Add username format check.

3 files changed, 42 insertions, 12 deletions

diff --git a/Timeline.Tests/UserUnitTest.cs b/Timeline.Tests/UserUnitTest.cs
index 1f72000c..2aa89fe3 100644
--- a/Timeline.Tests/UserUnitTest.cs
+++ b/Timeline.Tests/UserUnitTest.cs
@@ -79,6 +79,17 @@ namespace Timeline.Tests
                 }

 

                 {

+                    // Put Bad Username.

+                    var res = await client.PutAsJsonAsync("users/dsf fddf", new UserPutRequest

+                    {

+                        Password = password,

+                        Administrator = false

+                    });

+                    res.Should().HaveStatusCodeBadRequest()

+                        .And.Should().HaveBodyAsCommonResponseWithCode(UserController.ErrorCodes.Put_BadUsername);

+                }

+

+                {

                     // Put Created.

                     var res = await client.PutAsJsonAsync(url, new UserPutRequest

                     {

diff --git a/Timeline/Controllers/UserController.cs b/Timeline/Controllers/UserController.cs
index 6f2fe77f..d38f96e1 100644
--- a/Timeline/Controllers/UserController.cs
+++ b/Timeline/Controllers/UserController.cs
@@ -18,9 +18,11 @@ namespace Timeline.Controllers
         {

             public const int Get_NotExist = -1001;

 

-            public const int Patch_NotExist = -2001;

+            public const int Put_BadUsername = -2001;

 

-            public const int ChangePassword_BadOldPassword = -3001;

+            public const int Patch_NotExist = -3001;

+

+            public const int ChangePassword_BadOldPassword = -4001;

         }

 

         private readonly ILogger<UserController> _logger;

@@ -53,17 +55,25 @@ namespace Timeline.Controllers
         [HttpPut("users/{username}"), AdminAuthorize]

         public async Task<IActionResult> Put([FromBody] UserPutRequest request, [FromRoute] string username)

         {

-            var result = await _userService.PutUser(username, request.Password, request.Administrator.Value);

-            switch (result)

+            try

+            {

+                var result = await _userService.PutUser(username, request.Password, request.Administrator.Value);

+                switch (result)

+                {

+                    case PutResult.Created:

+                        _logger.LogInformation(FormatLogMessage("A user is created.", Pair("Username", username)));

+                        return CreatedAtAction("Get", new { username }, CommonPutResponse.Created);

+                    case PutResult.Modified:

+                        _logger.LogInformation(FormatLogMessage("A user is modified.", Pair("Username", username)));

+                        return Ok(CommonPutResponse.Modified);

+                    default:

+                        throw new Exception("Unreachable code.");

+                }

+            }

+            catch (UsernameBadFormatException e)

             {

-                case PutResult.Created:

-                    _logger.LogInformation(FormatLogMessage("A user is created.", Pair("Username", username)));

-                    return CreatedAtAction("Get", new { username }, CommonPutResponse.Created);

-                case PutResult.Modified:

-                    _logger.LogInformation(FormatLogMessage("A user is modified.", Pair("Username", username)));

-                    return Ok(CommonPutResponse.Modified);

-                default:

-                    throw new Exception("Unreachable code.");

+                _logger.LogInformation(e, FormatLogMessage("Attempt to create a user with bad username failed.", Pair("Username", username)));

+                return BadRequest(new CommonResponse(ErrorCodes.Put_BadUsername, "Username is of bad format."));

             }

         }

 

diff --git a/Timeline/Services/UserService.cs b/Timeline/Services/UserService.cs
index 50aa4187..0993d3dc 100644
--- a/Timeline/Services/UserService.cs
+++ b/Timeline/Services/UserService.cs
@@ -278,6 +278,8 @@ namespace Timeline.Services
         private readonly IJwtService _jwtService;

         private readonly IPasswordService _passwordService;

 

+        private readonly UsernameValidator _usernameValidator;

+

         public UserService(ILogger<UserService> logger, IMemoryCache memoryCache, DatabaseContext databaseContext, IJwtService jwtService, IPasswordService passwordService)

         {

             _logger = logger;

@@ -285,6 +287,8 @@ namespace Timeline.Services
             _databaseContext = databaseContext;

             _jwtService = jwtService;

             _passwordService = passwordService;

+

+            _usernameValidator = new UsernameValidator();

         }

 

         private string GenerateCacheKeyByUserId(long id) => $"user:{id}";

@@ -377,6 +381,11 @@ namespace Timeline.Services
             if (password == null)

                 throw new ArgumentNullException(nameof(password));

 

+            if (!_usernameValidator.Validate(username, out var message))

+            {

+                throw new UsernameBadFormatException(username, message);

+            }

+

             var user = await _databaseContext.Users.Where(u => u.Name == username).SingleOrDefaultAsync();

 

             if (user == null)