summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEthan Koenig <etk39@cornell.edu>2017-07-01 15:48:29 -0400
committerLauris BH <lauris@nix.lv>2017-07-01 22:48:29 +0300
commitfea902adc8a6e94646e621a974258417f3d68914 (patch)
treee547d9c9778c9e4514e6836bc835d36ac64e7448
parent678fec3f6a51beee4f9c7580e51a99170ba24568 (diff)
downloadgitea-fea902adc8a6e94646e621a974258417f3d68914.tar.gz
gitea-fea902adc8a6e94646e621a974258417f3d68914.zip
Check for valid renamed usernames (#2077)
* Check for valid renamed usernames * Integration test * Test for username with space * Make name field required
-rw-r--r--integrations/user_test.go99
-rw-r--r--modules/auth/user_form.go2
2 files changed, 100 insertions, 1 deletions
diff --git a/integrations/user_test.go b/integrations/user_test.go
index d3f7ca1b53..4b7d81cfb5 100644
--- a/integrations/user_test.go
+++ b/integrations/user_test.go
@@ -8,6 +8,9 @@ import (
"net/http"
"testing"
+ "code.gitea.io/gitea/models"
+
+ "github.com/Unknwon/i18n"
"github.com/stretchr/testify/assert"
)
@@ -18,3 +21,99 @@ func TestViewUser(t *testing.T) {
resp := MakeRequest(req)
assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
}
+
+func TestRenameUsername(t *testing.T) {
+ prepareTestEnv(t)
+
+ session := loginUser(t, "user2")
+
+ req := NewRequest(t, "GET", "/user/settings")
+ resp := session.MakeRequest(t, req)
+ assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
+
+ htmlDoc := NewHTMLParser(t, resp.Body)
+ req = NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
+ "_csrf": htmlDoc.GetCSRF(),
+ "name": "newUsername",
+ "email": "user2@example.com",
+ })
+ resp = session.MakeRequest(t, req)
+ assert.EqualValues(t, http.StatusFound, resp.HeaderCode)
+
+ models.AssertExistsAndLoadBean(t, &models.User{Name: "newUsername"})
+ models.AssertNotExistsBean(t, &models.User{Name: "user2"})
+}
+
+func TestRenameInvalidUsername(t *testing.T) {
+ prepareTestEnv(t)
+
+ invalidUsernames := []string{
+ "%2f*",
+ "%2f.",
+ "%2f..",
+ "%00",
+ "thisHas ASpace",
+ }
+
+ session := loginUser(t, "user2")
+ for _, invalidUsername := range invalidUsernames {
+ t.Logf("Testing username %s", invalidUsername)
+ req := NewRequest(t, "GET", "/user/settings")
+ resp := session.MakeRequest(t, req)
+ assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
+
+ htmlDoc := NewHTMLParser(t, resp.Body)
+ req = NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
+ "_csrf": htmlDoc.GetCSRF(),
+ "name": invalidUsername,
+ "email": "user2@example.com",
+ })
+ resp = session.MakeRequest(t, req)
+ assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
+ htmlDoc = NewHTMLParser(t, resp.Body)
+ assert.Contains(t,
+ htmlDoc.doc.Find(".ui.negative.message").Text(),
+ i18n.Tr("en", "form.alpha_dash_dot_error"),
+ )
+
+ models.AssertNotExistsBean(t, &models.User{Name: invalidUsername})
+ }
+}
+
+func TestRenameReservedUsername(t *testing.T) {
+ prepareTestEnv(t)
+
+ reservedUsernames := []string{
+ "help",
+ "user",
+ "template",
+ }
+
+ session := loginUser(t, "user2")
+ for _, reservedUsername := range reservedUsernames {
+ t.Logf("Testing username %s", reservedUsername)
+ req := NewRequest(t, "GET", "/user/settings")
+ resp := session.MakeRequest(t, req)
+ assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
+
+ htmlDoc := NewHTMLParser(t, resp.Body)
+ req = NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
+ "_csrf": htmlDoc.GetCSRF(),
+ "name": reservedUsername,
+ "email": "user2@example.com",
+ })
+ resp = session.MakeRequest(t, req)
+ assert.EqualValues(t, http.StatusFound, resp.HeaderCode)
+
+ req = NewRequest(t, "GET", "/user/settings")
+ resp = session.MakeRequest(t, req)
+ assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
+ htmlDoc = NewHTMLParser(t, resp.Body)
+ assert.Contains(t,
+ htmlDoc.doc.Find(".ui.negative.message").Text(),
+ i18n.Tr("en", "user.newName_reserved"),
+ )
+
+ models.AssertNotExistsBean(t, &models.User{Name: reservedUsername})
+ }
+}
diff --git a/modules/auth/user_form.go b/modules/auth/user_form.go
index f4234b04a9..3c8ebf725b 100644
--- a/modules/auth/user_form.go
+++ b/modules/auth/user_form.go
@@ -100,7 +100,7 @@ func (f *SignInForm) Validate(ctx *macaron.Context, errs binding.Errors) binding
// UpdateProfileForm form for updating profile
type UpdateProfileForm struct {
- Name string `binding:"OmitEmpty;MaxSize(35)"`
+ Name string `binding:"Required;AlphaDashDot;MaxSize(35)"`
FullName string `binding:"MaxSize(100)"`
Email string `binding:"Required;Email;MaxSize(254)"`
KeepEmailPrivate bool