Browse Source

A bit more restrictive for allowed names

webdeploy
meskio 3 years ago
parent
commit
9c67c60c5a
Signed by: meskio
GPG Key ID: 52B8F5AC97A2DA86
  1. 24
      server/add_user.go
  2. 27
      server/add_user_test.go

24
server/add_user.go

@ -6,14 +6,17 @@ import (
"fmt"
"log"
"net/http"
"regexp"
"git.sindominio.net/sindominio/lowry/ldap"
"github.com/gorilla/mux"
)
func getReservedNames() map[string]bool {
var (
validName = regexp.MustCompile(`^[a-z0-9][a-z0-9_\-]*$`)
// See https://ldpreload.com/blog/names-to-reserve
return map[string]bool{
reservedNames = map[string]bool{
"abuse": true,
"admin": true,
"administrator": true,
@ -59,7 +62,7 @@ func getReservedNames() map[string]bool {
"wpad": true,
".well-known": true,
}
}
)
func (s *server) listInvitesHandler(w http.ResponseWriter, r *http.Request) {
response := s.newResponse("invites", w, r)
@ -155,8 +158,8 @@ func (s *server) addUserHandler(w http.ResponseWriter, r *http.Request) {
return
}
if getReservedNames()[name] {
log.Println("Can't create user ", name, ": name is reserved")
if !validUserName(name) {
log.Println("Can't create user ", name, ": invalid name")
response.execute("exists")
return
}
@ -210,3 +213,14 @@ func (s *server) addUserHandler(w http.ResponseWriter, r *http.Request) {
response = s.newResponse("adduser_success", w, r)
response.execute("name")
}
func validUserName(name string) bool {
if len(name) < 3 {
return false
}
if reservedNames[name] {
return false
}
return validName.MatchString(name)
}

27
server/add_user_test.go

@ -0,0 +1,27 @@
package server
import (
"testing"
)
func TestValidUserName(t *testing.T) {
if validUserName("a") {
t.Errorf("Got valid user for single char user")
}
if validUserName("bo") {
t.Errorf("Got valid user for less than 3 char user")
}
if validUserName("-aaksjkj") {
t.Errorf("Got valid user for a user that starts with '-'")
}
if validUserName("_zoz") {
t.Errorf("Got valid user for a user that starts with '_'")
}
if validUserName("76aa+o") {
t.Errorf("Got valid user for a user that contains '+'")
}
if !validUserName("name") {
t.Errorf("Got invalid user for a good name")
}
}
Loading…
Cancel
Save