. | | 1004 | 400 | No username and password specified. |
| 1005 | 404 | The user does not exist. | | 1005 | 404 | The user does not exist. |
| 1006 | 400 | Could not get the user id. | | 1006 | 400 | Could not get the user id. |
| 1008 | 412 | No password reset token provided. | | 1008 | 412 | No password reset token provided. |
| 1009 | 412 | Invalid password reset token. | | 1009 | 412 | Invalid password reset token. |
| 1010 | 412 | Invalid email confirm token. | | 1010 | 412 | Invalid email confirm token. |
| 1011 | 412 | Wrong username or password. | | 1011 | 412 | Wrong username or password. |
| 1012 | 412 | Email address of the user not confirmed. | | 1012 | 412 | Email address of the user not confirmed. |
| 1013 | 412 | New password is empty. | | 1013 | 412 | New password is empty. |
| 1014 | 412 | Old password is empty. | | 1014 | 412 | Old password is empty. |
| 1015 | 412 | Totp is already enabled for this user. | | 1015 | 412 | Totp is already enabled for this user. |
| 1016 | 412 | Totp is not enabled for this user. | | 1016 | 412 | Totp is not enabled for this user. |
| 1017 | 412 | The provided Totp passcode is invalid. | | 1017 | 412 | The provided Totp passcode is invalid. |
| 1018 | 412 | The provided user avatar provider type setting is invalid. | | 1018 | 412 | The provided user avatar provider type setting is invalid. |
| 1019 | 412 | No openid email address was provided. | | 1019 | 412 | No openid email address was provided. |
| 1020 | 412 | This user account is disabled. | | 1020 | 412 | This user account is disabled. |
| 1021 | 412 | This account is managed by a third-party authentication provider. |
| 1021 | 412 | The username must not contain spaces. |
## Validation ## Validation

27
pkg/user/error.go
View File

@ -479,3 +479,30 @@ func (err *ErrAccountIsNotLocal) HTTPError() web.HTTPError {
Message: "This account is managed by a third-party authentication provider.", Message: "This account is managed by a third-party authentication provider.",
} }
} }
// ErrUsernameMustNotContainSpaces represents a "UsernameMustNotContainSpaces" kind of error.
type ErrUsernameMustNotContainSpaces struct {
Username string
}
// IsErrUsernameMustNotContainSpaces checks if an error is a ErrUsernameMustNotContainSpaces.
func IsErrUsernameMustNotContainSpaces(err error) bool {
_, ok := err.(*ErrUsernameMustNotContainSpaces)
return ok
}
func (err *ErrUsernameMustNotContainSpaces) Error() string {
return "username must not contain spaces"
}
// ErrCodeUsernameMustNotContainSpaces holds the unique world-error code of this error
const ErrCodeUsernameMustNotContainSpaces = 1022
// HTTPError holds the http error description
func (err *ErrUsernameMustNotContainSpaces) HTTPError() web.HTTPError {
return web.HTTPError{
HTTPCode: http.StatusPreconditionFailed,
Code: ErrCodeUsernameMustNotContainSpaces,
Message: "The username must not contain spaces.",
}
}

10
pkg/user/user_create.go
View File

@ -17,6 +17,8 @@
package user package user
import ( import (
"strings"
"code.vikunja.io/api/pkg/config" "code.vikunja.io/api/pkg/config"
"code.vikunja.io/api/pkg/events" "code.vikunja.io/api/pkg/events"
"code.vikunja.io/api/pkg/notifications" "code.vikunja.io/api/pkg/notifications"
@ -33,7 +35,7 @@ func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) {
user.Issuer = IssuerLocal user.Issuer = IssuerLocal
} }
// Check if we have all needed information // Check if we have all required information
err = checkIfUserIsValid(user) err = checkIfUserIsValid(user)
if err != nil { if err != nil {
return nil, err return nil, err
@ -128,6 +130,12 @@ func checkIfUserIsValid(user *User) error {
return ErrNoUsernamePassword{} return ErrNoUsernamePassword{}
} }
if strings.Contains(user.Username, " ") {
return &ErrUsernameMustNotContainSpaces{
Username: user.Username,
}
}
return nil return nil
} }

13
pkg/user/user_test.go
View File

@ -133,6 +133,19 @@ func TestCreateUser(t *testing.T) {
}) })
assert.NoError(t, err) assert.NoError(t, err)
}) })
t.Run("space in username", func(t *testing.T) {
db.LoadAndAssertFixtures(t)
s := db.NewSession()
defer s.Close()
_, err := CreateUser(s, &User{
Username: "user name",
Password: "12345",
Email: "user1@example.com",
})
assert.Error(t, err)
assert.True(t, IsErrUsernameMustNotContainSpaces(err))
})
} }
func TestGetUser(t *testing.T) { func TestGetUser(t *testing.T) {