Don't allow preferred usernames to start with @. Fixes #1058 (#1076)

* Don't allow preferred usernames to start with @. Fixes #1058

* Trim the preferred username.
This commit is contained in:
Dessalines 2020-08-12 07:13:44 -04:00 committed by GitHub
parent 49892690ff
commit d28e5245d2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 3 deletions

View file

@ -162,6 +162,11 @@ pub fn is_valid_username(name: &str) -> bool {
VALID_USERNAME_REGEX.is_match(name)
}
// Can't do a regex here, reverse lookarounds not supported
pub fn is_valid_preferred_username(preferred_username: &str) -> bool {
!preferred_username.starts_with("@") && preferred_username.len() >=3 && preferred_username.len() <= 20
}
pub fn is_valid_community_name(name: &str) -> bool {
VALID_COMMUNITY_NAME_REGEX.is_match(name)
}
@ -176,6 +181,7 @@ mod tests {
is_valid_community_name,
is_valid_post_title,
is_valid_username,
is_valid_preferred_username,
remove_slurs,
scrape_text_for_mentions,
slur_check,
@ -201,6 +207,12 @@ mod tests {
assert!(!is_valid_username(""));
}
#[test]
fn test_valid_preferred_username() {
assert!(is_valid_preferred_username("hello @there"));
assert!(!is_valid_preferred_username("@hello there"));
}
#[test]
fn test_valid_community_name() {
assert!(is_valid_community_name("example"));

View file

@ -51,6 +51,7 @@ use lemmy_db::{
use lemmy_utils::{
generate_actor_keypair,
generate_random_string,
is_valid_preferred_username,
is_valid_username,
make_apub_endpoint,
naive_from_unix,
@ -576,7 +577,12 @@ impl Perform for Oper<SaveUserSettings> {
// The DB constraint should stop too many characters
let preferred_username = match &data.preferred_username {
Some(preferred_username) => Some(preferred_username.to_owned()),
Some(preferred_username) => {
if !is_valid_preferred_username(preferred_username.trim()) {
return Err(APIError::err("invalid_username").into());
}
Some(preferred_username.trim().to_string())
}
None => read_user.preferred_username,
};

View file

@ -79,6 +79,7 @@ export class UserDetails extends Component<UserDetailsProps, UserDetailsState> {
componentDidMount() {
this.fetchUserData();
setupTippy();
}
componentDidUpdate(lastProps: UserDetailsProps) {
@ -88,7 +89,6 @@ export class UserDetails extends Component<UserDetailsProps, UserDetailsState> {
break;
}
}
setupTippy();
}
fetchUserData() {

View file

@ -180,6 +180,7 @@ export class User extends Component<any, UserState> {
);
WebSocketService.Instance.getSite();
setupTippy();
}
get isCurrentUser() {
@ -226,7 +227,6 @@ export class User extends Component<any, UserState> {
// Couldnt get a refresh working. This does for now.
location.reload();
}
setupTippy();
}
get documentTitle(): string {
@ -565,6 +565,7 @@ export class User extends Component<any, UserState> {
this,
this.handleUserSettingsPreferredUsernameChange
)}
pattern="^(?!@)(.+)$"
minLength={3}
maxLength={20}
/>