fix: Add restriction to username when signing up (#1203)

2025-05-23 02:35:49 +08:00 · 2022-10-10 19:58:02 +08:00 · 2022-10-10 19:58:02 +08:00 · 4c7f6fda37
commit 4c7f6fda37
parent e4a54fe375
6 changed files with 44 additions and 1 deletions
--- a/controllers/account.go
+++ b/controllers/account.go
@ -203,6 +203,12 @@ func (c *ApiController) Signup() {
 		}
 	}

+	msg = object.CheckUsername(user.Name)
+	if msg != "" {
+		c.ResponseError(msg)
+		return
+	}
+
 	affected := object.AddUser(user)
 	if !affected {
 		c.ResponseError(fmt.Sprintf("Failed to create user, user information is invalid: %s", util.StructToJson(user)))
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -411,6 +411,12 @@ func (c *ApiController) Login() {
 				// sync info from 3rd-party if possible
 				object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)

+				msg := object.CheckUsername(user.Name)
+				if msg != "" {
+					c.ResponseError(msg)
+					return
+				}
+
 				affected := object.AddUser(user)
 				if !affected {
 					c.ResponseError(fmt.Sprintf("Failed to create user, user information is invalid: %s", util.StructToJson(user)))
--- a/controllers/user.go
+++ b/controllers/user.go
@ -158,6 +158,12 @@ func (c *ApiController) UpdateUser() {
 		columns = strings.Split(columnsStr, ",")
 	}

+	msg := object.CheckUsername(user.Name)
+	if msg != "" {
+		c.ResponseError(msg)
+		return
+	}
+
 	isGlobalAdmin := c.IsGlobalAdmin()
 	affected := object.UpdateUser(id, &user, columns, isGlobalAdmin)
 	if affected {
@ -183,6 +189,12 @@ func (c *ApiController) AddUser() {
 		return
 	}

+	msg := object.CheckUsername(user.Name)
+	if msg != "" {
+		c.ResponseError(msg)
+		return
+	}
+
 	c.Data["json"] = wrapActionResponse(object.AddUser(&user))
 	c.ServeJSON()
 }
--- a/object/check.go
+++ b/object/check.go
@ -313,3 +313,21 @@ func CheckAccessPermission(userId string, application *Application) (bool, error
 	}
 	return allowed, err
 }
+
+func CheckUsername(name string) string {
+	if name == "" {
+		return "Empty username."
+	} else if len(name) > 39 {
+		return "Username is too long (maximum is 39 characters)."
+	}
+
+	// https://stackoverflow.com/questions/58726546/github-username-convention-using-regex
+	re, _ := regexp.Compile("^[a-zA-Z0-9]+(?:-[a-zA-Z0-9]+)*$")
+	if !re.MatchString(name) {
+		return fmt.Sprintf("The name '%s' may only contain alphanumeric characters or hyphens, "+
+			"cannot have multiple consecutive hyphens, "+
+			"and cannot begin or end with a hyphen.", name)
+	}
+
+	return ""
+}
--- a/object/ldap.go
+++ b/object/ldap.go
@ -409,6 +409,7 @@ func SyncLdapUsers(owner string, users []LdapRespUser, ldapId string) (*[]LdapRe
 				}
 			}
 		}
+
 		if !found && !AddUser(&User{
 			Owner:       owner,
 			Name:        buildLdapUserName(user.Uid, user.UidNumber),
--- a/object/token.go
+++ b/object/token.go
@ -703,7 +703,7 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 		}
 		// Add new user
 		var name string
-		if username != "" {
+		if CheckUsername(username) == "" {
 			name = username
 		} else {
 			name = fmt.Sprintf("wechat-%s", openId)