]> Untitled Git - lemmy.git/commitdiff
Don't allow preferred usernames to start with @. Fixes #1058 (#1076)
authorDessalines <dessalines@users.noreply.github.com>
Wed, 12 Aug 2020 11:13:44 +0000 (07:13 -0400)
committerGitHub <noreply@github.com>
Wed, 12 Aug 2020 11:13:44 +0000 (11:13 +0000)
* Don't allow preferred usernames to start with @. Fixes #1058

* Trim the preferred username.

server/lemmy_utils/src/lib.rs
server/src/api/user.rs
ui/src/components/user-details.tsx
ui/src/components/user.tsx

index fc50e199b7d2c18a8b960f423d13f1112dd580c0..1a89beaa7d633c3445e0117a5e0f19c7439b4e88 100644 (file)
@@ -162,6 +162,11 @@ pub fn is_valid_username(name: &str) -> bool {
   VALID_USERNAME_REGEX.is_match(name)
 }
 
+// Can't do a regex here, reverse lookarounds not supported
+pub fn is_valid_preferred_username(preferred_username: &str) -> bool {
+  !preferred_username.starts_with("@") && preferred_username.len() >=3 && preferred_username.len() <= 20
+}
+
 pub fn is_valid_community_name(name: &str) -> bool {
   VALID_COMMUNITY_NAME_REGEX.is_match(name)
 }
@@ -176,6 +181,7 @@ mod tests {
     is_valid_community_name,
     is_valid_post_title,
     is_valid_username,
+    is_valid_preferred_username,
     remove_slurs,
     scrape_text_for_mentions,
     slur_check,
@@ -201,6 +207,12 @@ mod tests {
     assert!(!is_valid_username(""));
   }
 
+  #[test]
+  fn test_valid_preferred_username() {
+    assert!(is_valid_preferred_username("hello @there"));
+    assert!(!is_valid_preferred_username("@hello there"));
+  }
+
   #[test]
   fn test_valid_community_name() {
     assert!(is_valid_community_name("example"));
index 2d5895170d9d2fd46165bd3b05ae5294680fa3e2..83d8470cd453ee98987a7cf58b0f01f2d8812603 100644 (file)
@@ -51,6 +51,7 @@ use lemmy_db::{
 use lemmy_utils::{
   generate_actor_keypair,
   generate_random_string,
+  is_valid_preferred_username,
   is_valid_username,
   make_apub_endpoint,
   naive_from_unix,
@@ -576,7 +577,12 @@ impl Perform for Oper<SaveUserSettings> {
 
     // The DB constraint should stop too many characters
     let preferred_username = match &data.preferred_username {
-      Some(preferred_username) => Some(preferred_username.to_owned()),
+      Some(preferred_username) => {
+        if !is_valid_preferred_username(preferred_username.trim()) {
+          return Err(APIError::err("invalid_username").into());
+        }
+        Some(preferred_username.trim().to_string())
+      }
       None => read_user.preferred_username,
     };
 
index 5e9a58d225558e70f47de780214d287de56e3c12..b3ce294f32651e1a1276f951c5104c7178e354ac 100644 (file)
@@ -79,6 +79,7 @@ export class UserDetails extends Component<UserDetailsProps, UserDetailsState> {
 
   componentDidMount() {
     this.fetchUserData();
+    setupTippy();
   }
 
   componentDidUpdate(lastProps: UserDetailsProps) {
@@ -88,7 +89,6 @@ export class UserDetails extends Component<UserDetailsProps, UserDetailsState> {
         break;
       }
     }
-    setupTippy();
   }
 
   fetchUserData() {
index d7db0ae2a72ce4e619fbcd5b6a70ad3e312a10d0..13cc90acae15fc7095981d92e44df2a48186f318 100644 (file)
@@ -180,6 +180,7 @@ export class User extends Component<any, UserState> {
       );
 
     WebSocketService.Instance.getSite();
+    setupTippy();
   }
 
   get isCurrentUser() {
@@ -226,7 +227,6 @@ export class User extends Component<any, UserState> {
       // Couldnt get a refresh working. This does for now.
       location.reload();
     }
-    setupTippy();
   }
 
   get documentTitle(): string {
@@ -565,6 +565,7 @@ export class User extends Component<any, UserState> {
                       this,
                       this.handleUserSettingsPreferredUsernameChange
                     )}
+                    pattern="^(?!@)(.+)$"
                     minLength={3}
                     maxLength={20}
                   />