import java.util.List;
import java.util.Objects;
import java.util.function.Consumer;
+import java.util.regex.Pattern;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import javax.inject.Inject;
private static final String PASSWORD_PARAM = "Password";
private static final String NAME_PARAM = "Name";
private static final String EMAIL_PARAM = "Email";
+ private static final Pattern START_WITH_SPECIFIC_AUTHORIZED_CHARACTERS = Pattern.compile("^[\\.\\-_@].*$");
+ private static final Pattern CONTAINS_ONLY_AUTHORIZED_CHARACTERS = Pattern.compile("\\A\\w[\\w\\.\\-_@]+\\z");
public static final int LOGIN_MIN_LENGTH = 2;
public static final int LOGIN_MAX_LENGTH = 255;
private static boolean validateLoginFormat(@Nullable String login, List<String> messages) {
boolean isValid = checkNotEmptyParam(login, LOGIN_PARAM, messages);
- if (!isNullOrEmpty(login)) {
+ if (isValid) {
if (login.length() < LOGIN_MIN_LENGTH) {
messages.add(format(Validation.IS_TOO_SHORT_MESSAGE, LOGIN_PARAM, LOGIN_MIN_LENGTH));
return false;
} else if (login.length() > LOGIN_MAX_LENGTH) {
messages.add(format(Validation.IS_TOO_LONG_MESSAGE, LOGIN_PARAM, LOGIN_MAX_LENGTH));
return false;
- } else if (!login.matches("\\A\\w[\\w\\.\\-_@]+\\z")) {
- messages.add("Use only letters, numbers, and .-_@ please.");
+ } else if (START_WITH_SPECIFIC_AUTHORIZED_CHARACTERS.matcher(login).matches()){
+ messages.add("Login should not start with .-_@");
+ return false;
+ } else if (!CONTAINS_ONLY_AUTHORIZED_CHARACTERS.matcher(login).matches()) {
+ messages.add("Login should contain only letters, numbers, and .-_@");
return false;
}
}
.setPassword("PASSWORD")
.setScmAccounts(ImmutableList.of("u1", "u_1", "User 1"))
.build(), u -> {
- });
+ });
assertThat(dto.getUuid()).isNotNull();
assertThat(dto.getLogin()).isEqualTo("user");
.setLogin("us")
.setName("User")
.build(), u -> {
- });
+ });
UserDto dto = dbClient.userDao().selectByLogin(session, "us");
assertThat(dto.getUuid()).isNotNull();
UserDto user = underTest.createAndCommit(db.getSession(), NewUser.builder()
.setName("John Doe")
.build(), u -> {
- });
+ });
UserDto dto = dbClient.userDao().selectByLogin(session, user.getLogin());
assertThat(dto.getLogin()).startsWith("john-doe");
.setLogin("")
.setName("John Doe")
.build(), u -> {
- });
+ });
UserDto dto = dbClient.userDao().selectByLogin(session, user.getLogin());
assertThat(dto.getLogin()).startsWith("john-doe");
.setName("User")
.setPassword("password")
.build(), u -> {
- });
+ });
UserDto dto = dbClient.userDao().selectByLogin(session, "user");
assertThat(dto.getExternalLogin()).isEqualTo("user");
.setName("User")
.setExternalIdentity(new ExternalIdentity("github", "github-user", "ABCD"))
.build(), u -> {
- });
+ });
UserDto dto = dbClient.userDao().selectByLogin(session, "user");
assertThat(dto.isLocal()).isFalse();
.setName("User")
.setExternalIdentity(new ExternalIdentity(SQ_AUTHORITY, "user", "user"))
.build(), u -> {
- });
+ });
UserDto dto = dbClient.userDao().selectByLogin(session, "user");
assertThat(dto.isLocal()).isFalse();
.setPassword("password")
.setScmAccounts(asList("u1", "", null))
.build(), u -> {
- });
+ });
assertThat(dbClient.userDao().selectByLogin(session, "user").getScmAccountsAsList()).containsOnly("u1");
}
.setPassword("password")
.setScmAccounts(asList(""))
.build(), u -> {
- });
+ });
assertThat(dbClient.userDao().selectByLogin(session, "user").getScmAccounts()).isNull();
}
.setPassword("password")
.setScmAccounts(asList("u1", "u1"))
.build(), u -> {
- });
+ });
assertThat(dbClient.userDao().selectByLogin(session, "user").getScmAccountsAsList()).containsOnly("u1");
}
.setEmail("user@mail.com")
.setPassword("PASSWORD")
.build(), u -> {
- }, otherUser);
+ }, otherUser);
assertThat(es.getIds(UserIndexDefinition.TYPE_USER)).containsExactlyInAnyOrder(created.getUuid(), otherUser.getUuid());
}
});
})
.isInstanceOf(BadRequestException.class)
- .hasMessage("Use only letters, numbers, and .-_@ please.");
+ .hasMessage("Login should contain only letters, numbers, and .-_@");
}
@Test
});
})
.isInstanceOf(BadRequestException.class)
- .hasMessage("Use only letters, numbers, and .-_@ please.");
+ .hasMessage("Login should contain only letters, numbers, and .-_@");
}
@Test
.hasMessage("Login is too short (minimum is 2 characters)");
}
+
+ @Test
+ public void fail_to_create_user_login_start_with_underscore() {
+ assertThatThrownBy(() -> {
+ underTest.createAndCommit(db.getSession(), NewUser.builder()
+ .setLogin("_marbalous")
+ .setName("Marius")
+ .setEmail("marius@mail.com")
+ .setPassword("password")
+ .build(), u -> {
+ });
+ })
+ .isInstanceOf(BadRequestException.class)
+ .hasMessage("Login should not start with .-_@");
+ }
+
+
@Test
public void fail_to_create_user_with_too_long_login() {
assertThatThrownBy(() -> {
.setEmail("marius@mail.com")
.setPassword("")
.build(), u -> {
- });
+ });
fail();
} catch (BadRequestException e) {
assertThat(e.errors()).containsExactlyInAnyOrder("Name can't be empty", "Password can't be empty");
.setPassword("password")
.setScmAccounts(asList("u1", "u_1"))
.build(), u -> {
- });
+ });
verify(newUserNotifier).onNewUser(newUserHandler.capture());
assertThat(newUserHandler.getValue().getLogin()).isEqualTo("user");
.setEmail("user@mail.com")
.setPassword("password")
.build(), u -> {
- });
+ });
Multimap<String, String> groups = dbClient.groupMembershipDao().selectGroupsByLogins(session, singletonList("user"));
assertThat(groups.get("user")).containsOnly(defaultGroup.getName());
assertThatThrownBy(() -> underTest.updateAndCommit(session, user, updateUser, EMPTY_USER_CONSUMER))
.isInstanceOf(BadRequestException.class)
- .hasMessage("Use only letters, numbers, and .-_@ please.");
+ .hasMessage("Login should contain only letters, numbers, and .-_@");
+ }
+
+ @Test
+ public void fail_to_update_login_when_login_start_with_unauthorized_characters() {
+ UserDto user = db.users().insertUser();
+ createDefaultGroup();
+
+ UpdateUser updateUser = new UpdateUser().setLogin("_StartWithUnderscore");
+
+ assertThatThrownBy(() -> underTest.updateAndCommit(session, user, updateUser, EMPTY_USER_CONSUMER))
+ .isInstanceOf(BadRequestException.class)
+ .hasMessage("Login should not start with .-_@");
}
@Test
projects / sonarqube.git / commitdiff