Added '@' as a illegal character for usernames

ref #93
2021-01-13 17:51:42 +01:00 · 2021-01-13 17:51:42 +01:00 · 37fc167002
parent 9feeb302e8
commit 37fc167002
4 changed files with 23 additions and 6 deletions
--- a/src/controllers/UserController.ts
+++ b/src/controllers/UserController.ts
@ -1,7 +1,7 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { UserIdsNotMatchingError, UserNotFoundError } from '../errors/UserErrors';
+import { UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
 import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
 import { CreateUser } from '../models/actions/create/CreateUser';
 import { UpdateUser } from '../models/actions/update/UpdateUser';
@ -51,7 +51,8 @@ export class UserController {
 	@Post()
 	@Authorized("USER:CREATE")
 	@ResponseSchema(ResponseUser)
-	@ResponseSchema(UserGroupNotFoundError)
+	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
+	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
 	@OpenAPI({ description: 'Create a new user. <br> If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
 	async post(@Body({ validate: true }) createUser: CreateUser) {
 		let user;
@ -70,6 +71,7 @@ export class UserController {
 	@ResponseSchema(ResponseUser)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
+	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the user whose id you provided. <br> To change the permissions directly granted to the user please use /api/permissions instead. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: id });
--- a/src/errors/UserErrors.ts
+++ b/src/errors/UserErrors.ts
@ -14,6 +14,18 @@ export class UsernameOrEmailNeededError extends NotFoundError {
 	message = "No username or email is set!"
 }

+/**
+ * Error to throw when no username contains illegal characters.
+ * Right now the only one is "@" but this could change in the future.
+ */
+export class UsernameContainsIllegalCharacterError extends NotAcceptableError {
+	@IsString()
+	name = "UsernameContainsIllegalCharacterError"
+
+	@IsString()
+	message = "The provided username contains illegal characters! \n Right now the following characters are considered illegal: '@'"
+}
+
 /**
 * Error to throw when no email is set.
 * We somehow need to identify you :)
--- a/src/models/actions/create/CreateUser.ts
+++ b/src/models/actions/create/CreateUser.ts
@ -3,7 +3,7 @@ import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, Is
 import { getConnectionManager } from 'typeorm';
 import * as uuid from 'uuid';
 import { config } from '../../../config';
-import { UserEmailNeededError } from '../../../errors/UserErrors';
+import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
 import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
 import { User } from '../../entities/User';
 import { UserGroup } from '../../entities/UserGroup';
@ -94,6 +94,7 @@ export class CreateUser {
        if (!this.email) {
            throw new UserEmailNeededError();
        }
+        if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }

        newUser.email = this.email
        newUser.username = this.username
--- a/src/models/actions/update/UpdateUser.ts
+++ b/src/models/actions/update/UpdateUser.ts
@ -2,7 +2,7 @@ import * as argon2 from "argon2";
 import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { config } from '../../../config';
-import { UserEmailNeededError } from '../../../errors/UserErrors';
+import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
 import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
 import { User } from '../../entities/User';
 import { UserGroup } from '../../entities/UserGroup';
@ -101,13 +101,15 @@ export class UpdateUser {
        if (!this.email) {
            throw new UserEmailNeededError();
        }
-        user.email = this.email;
-        user.username = this.username;
+        if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+
        if (this.password) {
            user.password = await argon2.hash(this.password + user.uuid);
            user.refreshTokenCount = user.refreshTokenCount + 1;
        }

+        user.email = this.email;
+        user.username = this.username;
        user.enabled = this.enabled;
        user.firstname = this.firstname
        user.middlename = this.middlename