Skip to content

Commit

Permalink
Validate usernames upon creation
Browse files Browse the repository at this point in the history
The validation doesn't apply to already created usernames.

This should close miniflux#925
  • Loading branch information
jvoisin committed Dec 26, 2024
1 parent 89620a7 commit e54ff95
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 0 deletions.
22 changes: 22 additions & 0 deletions internal/validator/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package validator // import "miniflux.app/v2/internal/validator"
import (
"slices"
"strings"
"unicode"

"miniflux.app/v2/internal/locale"
"miniflux.app/v2/internal/model"
Expand All @@ -22,6 +23,10 @@ func ValidateUserCreationWithPassword(store *storage.Storage, request *model.Use
return locale.NewLocalizedError("error.user_already_exists")
}

if err := validateUsername(request.Username); err != nil {
return err
}

if err := validatePassword(request.Password); err != nil {
return err
}
Expand Down Expand Up @@ -146,6 +151,23 @@ func validatePassword(password string) *locale.LocalizedError {
return nil
}

// validateUsername return an error if the `username` argument contains
// a character that isn't alphanumerical nor `_` and `-`.
func validateUsername(username string) *locale.LocalizedError {
if strings.ContainsFunc(username, func(r rune) bool {
if unicode.IsLetter(r) || unicode.IsNumber(r) {
return false
}
if r == '_' || r == '-' || r == '@' || r == '.' {
return false
}
return true
}) {
return locale.NewLocalizedError("error.invalid_username")
}
return nil
}

func validateTheme(theme string) *locale.LocalizedError {
themes := model.Themes()
if _, found := themes[theme]; !found {
Expand Down
23 changes: 23 additions & 0 deletions internal/validator/validator_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
package validator // import "miniflux.app/v2/internal/validator"

import "testing"
import "miniflux.app/v2/internal/locale"

func TestIsValidURL(t *testing.T) {
scenarios := map[string]bool{
Expand Down Expand Up @@ -77,3 +78,25 @@ func TestIsValidDomain(t *testing.T) {
}
}
}

func TestValidateUsername(t *testing.T) {
scenarios := map[string]*locale.LocalizedError{
"jvoisin": nil,
"j.voisin": nil,
"[email protected]": nil,
" invalid": locale.NewLocalizedError("error.invalid_username"),
}

for username, expected := range scenarios {
result := validateUsername(username)
if expected == nil {
if result != nil {
t.Errorf(`got an unexpected error for %q instead of nil: %v`, username, result)
}
} else {
if result == nil {
t.Errorf(`expected an error, got nil.`)
}
}
}
}

0 comments on commit e54ff95

Please sign in to comment.