jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix group name validation to not allow hyphen

Browse Source 
Fixes #70
This commit is contained in:
Girish Ramakrishnan
2016-09-30 12:25:42 -07:00
parent f71b55c9e2
commit ba588a1cd7
4 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/groups.js
+5 -2
View File
@@ -56,15 +56,18 @@ GroupError.BAD_FIELD = 'Field error';
GroupError.NOT_EMPTY = 'Not Empty';
GroupError.NOT_ALLOWED = 'Not Allowed';
// keep this in sync with validateUsername
function validateGroupname(name) {
assert.strictEqual(typeof name, 'string');
if (name.length < 2) return new GroupError(GroupError.BAD_FIELD, 'name must be atleast 2 chars');
if (name.length >= 200) return new GroupError(GroupError.BAD_FIELD, 'name too long');
if (!/^[A-Za-z0-9_-]*$/.test(name)) return new GroupError(GroupError.BAD_FIELD, 'name can only have A-Za-z0-9_-');
if (constants.RESERVED_NAMES.indexOf(name) !== -1) return new GroupError(GroupError.BAD_FIELD, 'name is reserved');
// +/- can be tricky in emails
if (/[^a-zA-Z0-9.]/.test(name)) return new GroupError(GroupError.BAD_FIELD, 'name can only contain alphanumerals and dot');
// app emails are sent using the .app suffix
if (name.indexOf('.app') !== -1) return new GroupError(GroupError.BAD_FIELD, 'name pattern is reserved for apps');
src/test/groups-test.js
+7
View File
@@ -82,6 +82,13 @@ describe('Groups', function () {
});
});
it('cannot create group - invalid', function (done) {
groups.create('cloudron-admin', function (error) {
expect(error.reason).to.be(GroupError.BAD_FIELD);
done();
});
});
it('can create valid group', function (done) {
groups.create(GROUP0_NAME, function (error, result) {
expect(error).to.be(null);
src/test/user-test.js
+2 -2
View File
@@ -157,8 +157,8 @@ describe('User', function () {
});
});
it('fails due to reserved username', function (done) {
user.create('Mailer-Daemon', PASSWORD, EMAIL, DISPLAY_NAME, AUDIT_SOURCE, function (error, result) {
it('fails due to invalid username', function (done) {
user.create('moo-daemon', PASSWORD, EMAIL, DISPLAY_NAME, AUDIT_SOURCE, function (error, result) {
expect(error).to.be.ok();
expect(result).to.not.be.ok();
expect(error.reason).to.equal(UserError.BAD_FIELD);
src/user.js
+2 -1
View File
@@ -86,13 +86,14 @@ UserError.WRONG_PASSWORD = 'Wrong User or Password';
UserError.BAD_FIELD = 'Bad field';
UserError.BAD_TOKEN = 'Bad token';
// keep this in sync with validateGroupname
function validateUsername(username) {
assert.strictEqual(typeof username, 'string');
// allow empty usernames
if (username === '') return null;
if (username.length <= 1) return new UserError(UserError.BAD_FIELD, 'Username must be atleast 2 chars');
if (username.length > 256) return new UserError(UserError.BAD_FIELD, 'Username too long');
if (username.length >= 200) return new UserError(UserError.BAD_FIELD, 'name too long');
if (constants.RESERVED_NAMES.indexOf(username) !== -1) return new UserError(UserError.BAD_FIELD, 'Username is reserved');