diff --git a/src/groups.js b/src/groups.js index 1e08caae2..0f3ba2d15 100644 --- a/src/groups.js +++ b/src/groups.js @@ -60,7 +60,7 @@ GroupError.NOT_ALLOWED = 'Not Allowed'; function validateGroupname(name) { assert.strictEqual(typeof name, 'string'); - if (name.length < 2) return new GroupError(GroupError.BAD_FIELD, 'name must be atleast 2 chars'); + if (name.length < 1) return new GroupError(GroupError.BAD_FIELD, 'name must be atleast 1 char'); if (name.length >= 200) return new GroupError(GroupError.BAD_FIELD, 'name too long'); if (constants.RESERVED_NAMES.indexOf(name) !== -1) return new GroupError(GroupError.BAD_FIELD, 'name is reserved'); diff --git a/src/routes/user.js b/src/routes/user.js index 0a4a6c3b3..0a0e7841a 100644 --- a/src/routes/user.js +++ b/src/routes/user.js @@ -42,7 +42,7 @@ function create(req, res, next) { var password = generatePassword(); var email = req.body.email; var sendInvite = req.body.invite; - var username = req.body.username || ''; + var username = 'username' in req.body ? req.body.username : null; var displayName = req.body.displayName || ''; user.create(username, password, email, displayName, auditSource(req), { invitor: req.user, sendInvite: sendInvite }, function (error, user) { diff --git a/src/test/groups-test.js b/src/test/groups-test.js index 0634fe78d..5671d4fd1 100644 --- a/src/test/groups-test.js +++ b/src/test/groups-test.js @@ -54,7 +54,7 @@ describe('Groups', function () { after(cleanup); it('cannot create group - too small', function (done) { - groups.create('a', function (error) { + groups.create('', function (error) { expect(error.reason).to.be(GroupError.BAD_FIELD); done(); }); diff --git a/src/test/user-test.js b/src/test/user-test.js index b1d52a6bf..34da69237 100644 --- a/src/test/user-test.js +++ b/src/test/user-test.js @@ -162,7 +162,7 @@ describe('User', function () { }); it('fails due to short username', function (done) { - user.create('Z', PASSWORD, EMAIL, DISPLAY_NAME, AUDIT_SOURCE, function (error, result) { + user.create('', PASSWORD, EMAIL, DISPLAY_NAME, AUDIT_SOURCE, function (error, result) { expect(error).to.be.ok(); expect(result).to.not.be.ok(); expect(error.reason).to.equal(UserError.BAD_FIELD); diff --git a/src/user.js b/src/user.js index 88ba96b16..6a79b02fc 100644 --- a/src/user.js +++ b/src/user.js @@ -89,10 +89,8 @@ UserError.BAD_TOKEN = 'Bad token'; // keep this in sync with validateGroupname function validateUsername(username) { assert.strictEqual(typeof username, 'string'); - // allow empty usernames - if (username === '') return null; - if (username.length <= 1) return new UserError(UserError.BAD_FIELD, 'Username must be atleast 2 chars'); + if (username.length < 1) return new UserError(UserError.BAD_FIELD, 'Username must be atleast 1 char'); if (username.length >= 200) return new UserError(UserError.BAD_FIELD, 'Username too long'); if (constants.RESERVED_NAMES.indexOf(username) !== -1) return new UserError(UserError.BAD_FIELD, 'Username is reserved'); @@ -129,7 +127,7 @@ function validateDisplayName(name) { } function createUser(username, password, email, displayName, auditSource, options, callback) { - assert.strictEqual(typeof username, 'string'); + assert(username === null || typeof username === 'string'); assert.strictEqual(typeof password, 'string'); assert.strictEqual(typeof email, 'string'); assert.strictEqual(typeof displayName, 'string'); @@ -144,16 +142,18 @@ function createUser(username, password, email, displayName, auditSource, options sendInvite = options && options.sendInvite ? true : false, owner = options && options.owner ? true : false; - // We store usernames and email in lowercase - username = username.toLowerCase(); - email = email.toLowerCase(); + var error; - var error = validateUsername(username); - if (error) return callback(error); + if (username !== null) { + username = username.toLowerCase(); + error = validateUsername(username); + if (error) return callback(error); + } error = validatePassword(password); if (error) return callback(new UserError(UserError.BAD_FIELD, error.message)); + email = email.toLowerCase(); error = validateEmail(email); if (error) return callback(error); diff --git a/src/userdb.js b/src/userdb.js index e9f4eb9ee..2447c449c 100644 --- a/src/userdb.js +++ b/src/userdb.js @@ -28,9 +28,6 @@ var USERS_FIELDS = [ 'id', 'username', 'email', 'password', 'salt', 'createdAt', function postProcess(result) { assert.strictEqual(typeof result, 'object'); - // The username may be null or undefined in the db, let's ensure it is a string - result.username = result.username || ''; - return result; } @@ -129,7 +126,7 @@ function getAllAdmins(callback) { function add(userId, user, callback) { assert.strictEqual(typeof userId, 'string'); - assert.strictEqual(typeof user.username, 'string'); + assert(user.username === null || typeof user.username === 'string'); assert.strictEqual(typeof user.password, 'string'); assert.strictEqual(typeof user.email, 'string'); assert.strictEqual(typeof user.salt, 'string'); @@ -139,7 +136,7 @@ function add(userId, user, callback) { assert.strictEqual(typeof user.displayName, 'string'); assert.strictEqual(typeof callback, 'function'); - var data = [ userId, user.username || null, user.password, user.email, user.salt, user.createdAt, user.modifiedAt, user.resetToken, user.displayName ]; + var data = [ userId, user.username, user.password, user.email, user.salt, user.createdAt, user.modifiedAt, user.resetToken, user.displayName ]; database.query('INSERT INTO users (id, username, password, email, salt, createdAt, modifiedAt, resetToken, displayName) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)', data, function (error, result) { if (error && error.code === 'ER_DUP_ENTRY') { var msg = error.message; @@ -208,8 +205,8 @@ function update(userId, user, callback) { fields.push(k + ' = ?'); if (k === 'username') { - assert.strictEqual(typeof user.username, 'string'); - args.push(user.username || null); + assert(user.username === null || typeof user.username === 'string'); + args.push(user.username); } else if (k === 'email') { assert.strictEqual(typeof user.email, 'string'); args.push(user.email);