diff options
author | Antoine A <> | 2024-03-28 12:36:32 +0100 |
---|---|---|
committer | Antoine A <> | 2024-03-28 12:36:32 +0100 |
commit | bd1b5b9de8c653df110e37243292495e4748fff4 (patch) | |
tree | 3a60a4eef8e903c747271c4ced9cbf636ab3f9ef | |
parent | 87b44b39a4f0813000aea1bec33b1aef579e7b82 (diff) | |
download | libeufin-bd1b5b9de8c653df110e37243292495e4748fff4.tar.gz libeufin-bd1b5b9de8c653df110e37243292495e4748fff4.tar.bz2 libeufin-bd1b5b9de8c653df110e37243292495e4748fff4.zip |
Username character restrictionbfh-snack-2024-4
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | bank/src/main/kotlin/tech/libeufin/bank/TalerMessage.kt | 18 | ||||
-rw-r--r-- | bank/src/test/kotlin/CoreBankApiTest.kt | 28 |
3 files changed, 43 insertions, 5 deletions
@@ -108,7 +108,7 @@ common-test: install-nobuild-files ./gradlew :common:test --tests $(test) -i .PHONY: testbench-test -testbench-test: install-nobuild-files +integration-test: install-nobuild-files ./gradlew :testbench:test --tests $(test) -i .PHONY: testbench diff --git a/bank/src/main/kotlin/tech/libeufin/bank/TalerMessage.kt b/bank/src/main/kotlin/tech/libeufin/bank/TalerMessage.kt index b9bfcbec..5b2995c3 100644 --- a/bank/src/main/kotlin/tech/libeufin/bank/TalerMessage.kt +++ b/bank/src/main/kotlin/tech/libeufin/bank/TalerMessage.kt @@ -158,15 +158,15 @@ data class ChallengeContactData( val phone: Option<String?> = Option.None ) { init { - if (email.get()?.let { !EMAIL_PATTERN.matches(it) } == true) + if (email.get()?.let { !EMAIL_PATTERN.matches(it) } ?: false) throw badRequest("email contact data '$email' is malformed") - if (phone.get()?.let { !PHONE_PATTERN.matches(it) } == true) + if (phone.get()?.let { !PHONE_PATTERN.matches(it) } ?: false) throw badRequest("phone contact data '$phone' is malformed") } companion object { private val EMAIL_PATTERN = Regex("[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,4}") - private val PHONE_PATTERN = Regex("^\\+?[0-9]+$") + private val PHONE_PATTERN = Regex("\\+?[0-9]+") } } @@ -183,7 +183,17 @@ data class RegisterAccountRequest( val payto_uri: Payto? = null, val debit_threshold: TalerAmount? = null, val tan_channel: TanChannel? = null, -) +) { + init { + println(username) + if (!USERNAME_REGEX.matches(username)) + throw badRequest("username '$username' is malformed") + } + + companion object { + private val USERNAME_REGEX = Regex("[a-zA-Z0-9\\-\\._~]+") + } +} @Serializable data class RegisterAccountResponse( diff --git a/bank/src/test/kotlin/CoreBankApiTest.kt b/bank/src/test/kotlin/CoreBankApiTest.kt index 275ed911..6e8af912 100644 --- a/bank/src/test/kotlin/CoreBankApiTest.kt +++ b/bank/src/test/kotlin/CoreBankApiTest.kt @@ -327,6 +327,34 @@ class CoreBankAccountsApiTest { client.getA("/accounts/cashout_keep").assertOkJson<AccountData> { assertEquals(full, it.cashout_payto_uri) } + + // Check input restrictions + obj { + "username" to "username" + "password" to "password" + "name" to "Name" + }.let { req -> + client.post("/accounts") { + json(req) { "username" to "bad/username" } + }.assertBadRequest() + client.post("/accounts") { + json(req) { "username" to " spaces " } + }.assertBadRequest() + client.post("/accounts") { + json(req) { + "contact_data" to obj { + "phone" to " +456" + } + } + }.assertBadRequest() + client.post("/accounts") { + json(req) { + "contact_data" to obj { + "phone" to " test@mail.com" + } + } + }.assertBadRequest() + } } // Test account created with bonus |