Validate the website field input to be a valid URL

author Joas Schilling <coding@schilljs.com>

Tue, 23 Mar 2021 13:52:04 +0000 (14:52 +0100)

committer backportbot[bot] <backportbot[bot]@users.noreply.github.com>

Mon, 26 Apr 2021 11:58:56 +0000 (11:58 +0000)
author Joas Schilling <coding@schilljs.com>
Tue, 23 Mar 2021 13:52:04 +0000 (14:52 +0100)
committer backportbot[bot] <backportbot[bot]@users.noreply.github.com>
Mon, 26 Apr 2021 11:58:56 +0000 (11:58 +0000)
diff --git a/apps/settings/lib/Controller/UsersController.php b/apps/settings/lib/Controller/UsersController.php

index c59c16666f26825b76925112a63cbc49d564f5ef..331ea49b8f42589b658960d2fec7f62e41b8b369 100644 (file)
--- a/apps/settings/lib/Controller/UsersController.php
+++ b/apps/settings/lib/Controller/UsersController.php
@@ -491,6 +491,9 @@ class UsersController extends Controller {
                         if ($e->getMessage() === IAccountManager::PROPERTY_PHONE) {
                                 throw new \InvalidArgumentException($this->l10n->t('Unable to set invalid phone number'));
                         }
+                       if ($e->getMessage() === IAccountManager::PROPERTY_WEBSITE) {
+                               throw new \InvalidArgumentException($this->l10n->t('Unable to set invalid website'));
+                       }
                         throw new \InvalidArgumentException($this->l10n->t('Some account data was invalid'));
                 }
         }
diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php

index ea8f99e021652410b35bf34db8e6555fe7617980..eff025e511e8688f8d600a52f9a4df937b7d02f9 100644 (file)
--- a/lib/private/Accounts/AccountManager.php
+++ b/lib/private/Accounts/AccountManager.php
@@ -120,6 +120,25 @@ class AccountManager implements IAccountManager {
                 throw new \InvalidArgumentException(self::PROPERTY_PHONE);
         }
  
+       /**
+        *
+        * @param string $input
+        * @return string
+        * @throws \InvalidArgumentException When the website did not have http(s) as protocol or the host name was empty
+        */
+       protected function parseWebsite(string $input): string {
+               $parts = parse_url($input);
+               if (!isset($parts['scheme']) || ($parts['scheme'] !== 'https' && $parts['scheme'] !== 'http')) {
+                       throw new \InvalidArgumentException(self::PROPERTY_WEBSITE);
+               }
+
+               if (!isset($parts['host']) || $parts['host'] === '') {
+                       throw new \InvalidArgumentException(self::PROPERTY_WEBSITE);
+               }
+
+               return $input;
+       }
+
         /**
          * update user record
          *
@@ -155,6 +174,17 @@ class AccountManager implements IAccountManager {
                         }
                 }
  
+               if (isset($data[self::PROPERTY_WEBSITE]) && $data[self::PROPERTY_WEBSITE]['value'] !== '') {
+                       try {
+                               $data[self::PROPERTY_WEBSITE]['value'] = $this->parseWebsite($data[self::PROPERTY_WEBSITE]['value']);
+                       } catch (\InvalidArgumentException $e) {
+                               if ($throwOnData) {
+                                       throw $e;
+                               }
+                               $data[self::PROPERTY_WEBSITE]['value'] = '';
+                       }
+               }
+
                 $allowedScopes = [
                         self::SCOPE_PRIVATE,
                         self::SCOPE_LOCAL,
diff --git a/tests/lib/Accounts/AccountManagerTest.php b/tests/lib/Accounts/AccountManagerTest.php

index 27ebed69793d4ad853a9e49df65f8a7a3dd81574..687ae29ff7bf9deed1e081623e8e6d0feb4ccf85 100644 (file)
--- a/tests/lib/Accounts/AccountManagerTest.php
+++ b/tests/lib/Accounts/AccountManagerTest.php
@@ -455,4 +455,30 @@ class AccountManagerTest extends TestCase {
                         self::assertEquals($phoneNumber, self::invokePrivate($instance, 'parsePhoneNumber', [$phoneInput]));
                 }
         }
+
+       public function dataParseWebsite(): array {
+               return [
+                       ['https://nextcloud.com', 'https://nextcloud.com'],
+                       ['http://nextcloud.com', 'http://nextcloud.com'],
+                       ['ftp://nextcloud.com', null],
+                       ['//nextcloud.com/', null],
+                       ['https:///?query', null],
+               ];
+       }
+
+       /**
+        * @dataProvider dataParseWebsite
+        * @param string $websiteInput
+        * @param string|null $websiteOutput
+        */
+       public function testParseWebsite(string $websiteInput, ?string $websiteOutput): void {
+               $instance = $this->getInstance();
+
+               if ($websiteOutput === null) {
+                       $this->expectException(\InvalidArgumentException::class);
+                       self::invokePrivate($instance, 'parseWebsite', [$websiteInput]);
+               } else {
+                       self::assertEquals($websiteOutput, self::invokePrivate($instance, 'parseWebsite', [$websiteInput]));
+               }
+       }
  }
author	Joas Schilling <coding@schilljs.com>
	Tue, 23 Mar 2021 13:52:04 +0000 (14:52 +0100)
committer	backportbot[bot] <backportbot[bot]@users.noreply.github.com>
	Mon, 26 Apr 2021 11:58:56 +0000 (11:58 +0000)
apps/settings/lib/Controller/UsersController.php		patch \| blob \| history
lib/private/Accounts/AccountManager.php		patch \| blob \| history
tests/lib/Accounts/AccountManagerTest.php		patch \| blob \| history