diff options
author | wxiaoguang <wxiaoguang@gmail.com> | 2022-11-04 17:04:08 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-04 17:04:08 +0800 |
commit | 2900dc90a792204a02f4a249399f221d3f9b9c52 (patch) | |
tree | 84758fc47a0b8a76bd56c061b72eb0d869e9b1c3 /tests | |
parent | 4c6b4a67d9cc5c10c5f40a2420ffc96a6bd9517a (diff) | |
download | gitea-2900dc90a792204a02f4a249399f221d3f9b9c52.tar.gz gitea-2900dc90a792204a02f4a249399f221d3f9b9c52.zip |
Improve valid user name check (#20136)
Close https://github.com/go-gitea/gitea/issues/21640
Before: Gitea can create users like ".xxx" or "x..y", which is not
ideal, it's already a consensus that dot filenames have special
meanings, and `a..b` is a confusing name when doing cross repo compare.
After: stricter
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/integration/user_test.go | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go index 110f5c89bf..017700ad40 100644 --- a/tests/integration/user_test.go +++ b/tests/integration/user_test.go @@ -53,6 +53,22 @@ func TestRenameInvalidUsername(t *testing.T) { "%00", "thisHas ASpace", "p<A>tho>lo<gical", + ".", + "..", + ".well-known", + ".abc", + "abc.", + "a..bc", + "a...bc", + "a.-bc", + "a._bc", + "a_-bc", + "a/bc", + "☁️", + "-", + "--diff", + "-im-here", + "a space", } session := loginUser(t, "user2") @@ -68,7 +84,7 @@ func TestRenameInvalidUsername(t *testing.T) { htmlDoc := NewHTMLParser(t, resp.Body) assert.Contains(t, htmlDoc.doc.Find(".ui.negative.message").Text(), - translation.NewLocale("en-US").Tr("form.alpha_dash_dot_error"), + translation.NewLocale("en-US").Tr("form.username_error"), ) unittest.AssertNotExistsBean(t, &user_model.User{Name: invalidUsername}) @@ -79,9 +95,7 @@ func TestRenameReservedUsername(t *testing.T) { defer tests.PrepareTestEnv(t)() reservedUsernames := []string{ - ".", - "..", - ".well-known", + // ".", "..", ".well-known", // The names are not only reserved but also invalid "admin", "api", "assets", |