From a413fc1cb84e3d3696a80693a1d0dd37758356f0 Mon Sep 17 00:00:00 2001 From: Dan Goodliffe Date: Tue, 1 Mar 2022 01:32:44 +0000 Subject: Simple sanity checks on sign up data --- gentoobrowse-api/api/users.ice | 2 +- gentoobrowse-api/domain/user-models.ice | 1 + gentoobrowse-api/service/usersimpl.cpp | 15 ++++++++++++ gentoobrowse-api/unittests/testUsers.cpp | 40 ++++++++++++++++++++++++++++++++ 4 files changed, 57 insertions(+), 1 deletion(-) diff --git a/gentoobrowse-api/api/users.ice b/gentoobrowse-api/api/users.ice index f6a444e..cde2ae0 100644 --- a/gentoobrowse-api/api/users.ice +++ b/gentoobrowse-api/api/users.ice @@ -14,7 +14,7 @@ module Gentoo { User get(int id) throws Slicer::NoRowsReturned; NewUser getNew(stringview username, stringview password) throws Slicer::NoRowsReturned; User find(stringview username) throws Slicer::NoRowsReturned; - NewUser create(stringview username, stringview password, stringview realname, stringview email) throws DuplicateDetails; + NewUser create(stringview username, stringview password, stringview realname, stringview email) throws DuplicateDetails, Rejected; void mailshotsent(int id); void remove(int id, stringview password) throws Slicer::NoRowsReturned; void prune(); diff --git a/gentoobrowse-api/domain/user-models.ice b/gentoobrowse-api/domain/user-models.ice index 7e2d4f2..0cc00a1 100644 --- a/gentoobrowse-api/domain/user-models.ice +++ b/gentoobrowse-api/domain/user-models.ice @@ -20,6 +20,7 @@ module Gentoo { exception InvalidCredentials { }; exception DuplicateDetails { }; + exception Rejected { }; }; #endif diff --git a/gentoobrowse-api/service/usersimpl.cpp b/gentoobrowse-api/service/usersimpl.cpp index 082f802..76d1eea 100644 --- a/gentoobrowse-api/service/usersimpl.cpp +++ b/gentoobrowse-api/service/usersimpl.cpp @@ -13,6 +13,7 @@ #include #include #include +#include #include // IWYU pragma: keep #include #include @@ -77,9 +78,23 @@ namespace Gentoo::Service { Users::create(const std::string_view username, const std::string_view password, const std::string_view realname, const std::string_view email, const Ice::Current &) { + static const std::regex invalid {".*://.*"}; + static const std::regex validUsername {".+"}; + static const std::regex validRealname {".+"}; + static const std::regex validEmail {"[^ ]+@[^ ]+(\\.[^ ]+)+"}; + auto notifications = IceTray::Cube::get(); auto mailServer = IceTray::Cube::get(); + const auto check = [](const auto in, const auto & valid, const auto & invalid) { + if (!std::regex_match(in.begin(), in.end(), valid) || std::regex_match(in.begin(), in.end(), invalid)) { + throw Rejected {}; + } + }; + check(username, validUsername, invalid); + check(realname, validRealname, invalid); + check(email, validEmail, invalid); + auto dbc = db->get(); DB::TransactionScope tx(*dbc.get()); diff --git a/gentoobrowse-api/unittests/testUsers.cpp b/gentoobrowse-api/unittests/testUsers.cpp index 4af063b..6d1ce02 100644 --- a/gentoobrowse-api/unittests/testUsers.cpp +++ b/gentoobrowse-api/unittests/testUsers.cpp @@ -1,10 +1,12 @@ #define BOOST_TEST_MODULE TestUsers +#include #include #include "mockDefs.h" #include "user-models.h" #include "users.h" #include +#include #include #include #include @@ -71,6 +73,44 @@ BOOST_AUTO_TEST_CASE(create) BOOST_REQUIRE_EQUAL(36, user->verifyguid.length()); } +auto genUsername = [n = 0]() mutable { + return AdHoc::scprintf<"genUsername%?">(n++); +}; +auto genEmail = [n = 0]() mutable { + return AdHoc::scprintf<"email%?@test.com">(n++); +}; + +const auto EMPTY = boost::unit_test::data::make({""}); +const auto URLS = boost::unit_test::data::make( + {"before https://something", "before https://something after", "https://something after", "http://something"}); +const auto EMAILS = boost::unit_test::data::make({"something@something.com"}); +const auto BAD_EMAILS = boost::unit_test::data::make( + {"@something.com", "something@", "something", "some thing@something.com", "something@some thing.com"}); + +BOOST_DATA_TEST_CASE(create_reject_username, EMPTY + URLS, username) +{ + auto ms = std::dynamic_pointer_cast(IceTray::Cube::get()); + BOOST_CHECK_THROW(u->create(username, "testpass", "Test User", genEmail()), Gentoo::Rejected); + BOOST_REQUIRE(ms); + BOOST_CHECK(ms->getSentEmails().empty()); +} + +BOOST_DATA_TEST_CASE(create_reject_realname, EMPTY + URLS, realname) +{ + auto ms = std::dynamic_pointer_cast(IceTray::Cube::get()); + BOOST_CHECK_THROW(u->create(genUsername(), "testpass", realname, genEmail()), Gentoo::Rejected); + BOOST_REQUIRE(ms); + BOOST_CHECK(ms->getSentEmails().empty()); +} + +BOOST_DATA_TEST_CASE(create_reject_email, EMPTY + URLS + BAD_EMAILS, email) +{ + auto ms = std::dynamic_pointer_cast(IceTray::Cube::get()); + BOOST_CHECK_THROW(u->create(genUsername(), "testpass", "Test User", email), Gentoo::Rejected); + BOOST_REQUIRE(ms); + BOOST_CHECK(ms->getSentEmails().empty()); +} + BOOST_AUTO_TEST_CASE(get) { auto user = u->get(1); -- cgit v1.2.3