diff options
| author | 杨宇千 <crupest@outlook.com> | 2019-08-12 22:39:38 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-08-12 22:39:38 +0800 |
| commit | f0754f0d5feca407d5a327e634a84a3380507bc2 (patch) | |
| tree | af074659bc9490457f1627c520c1774895a3975f | |
| parent | 285fe070388e48d82f008c3de5b0d7675f55ebfa (diff) | |
| parent | afaad69437dc12ffb706667eb63875b116631234 (diff) | |
| download | timeline-f0754f0d5feca407d5a327e634a84a3380507bc2.tar.gz timeline-f0754f0d5feca407d5a327e634a84a3380507bc2.tar.bz2 timeline-f0754f0d5feca407d5a327e634a84a3380507bc2.zip | |
Merge pull request #40 from crupest/format
Add username format check.
| -rw-r--r-- | Timeline.Tests/UserUnitTest.cs | 11 | ||||
| -rw-r--r-- | Timeline.Tests/UsernameValidatorUnitTest.cs | 86 | ||||
| -rw-r--r-- | Timeline/Controllers/UserController.cs | 34 | ||||
| -rw-r--r-- | Timeline/Services/UserService.cs | 82 |
4 files changed, 199 insertions, 14 deletions
diff --git a/Timeline.Tests/UserUnitTest.cs b/Timeline.Tests/UserUnitTest.cs index 1f72000c..2aa89fe3 100644 --- a/Timeline.Tests/UserUnitTest.cs +++ b/Timeline.Tests/UserUnitTest.cs @@ -79,6 +79,17 @@ namespace Timeline.Tests }
{
+ // Put Bad Username.
+ var res = await client.PutAsJsonAsync("users/dsf fddf", new UserPutRequest
+ {
+ Password = password,
+ Administrator = false
+ });
+ res.Should().HaveStatusCodeBadRequest()
+ .And.Should().HaveBodyAsCommonResponseWithCode(UserController.ErrorCodes.Put_BadUsername);
+ }
+
+ {
// Put Created.
var res = await client.PutAsJsonAsync(url, new UserPutRequest
{
diff --git a/Timeline.Tests/UsernameValidatorUnitTest.cs b/Timeline.Tests/UsernameValidatorUnitTest.cs new file mode 100644 index 00000000..97d56195 --- /dev/null +++ b/Timeline.Tests/UsernameValidatorUnitTest.cs @@ -0,0 +1,86 @@ +using FluentAssertions;
+using System;
+using Timeline.Services;
+using Xunit;
+
+namespace Timeline.Tests
+{
+ public class UsernameValidatorUnitTest : IClassFixture<UsernameValidator>
+ {
+ private readonly UsernameValidator _validator;
+
+ public UsernameValidatorUnitTest(UsernameValidator validator)
+ {
+ _validator = validator;
+ }
+
+ [Fact]
+ public void NullShouldThrow()
+ {
+ _validator.Invoking(v => v.Validate(null, out string message)).Should().Throw<ArgumentNullException>();
+ }
+
+
+ private string FailAndMessage(string username)
+ {
+ var result = _validator.Validate(username, out var message);
+ result.Should().BeFalse();
+ return message;
+ }
+
+ private void Succeed(string username)
+ {
+ _validator.Validate(username, out var message).Should().BeTrue();
+ message.Should().BeNull();
+ }
+
+ [Fact]
+ public void Empty()
+ {
+ FailAndMessage("").Should().ContainEquivalentOf("empty");
+ }
+
+ [Fact]
+ public void WhiteSpace()
+ {
+ FailAndMessage(" ").Should().ContainEquivalentOf("whitespace");
+ FailAndMessage("\t").Should().ContainEquivalentOf("whitespace");
+ FailAndMessage("\n").Should().ContainEquivalentOf("whitespace");
+
+ FailAndMessage("a b").Should().ContainEquivalentOf("whitespace");
+ FailAndMessage("a\tb").Should().ContainEquivalentOf("whitespace");
+ FailAndMessage("a\nb").Should().ContainEquivalentOf("whitespace");
+ }
+
+ [Fact]
+ public void BadCharactor()
+ {
+ FailAndMessage("!").Should().ContainEquivalentOf("regex");
+ FailAndMessage("!abc").Should().ContainEquivalentOf("regex");
+ FailAndMessage("ab!c").Should().ContainEquivalentOf("regex");
+ }
+
+ [Fact]
+ public void BadBegin()
+ {
+ FailAndMessage("-").Should().ContainEquivalentOf("regex");
+ FailAndMessage("-abc").Should().ContainEquivalentOf("regex");
+ }
+
+ [Fact]
+ public void TooLong()
+ {
+ FailAndMessage(new string('a', 40)).Should().ContainEquivalentOf("long");
+ }
+
+ [Fact]
+ public void Success()
+ {
+ Succeed("abc");
+ Succeed("_abc");
+ Succeed("a-bc");
+ Succeed("a-b-c");
+ Succeed("a-b_c");
+ }
+ }
+}
diff --git a/Timeline/Controllers/UserController.cs b/Timeline/Controllers/UserController.cs index 6f2fe77f..d38f96e1 100644 --- a/Timeline/Controllers/UserController.cs +++ b/Timeline/Controllers/UserController.cs @@ -18,9 +18,11 @@ namespace Timeline.Controllers {
public const int Get_NotExist = -1001;
- public const int Patch_NotExist = -2001;
+ public const int Put_BadUsername = -2001;
- public const int ChangePassword_BadOldPassword = -3001;
+ public const int Patch_NotExist = -3001;
+
+ public const int ChangePassword_BadOldPassword = -4001;
}
private readonly ILogger<UserController> _logger;
@@ -53,17 +55,25 @@ namespace Timeline.Controllers [HttpPut("users/{username}"), AdminAuthorize]
public async Task<IActionResult> Put([FromBody] UserPutRequest request, [FromRoute] string username)
{
- var result = await _userService.PutUser(username, request.Password, request.Administrator.Value);
- switch (result)
+ try
+ {
+ var result = await _userService.PutUser(username, request.Password, request.Administrator.Value);
+ switch (result)
+ {
+ case PutResult.Created:
+ _logger.LogInformation(FormatLogMessage("A user is created.", Pair("Username", username)));
+ return CreatedAtAction("Get", new { username }, CommonPutResponse.Created);
+ case PutResult.Modified:
+ _logger.LogInformation(FormatLogMessage("A user is modified.", Pair("Username", username)));
+ return Ok(CommonPutResponse.Modified);
+ default:
+ throw new Exception("Unreachable code.");
+ }
+ }
+ catch (UsernameBadFormatException e)
{
- case PutResult.Created:
- _logger.LogInformation(FormatLogMessage("A user is created.", Pair("Username", username)));
- return CreatedAtAction("Get", new { username }, CommonPutResponse.Created);
- case PutResult.Modified:
- _logger.LogInformation(FormatLogMessage("A user is modified.", Pair("Username", username)));
- return Ok(CommonPutResponse.Modified);
- default:
- throw new Exception("Unreachable code.");
+ _logger.LogInformation(e, FormatLogMessage("Attempt to create a user with bad username failed.", Pair("Username", username)));
+ return BadRequest(new CommonResponse(ErrorCodes.Put_BadUsername, "Username is of bad format."));
}
}
diff --git a/Timeline/Services/UserService.cs b/Timeline/Services/UserService.cs index 28218612..0993d3dc 100644 --- a/Timeline/Services/UserService.cs +++ b/Timeline/Services/UserService.cs @@ -3,6 +3,7 @@ using Microsoft.Extensions.Caching.Memory; using Microsoft.Extensions.Logging;
using System;
using System.Linq;
+using System.Text.RegularExpressions;
using System.Threading.Tasks;
using Timeline.Entities;
using Timeline.Models;
@@ -102,6 +103,74 @@ namespace Timeline.Services public long RequiredVersion { get; private set; }
}
+ /// <summary>
+ /// Thrown when username is of bad format.
+ /// </summary>
+ [Serializable]
+ public class UsernameBadFormatException : Exception
+ {
+ public UsernameBadFormatException(string username, string message) : base(message) { Username = username; }
+ public UsernameBadFormatException(string username, string message, Exception inner) : base(message, inner) { Username = username; }
+ protected UsernameBadFormatException(
+ System.Runtime.Serialization.SerializationInfo info,
+ System.Runtime.Serialization.StreamingContext context) : base(info, context) { }
+
+ /// <summary>
+ /// Username of bad format.
+ /// </summary>
+ public string Username { get; private set; }
+ }
+
+ public class UsernameValidator
+ {
+ public const int MaxLength = 26;
+ public const string RegexPattern = @"^[a-zA-Z0-9_][a-zA-Z0-9-_]*$";
+
+ private readonly Regex _regex = new Regex(RegexPattern);
+
+ /// <summary>
+ /// Validate a username.
+ /// </summary>
+ /// <param name="username">The username. Can't be null.</param>
+ /// <param name="message">Set as error message if there is error. Or null if no error.</param>
+ /// <returns>True if validation passed. Otherwise false.</returns>
+ /// <exception cref="ArgumentNullException">Thrown when <paramref name="username"/> is null.</exception>
+ public bool Validate(string username, out string message)
+ {
+ if (username == null)
+ throw new ArgumentNullException(nameof(username));
+
+ if (username.Length == 0)
+ {
+ message = "An empty string is not permitted.";
+ return false;
+ }
+
+ if (username.Length > 26)
+ {
+ message = $"Too long, more than 26 characters is not premitted, found {username.Length}.";
+ return false;
+ }
+
+ foreach ((char c, int i) in username.Select((c, i) => (c, i)))
+ if (char.IsWhiteSpace(c))
+ {
+ message = $"A whitespace is found at {i} . Whitespace is not permited.";
+ return false;
+ }
+
+ var match = _regex.Match(username);
+ if (!match.Success)
+ {
+ message = "Regex match failed.";
+ return false;
+ }
+
+ message = null;
+ return true;
+ }
+ }
+
public interface IUserService
{
/// <summary>
@@ -144,14 +213,14 @@ namespace Timeline.Services /// <summary>
/// Create or modify a user with given username.
- /// Return <see cref="PutUserResult.Created"/> if a new user is created.
- /// Return <see cref="PutUserResult.Modified"/> if a existing user is modified.
+ /// Username must be match with [a-zA-z0-9-_].
/// </summary>
/// <param name="username">Username of user.</param>
/// <param name="password">Password of user.</param>
/// <param name="administrator">Whether the user is administrator.</param>
/// <returns>Return <see cref="PutResult.Created"/> if a new user is created.
/// Return <see cref="PutResult.Modified"/> if a existing user is modified.</returns>
+ /// <exception cref="UsernameBadFormatException">Thrown when <paramref name="username"/> is of bad format.</exception>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="username"/> or <paramref name="password"/> is null.</exception>
Task<PutResult> PutUser(string username, string password, bool administrator);
@@ -209,6 +278,8 @@ namespace Timeline.Services private readonly IJwtService _jwtService;
private readonly IPasswordService _passwordService;
+ private readonly UsernameValidator _usernameValidator;
+
public UserService(ILogger<UserService> logger, IMemoryCache memoryCache, DatabaseContext databaseContext, IJwtService jwtService, IPasswordService passwordService)
{
_logger = logger;
@@ -216,6 +287,8 @@ namespace Timeline.Services _databaseContext = databaseContext;
_jwtService = jwtService;
_passwordService = passwordService;
+
+ _usernameValidator = new UsernameValidator();
}
private string GenerateCacheKeyByUserId(long id) => $"user:{id}";
@@ -308,6 +381,11 @@ namespace Timeline.Services if (password == null)
throw new ArgumentNullException(nameof(password));
+ if (!_usernameValidator.Validate(username, out var message))
+ {
+ throw new UsernameBadFormatException(username, message);
+ }
+
var user = await _databaseContext.Users.Where(u => u.Name == username).SingleOrDefaultAsync();
if (user == null)
|