From fea902adc8a6e94646e621a974258417f3d68914 Mon Sep 17 00:00:00 2001 From: Ethan Koenig Date: Sat, 1 Jul 2017 15:48:29 -0400 Subject: [PATCH] Check for valid renamed usernames (#2077) * Check for valid renamed usernames * Integration test * Test for username with space * Make name field required --- integrations/user_test.go | 99 +++++++++++++++++++++++++++++++++++++++ modules/auth/user_form.go | 2 +- 2 files changed, 100 insertions(+), 1 deletion(-) diff --git a/integrations/user_test.go b/integrations/user_test.go index d3f7ca1b5..4b7d81cfb 100644 --- a/integrations/user_test.go +++ b/integrations/user_test.go @@ -8,6 +8,9 @@ import ( "net/http" "testing" + "code.gitea.io/gitea/models" + + "github.com/Unknwon/i18n" "github.com/stretchr/testify/assert" ) @@ -18,3 +21,99 @@ func TestViewUser(t *testing.T) { resp := MakeRequest(req) assert.EqualValues(t, http.StatusOK, resp.HeaderCode) } + +func TestRenameUsername(t *testing.T) { + prepareTestEnv(t) + + session := loginUser(t, "user2") + + req := NewRequest(t, "GET", "/user/settings") + resp := session.MakeRequest(t, req) + assert.EqualValues(t, http.StatusOK, resp.HeaderCode) + + htmlDoc := NewHTMLParser(t, resp.Body) + req = NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ + "_csrf": htmlDoc.GetCSRF(), + "name": "newUsername", + "email": "user2@example.com", + }) + resp = session.MakeRequest(t, req) + assert.EqualValues(t, http.StatusFound, resp.HeaderCode) + + models.AssertExistsAndLoadBean(t, &models.User{Name: "newUsername"}) + models.AssertNotExistsBean(t, &models.User{Name: "user2"}) +} + +func TestRenameInvalidUsername(t *testing.T) { + prepareTestEnv(t) + + invalidUsernames := []string{ + "%2f*", + "%2f.", + "%2f..", + "%00", + "thisHas ASpace", + } + + session := loginUser(t, "user2") + for _, invalidUsername := range invalidUsernames { + t.Logf("Testing username %s", invalidUsername) + req := NewRequest(t, "GET", "/user/settings") + resp := session.MakeRequest(t, req) + assert.EqualValues(t, http.StatusOK, resp.HeaderCode) + + htmlDoc := NewHTMLParser(t, resp.Body) + req = NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ + "_csrf": htmlDoc.GetCSRF(), + "name": invalidUsername, + "email": "user2@example.com", + }) + resp = session.MakeRequest(t, req) + assert.EqualValues(t, http.StatusOK, resp.HeaderCode) + htmlDoc = NewHTMLParser(t, resp.Body) + assert.Contains(t, + htmlDoc.doc.Find(".ui.negative.message").Text(), + i18n.Tr("en", "form.alpha_dash_dot_error"), + ) + + models.AssertNotExistsBean(t, &models.User{Name: invalidUsername}) + } +} + +func TestRenameReservedUsername(t *testing.T) { + prepareTestEnv(t) + + reservedUsernames := []string{ + "help", + "user", + "template", + } + + session := loginUser(t, "user2") + for _, reservedUsername := range reservedUsernames { + t.Logf("Testing username %s", reservedUsername) + req := NewRequest(t, "GET", "/user/settings") + resp := session.MakeRequest(t, req) + assert.EqualValues(t, http.StatusOK, resp.HeaderCode) + + htmlDoc := NewHTMLParser(t, resp.Body) + req = NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ + "_csrf": htmlDoc.GetCSRF(), + "name": reservedUsername, + "email": "user2@example.com", + }) + resp = session.MakeRequest(t, req) + assert.EqualValues(t, http.StatusFound, resp.HeaderCode) + + req = NewRequest(t, "GET", "/user/settings") + resp = session.MakeRequest(t, req) + assert.EqualValues(t, http.StatusOK, resp.HeaderCode) + htmlDoc = NewHTMLParser(t, resp.Body) + assert.Contains(t, + htmlDoc.doc.Find(".ui.negative.message").Text(), + i18n.Tr("en", "user.newName_reserved"), + ) + + models.AssertNotExistsBean(t, &models.User{Name: reservedUsername}) + } +} diff --git a/modules/auth/user_form.go b/modules/auth/user_form.go index f4234b04a..3c8ebf725 100644 --- a/modules/auth/user_form.go +++ b/modules/auth/user_form.go @@ -100,7 +100,7 @@ func (f *SignInForm) Validate(ctx *macaron.Context, errs binding.Errors) binding // UpdateProfileForm form for updating profile type UpdateProfileForm struct { - Name string `binding:"OmitEmpty;MaxSize(35)"` + Name string `binding:"Required;AlphaDashDot;MaxSize(35)"` FullName string `binding:"MaxSize(100)"` Email string `binding:"Required;Email;MaxSize(254)"` KeepEmailPrivate bool