commit 112e39a988b663a56d13f63d4c6d60ed53b22264
parent 947aacd623bc6659f9b301887247465b71eebf9a
Author: Antoine A <>
Date: Wed, 21 May 2025 17:49:30 +0200
bank: more username restriction
Diffstat:
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/bank/src/main/kotlin/tech/libeufin/bank/Constants.kt b/bank/src/main/kotlin/tech/libeufin/bank/Constants.kt
@@ -39,6 +39,6 @@ const val MAX_TOKEN_CREATION_ATTEMPTS: Int = 5
const val MAX_ACTIVE_CHALLENGES: Int = 5
// API version
-const val COREBANK_API_VERSION: String = "8:1:5"
+const val COREBANK_API_VERSION: String = "8:1:6"
const val CONVERSION_API_VERSION: String = "0:1:0"
const val INTEGRATION_API_VERSION: String = "5:0:5"
diff --git a/bank/src/main/kotlin/tech/libeufin/bank/TalerMessage.kt b/bank/src/main/kotlin/tech/libeufin/bank/TalerMessage.kt
@@ -199,11 +199,11 @@ data class RegisterAccountRequest(
) {
init {
if (!USERNAME_REGEX.matches(username))
- throw badRequest("username '$username' is malformed")
+ throw badRequest("username '$username' is malformed, must match [a-zA-Z0-9\\-\\._~]{1,126}")
}
companion object {
- private val USERNAME_REGEX = Regex("[a-zA-Z0-9\\-\\._~]+")
+ private val USERNAME_REGEX = Regex("^[a-zA-Z0-9\\-\\._~]{1,126}$")
}
}
diff --git a/bank/src/test/kotlin/CoreBankApiTest.kt b/bank/src/test/kotlin/CoreBankApiTest.kt
@@ -495,6 +495,17 @@ class CoreBankAccountsApiTest {
}.assertConflict(TalerErrorCode.BANK_RESERVED_USERNAME_CONFLICT)
}
+ // Malformed username
+ listOf("bad@username", "long".repeat(50)).forEach {
+ client.post("/accounts") {
+ json {
+ "username" to it
+ "password" to "password"
+ "name" to "John Smith"
+ }
+ }.assertBadRequest()
+ }
+
// Non exchange account
client.post("/accounts") {
json {
