bugfix/username-validation-fixes #72

Merged
bence merged 3 commits from bugfix/username-validation-fixes into develop 2023-09-25 21:21:48 +02:00
3 changed files with 24 additions and 4 deletions

View File

@ -89,6 +89,9 @@ var MapGuesser = {
formError.style.display = 'block'; formError.style.display = 'block';
formError.innerHTML = this.response.error.errorText; formError.innerHTML = this.response.error.errorText;
if (typeof grecaptcha !== 'undefined') {
grecaptcha.reset();
}
return; return;
} }

View File

@ -364,11 +364,24 @@ class LoginController
$newUser->setPlainPassword(\Container::$request->post('password')); $newUser->setPlainPassword(\Container::$request->post('password'));
} }
if (strlen(\Container::$request->post('username')) > 0 && preg_match('/^[a-zA-Z0-9_\-\.]+$/', \Container::$request->post('username')) !== 1) { if (strlen(\Container::$request->post('username')) > 0) {
return new JsonContent(['error' => ['errorText' => 'Username can contain only english letters, digits, - (hyphen), . (dot), _ (underscore).']]); $username = \Container::$request->post('username');
if (preg_match('/^[a-zA-Z0-9_\-\.]+$/', $username) !== 1) {
return new JsonContent(['error' => ['errorText' => 'Username can contain only english letters, digits, - (hyphen), . (dot), _ (underscore).']]);
}
if ($this->userRepository->getByUsername($username) !== null) {
return new JsonContent(['error' => ['errorText' => 'The given username is already taken.']]);
}
} else {
$usernameGenerator = new UsernameGenerator();
do {
$username = $usernameGenerator->generate();
} while ($this->userRepository->getByUsername($username));
} }
$newUser->setUsername(strlen(\Container::$request->post('username')) > 0 ? \Container::$request->post('username') : (new UsernameGenerator())->generate()); $newUser->setUsername($username);
$newUser->setCreatedDate(new DateTime()); $newUser->setCreatedDate(new DateTime());
\Container::$persistentDataManager->saveToDb($newUser); \Container::$persistentDataManager->saveToDb($newUser);

View File

@ -290,7 +290,11 @@ class UserController implements IAuthenticationRequired
} }
$newUsername = \Container::$request->post('username'); $newUsername = \Container::$request->post('username');
if (strlen($newUsername) > 0 && $newUsername !== $user->getUsername()) { if ($newUsername !== $user->getUsername()) {
if (strlen($newUsername) == 0) {
return new JsonContent(['error' => ['errorText' => 'Username cannot be empty.']]);
}
if (preg_match('/^[a-zA-Z0-9_\-\.]+$/', $newUsername) !== 1) { if (preg_match('/^[a-zA-Z0-9_\-\.]+$/', $newUsername) !== 1) {
return new JsonContent(['error' => ['errorText' => 'Username can contain only english letters, digits, - (hyphen), . (dot), _ (underscore).']]); return new JsonContent(['error' => ['errorText' => 'Username can contain only english letters, digits, - (hyphen), . (dot), _ (underscore).']]);
} }