diff options
author | Ethan Koenig <etk39@cornell.edu> | 2017-07-01 15:48:29 -0400 |
---|---|---|
committer | Lauris BH <lauris@nix.lv> | 2017-07-01 22:48:29 +0300 |
commit | fea902adc8a6e94646e621a974258417f3d68914 (patch) | |
tree | e547d9c9778c9e4514e6836bc835d36ac64e7448 | |
parent | 678fec3f6a51beee4f9c7580e51a99170ba24568 (diff) | |
download | gitea-fea902adc8a6e94646e621a974258417f3d68914.tar.gz gitea-fea902adc8a6e94646e621a974258417f3d68914.zip |
Check for valid renamed usernames (#2077)
* Check for valid renamed usernames
* Integration test
* Test for username with space
* Make name field required
-rw-r--r-- | integrations/user_test.go | 99 | ||||
-rw-r--r-- | modules/auth/user_form.go | 2 |
2 files changed, 100 insertions, 1 deletions
diff --git a/integrations/user_test.go b/integrations/user_test.go index d3f7ca1b53..4b7d81cfb5 100644 --- a/integrations/user_test.go +++ b/integrations/user_test.go @@ -8,6 +8,9 @@ import ( "net/http" "testing" + "code.gitea.io/gitea/models" + + "github.com/Unknwon/i18n" "github.com/stretchr/testify/assert" ) @@ -18,3 +21,99 @@ func TestViewUser(t *testing.T) { resp := MakeRequest(req) assert.EqualValues(t, http.StatusOK, resp.HeaderCode) } + +func TestRenameUsername(t *testing.T) { + prepareTestEnv(t) + + session := loginUser(t, "user2") + + req := NewRequest(t, "GET", "/user/settings") + resp := session.MakeRequest(t, req) + assert.EqualValues(t, http.StatusOK, resp.HeaderCode) + + htmlDoc := NewHTMLParser(t, resp.Body) + req = NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ + "_csrf": htmlDoc.GetCSRF(), + "name": "newUsername", + "email": "user2@example.com", + }) + resp = session.MakeRequest(t, req) + assert.EqualValues(t, http.StatusFound, resp.HeaderCode) + + models.AssertExistsAndLoadBean(t, &models.User{Name: "newUsername"}) + models.AssertNotExistsBean(t, &models.User{Name: "user2"}) +} + +func TestRenameInvalidUsername(t *testing.T) { + prepareTestEnv(t) + + invalidUsernames := []string{ + "%2f*", + "%2f.", + "%2f..", + "%00", + "thisHas ASpace", + } + + session := loginUser(t, "user2") + for _, invalidUsername := range invalidUsernames { + t.Logf("Testing username %s", invalidUsername) + req := NewRequest(t, "GET", "/user/settings") + resp := session.MakeRequest(t, req) + assert.EqualValues(t, http.StatusOK, resp.HeaderCode) + + htmlDoc := NewHTMLParser(t, resp.Body) + req = NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ + "_csrf": htmlDoc.GetCSRF(), + "name": invalidUsername, + "email": "user2@example.com", + }) + resp = session.MakeRequest(t, req) + assert.EqualValues(t, http.StatusOK, resp.HeaderCode) + htmlDoc = NewHTMLParser(t, resp.Body) + assert.Contains(t, + htmlDoc.doc.Find(".ui.negative.message").Text(), + i18n.Tr("en", "form.alpha_dash_dot_error"), + ) + + models.AssertNotExistsBean(t, &models.User{Name: invalidUsername}) + } +} + +func TestRenameReservedUsername(t *testing.T) { + prepareTestEnv(t) + + reservedUsernames := []string{ + "help", + "user", + "template", + } + + session := loginUser(t, "user2") + for _, reservedUsername := range reservedUsernames { + t.Logf("Testing username %s", reservedUsername) + req := NewRequest(t, "GET", "/user/settings") + resp := session.MakeRequest(t, req) + assert.EqualValues(t, http.StatusOK, resp.HeaderCode) + + htmlDoc := NewHTMLParser(t, resp.Body) + req = NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ + "_csrf": htmlDoc.GetCSRF(), + "name": reservedUsername, + "email": "user2@example.com", + }) + resp = session.MakeRequest(t, req) + assert.EqualValues(t, http.StatusFound, resp.HeaderCode) + + req = NewRequest(t, "GET", "/user/settings") + resp = session.MakeRequest(t, req) + assert.EqualValues(t, http.StatusOK, resp.HeaderCode) + htmlDoc = NewHTMLParser(t, resp.Body) + assert.Contains(t, + htmlDoc.doc.Find(".ui.negative.message").Text(), + i18n.Tr("en", "user.newName_reserved"), + ) + + models.AssertNotExistsBean(t, &models.User{Name: reservedUsername}) + } +} diff --git a/modules/auth/user_form.go b/modules/auth/user_form.go index f4234b04a9..3c8ebf725b 100644 --- a/modules/auth/user_form.go +++ b/modules/auth/user_form.go @@ -100,7 +100,7 @@ func (f *SignInForm) Validate(ctx *macaron.Context, errs binding.Errors) binding // UpdateProfileForm form for updating profile type UpdateProfileForm struct { - Name string `binding:"OmitEmpty;MaxSize(35)"` + Name string `binding:"Required;AlphaDashDot;MaxSize(35)"` FullName string `binding:"MaxSize(100)"` Email string `binding:"Required;Email;MaxSize(254)"` KeepEmailPrivate bool |