Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check username for allowed characters when new user is created #1585

Closed
subotic opened this issue Jan 28, 2020 · 4 comments · Fixed by #1587
Closed

Check username for allowed characters when new user is created #1585

subotic opened this issue Jan 28, 2020 · 4 comments · Fixed by #1587
Assignees
@subotic
Labels
bug something isn't working

Comments

@subotic
Copy link
Collaborator

subotic commented Jan 28, 2020
edited
Loading

Creating a user with "username": "[email protected]" should not be possible.
@subotic subotic added the bug something isn't working label Jan 28, 2020
@subotic subotic self-assigned this Jan 28, 2020
@subotic subotic changed the title When a user is created, the allowed characters for the username should be enforced Check username for allowed characters when new user is created Jan 28, 2020
@subotic subotic added this to the 2020-02 milestone Jan 28, 2020
This was referenced Jan 28, 2020
Open
Merged
@loicjaouen
Copy link
Contributor

it is also possible to create a user donald-duck that is then referred as invalid:

POST http://localhost:3333/admin/users
{
  "email": "[email protected]",
  "givenName": "Donald",
  "familyName": "Duck",
  "username": "donald-duck",
  "password": "test",
  "status": true,
  "lang": "en",
  "systemAdmin": false
}

returns:

{
    "user": {
        "email": "[email protected]",
        "familyName": "Duck",
        "givenName": "Donald",
        "groups": [],
        "id": "http://rdfh.ch/users/mCjxMQ4xQuq12LjaS7qXTQ",
        "lang": "en",
        "password": null,
        "permissions": {
            "administrativePermissionsPerProject": {},
            "groupsPerProject": {}
        },
        "projects": [],
        "sessionId": null,
        "status": true,
        "token": null,
        "username": "donald-duck"
    }
}

but then the query:

GET http://localhost:3333/admin/users/username/donald-duck

returns:

{
    "error": "org.knora.webapi.BadRequestException: Invalid username Some(donald-duck)"
}

@gfoo
Copy link

gfoo commented Jan 30, 2020

@loicjaouen see rules given in original issue by @subotic #1573 (comment)

@subotic
Copy link
Collaborator Author

subotic commented Jan 30, 2020

@loicjaouen Thanks for reporting. Did you try it against the linked PR branch?

@subotic
Copy link
Collaborator Author

subotic commented Jan 31, 2020

I've added a test for -, which the patched version handles correctly.

I've also added validation checks for when an existing username or email wants to be changed into something not allowed.

@subotic subotic modified the milestones: 2020-02, 2020-01 Feb 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@subotic subotic

Labels
bug something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix (webapi): Add enforcing of restrictions for username and email dasch-swiss/dsp-api
3 participants
@subotic @loicjaouen @gfoo