libeufin

commit bd1b5b9de8c653df110e37243292495e4748fff4
parent 87b44b39a4f0813000aea1bec33b1aef579e7b82
Author: Antoine A <>
Date:   Thu, 28 Mar 2024 12:36:32 +0100

Username character restriction

Diffstat:
M
Makefile
 | 
2
+-
M
bank/src/main/kotlin/tech/libeufin/bank/TalerMessage.kt
 | 
18
++++++++++++++----
M
bank/src/test/kotlin/CoreBankApiTest.kt
 | 
28
++++++++++++++++++++++++++++

3 files changed, 43 insertions(+), 5 deletions(-)
diff --git a/Makefile b/Makefile
@@ -108,7 +108,7 @@ common-test: install-nobuild-files
 	./gradlew :common:test --tests $(test) -i
 
 .PHONY: testbench-test
-testbench-test: install-nobuild-files
+integration-test: install-nobuild-files
 	./gradlew :testbench:test --tests $(test) -i
 
 .PHONY: testbench
diff --git a/bank/src/main/kotlin/tech/libeufin/bank/TalerMessage.kt b/bank/src/main/kotlin/tech/libeufin/bank/TalerMessage.kt
@@ -158,15 +158,15 @@ data class ChallengeContactData(
     val phone: Option<String?> = Option.None
 ) {
     init {
-        if (email.get()?.let { !EMAIL_PATTERN.matches(it) } == true)
+        if (email.get()?.let { !EMAIL_PATTERN.matches(it) } ?: false)
             throw badRequest("email contact data '$email' is malformed")
 
-        if (phone.get()?.let { !PHONE_PATTERN.matches(it) } == true)
+        if (phone.get()?.let { !PHONE_PATTERN.matches(it) } ?: false)
             throw badRequest("phone contact data '$phone' is malformed")
     }
     companion object {
         private val EMAIL_PATTERN = Regex("[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,4}")
-        private val PHONE_PATTERN = Regex("^\\+?[0-9]+$")
+        private val PHONE_PATTERN = Regex("\\+?[0-9]+")
     }
 }
 
@@ -183,7 +183,17 @@ data class RegisterAccountRequest(
     val payto_uri: Payto? = null,
     val debit_threshold: TalerAmount? = null,
     val tan_channel: TanChannel? = null,
-)
+) {
+    init {
+        println(username)
+        if (!USERNAME_REGEX.matches(username))
+            throw badRequest("username '$username' is malformed")
+    }
+
+    companion object {
+        private val USERNAME_REGEX = Regex("[a-zA-Z0-9\\-\\._~]+")
+    }
+}
 
 @Serializable
 data class RegisterAccountResponse(
diff --git a/bank/src/test/kotlin/CoreBankApiTest.kt b/bank/src/test/kotlin/CoreBankApiTest.kt
@@ -327,6 +327,34 @@ class CoreBankAccountsApiTest {
         client.getA("/accounts/cashout_keep").assertOkJson<AccountData> {
             assertEquals(full, it.cashout_payto_uri)
         }
+
+        // Check input restrictions
+        obj {
+            "username" to "username"
+            "password" to "password"
+            "name" to "Name"
+        }.let { req ->
+            client.post("/accounts") {
+                json(req) { "username" to "bad/username" }
+            }.assertBadRequest()
+            client.post("/accounts") {
+                json(req) { "username" to " spaces " }
+            }.assertBadRequest()
+            client.post("/accounts") {
+                json(req) {
+                    "contact_data" to obj {
+                        "phone" to " +456"
+                    }
+                }
+            }.assertBadRequest()
+            client.post("/accounts") {
+                json(req) {
+                    "contact_data" to obj {
+                        "phone" to " test@mail.com"
+                    }
+                }
+            }.assertBadRequest()
+        }
     }
 
     // Test account created with bonus