From: Dessalines Date: Wed, 12 Aug 2020 11:13:44 +0000 (-0400) Subject: Don't allow preferred usernames to start with @. Fixes #1058 (#1076) X-Git-Url: http://these/git/%7B%60%24%7BwebArchiveUrl%7D/%22%7B%7D/%24%7B%60data:application/%22https:/hacktivis.me/README.zh.hant.md?a=commitdiff_plain;h=d28e5245d2ae1e496993ef902e8dde7eb8c6ef70;p=lemmy.git Don't allow preferred usernames to start with @. Fixes #1058 (#1076) * Don't allow preferred usernames to start with @. Fixes #1058 * Trim the preferred username. --- diff --git a/server/lemmy_utils/src/lib.rs b/server/lemmy_utils/src/lib.rs index fc50e199..1a89beaa 100644 --- a/server/lemmy_utils/src/lib.rs +++ b/server/lemmy_utils/src/lib.rs @@ -162,6 +162,11 @@ pub fn is_valid_username(name: &str) -> bool { VALID_USERNAME_REGEX.is_match(name) } +// Can't do a regex here, reverse lookarounds not supported +pub fn is_valid_preferred_username(preferred_username: &str) -> bool { + !preferred_username.starts_with("@") && preferred_username.len() >=3 && preferred_username.len() <= 20 +} + pub fn is_valid_community_name(name: &str) -> bool { VALID_COMMUNITY_NAME_REGEX.is_match(name) } @@ -176,6 +181,7 @@ mod tests { is_valid_community_name, is_valid_post_title, is_valid_username, + is_valid_preferred_username, remove_slurs, scrape_text_for_mentions, slur_check, @@ -201,6 +207,12 @@ mod tests { assert!(!is_valid_username("")); } + #[test] + fn test_valid_preferred_username() { + assert!(is_valid_preferred_username("hello @there")); + assert!(!is_valid_preferred_username("@hello there")); + } + #[test] fn test_valid_community_name() { assert!(is_valid_community_name("example")); diff --git a/server/src/api/user.rs b/server/src/api/user.rs index 2d589517..83d8470c 100644 --- a/server/src/api/user.rs +++ b/server/src/api/user.rs @@ -51,6 +51,7 @@ use lemmy_db::{ use lemmy_utils::{ generate_actor_keypair, generate_random_string, + is_valid_preferred_username, is_valid_username, make_apub_endpoint, naive_from_unix, @@ -576,7 +577,12 @@ impl Perform for Oper { // The DB constraint should stop too many characters let preferred_username = match &data.preferred_username { - Some(preferred_username) => Some(preferred_username.to_owned()), + Some(preferred_username) => { + if !is_valid_preferred_username(preferred_username.trim()) { + return Err(APIError::err("invalid_username").into()); + } + Some(preferred_username.trim().to_string()) + } None => read_user.preferred_username, }; diff --git a/ui/src/components/user-details.tsx b/ui/src/components/user-details.tsx index 5e9a58d2..b3ce294f 100644 --- a/ui/src/components/user-details.tsx +++ b/ui/src/components/user-details.tsx @@ -79,6 +79,7 @@ export class UserDetails extends Component { componentDidMount() { this.fetchUserData(); + setupTippy(); } componentDidUpdate(lastProps: UserDetailsProps) { @@ -88,7 +89,6 @@ export class UserDetails extends Component { break; } } - setupTippy(); } fetchUserData() { diff --git a/ui/src/components/user.tsx b/ui/src/components/user.tsx index d7db0ae2..13cc90ac 100644 --- a/ui/src/components/user.tsx +++ b/ui/src/components/user.tsx @@ -180,6 +180,7 @@ export class User extends Component { ); WebSocketService.Instance.getSite(); + setupTippy(); } get isCurrentUser() { @@ -226,7 +227,6 @@ export class User extends Component { // Couldnt get a refresh working. This does for now. location.reload(); } - setupTippy(); } get documentTitle(): string { @@ -565,6 +565,7 @@ export class User extends Component { this, this.handleUserSettingsPreferredUsernameChange )} + pattern="^(?!@)(.+)$" minLength={3} maxLength={20} />