Allow the . (dot) and @ (at) character in usernames (#637)

Co-authored-by: Uli Koeth <uli@kiot.eu>
2024-06-26 11:31:24 +02:00 · 2022-05-05 17:48:45 +02:00 · 2022-05-05 17:48:45 +02:00 · 90d5bc8de7
commit 90d5bc8de7
parent c6a685d7c0
4 changed files with 16 additions and 8 deletions
--- a/docs-web-common/src/main/java/com/sismics/rest/util/ValidationUtil.java
+++ b/docs-web-common/src/main/java/com/sismics/rest/util/ValidationUtil.java
@ -21,6 +21,8 @@ public class ValidationUtil {
    
    private static Pattern ALPHANUMERIC_PATTERN = Pattern.compile("[a-zA-Z0-9_]+");
    
+    private static Pattern USERNAME_PATTERN = Pattern.compile("[a-zA-Z0-9_@\\.]+");
+    
    /**
     * Checks that the argument is not null.
     * 
@ -152,6 +154,12 @@ public class ValidationUtil {
        }
    }
    
+    public static void validateUsernamepattern(String s, String name) throws ClientException {
+        if (!USERNAME_PATTERN.matcher(s).matches()) {
+            throw new ClientException("ValidationError", MessageFormat.format("{0} must have only alphanumeric, underscore characters or @ and .", name));
+        }
+    }
+    
    public static void validateRegex(String s, String name, String regex) throws ClientException {
        if (!Pattern.compile(regex).matcher(s).matches()) {
            throw new ClientException("ValidationError", MessageFormat.format("{0} must match {1}", name, regex));
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java
@ -313,7 +313,7 @@ public class GroupResource extends BaseResource {
     * @return Response
     */
    @DELETE
-    @Path("{groupName: [a-zA-Z0-9_]+}/{username: [a-zA-Z0-9_]+}")
+    @Path("{groupName: [a-zA-Z0-9_]+}/{username: [a-zA-Z0-9_@\\.]+}")
    public Response removeMember(@PathParam("groupName") String groupName,
            @PathParam("username") String username) {
        if (!authenticate()) {
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
@ -88,7 +88,7 @@ public class UserResource extends BaseResource {
        
        // Validate the input data
        username = ValidationUtil.validateLength(username, "username", 3, 50);
-        ValidationUtil.validateAlphanumeric(username, "username");
+        ValidationUtil.validateUsernamepattern(username, "username");
        password = ValidationUtil.validateLength(password, "password", 8, 50);
        email = ValidationUtil.validateLength(email, "email", 1, 100);
        Long storageQuota = ValidationUtil.validateLong(storageQuotaStr, "storage_quota");
@ -195,7 +195,7 @@ public class UserResource extends BaseResource {
     * @return Response
     */
    @POST
-    @Path("{username: [a-zA-Z0-9_]+}")
+    @Path("{username: [a-zA-Z0-9_@\\.]+}")
    public Response update(
        @PathParam("username") String username,
        @FormParam("password") String password,
@ -511,7 +511,7 @@ public class UserResource extends BaseResource {
     * @return Response
     */
    @DELETE
-    @Path("{username: [a-zA-Z0-9_]+}")
+    @Path("{username: [a-zA-Z0-9_@\\.]+}")
    public Response delete(@PathParam("username") String username) {
        if (!authenticate()) {
            throw new ForbiddenClientException();
@ -591,7 +591,7 @@ public class UserResource extends BaseResource {
     * @return Response
     */
    @POST
-    @Path("{username: [a-zA-Z0-9_]+}/disable_totp")
+    @Path("{username: [a-zA-Z0-9_@\\.]+}/disable_totp")
    public Response disableTotpUsername(@PathParam("username") String username) {
        if (!authenticate()) {
            throw new ForbiddenClientException();
@ -713,7 +713,7 @@ public class UserResource extends BaseResource {
     * @return Response
     */
    @GET
-    @Path("{username: [a-zA-Z0-9_]+}")
+    @Path("{username: [a-zA-Z0-9_@\\.]+}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response view(@PathParam("username") String username) {
        if (!authenticate()) {
--- a/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html
@ -9,7 +9,7 @@
      <label class="col-sm-2 control-label" for="inputUserUsername">{{ 'settings.user.edit.username' | translate }}</label>
      <div class="col-sm-7">
        <input name="userUsername" type="text" id="inputUserUsername" required ng-disabled="isEdit()" class="form-control"
-               ng-pattern="/^[a-zA-Z0-9_]*$/"
+               ng-pattern="/^[a-zA-Z0-9_@\.]*$/"
               ng-minlength="3" ng-maxlength="50" ng-attr-placeholder="{{ 'settings.user.edit.username' | translate }}" ng-model="user.username"/>
      </div>

@ -129,4 +129,4 @@
      </div>
    </div>
  </form>
-</div>
+</div>