diff options
| author | 杨宇千 <crupest@outlook.com> | 2019-08-12 22:39:38 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-08-12 22:39:38 +0800 |
| commit | ff7a7bdb8807f4b7faaaaf56677a99b23ac3c6ba (patch) | |
| tree | af074659bc9490457f1627c520c1774895a3975f /Timeline | |
| parent | ac072939e727181f79e3d6d1acd7d7ac1f4c29f6 (diff) | |
| parent | 1073d54813a25e1e9c0c41b989c69f77d2aca9cb (diff) | |
| download | timeline-ff7a7bdb8807f4b7faaaaf56677a99b23ac3c6ba.tar.gz timeline-ff7a7bdb8807f4b7faaaaf56677a99b23ac3c6ba.tar.bz2 timeline-ff7a7bdb8807f4b7faaaaf56677a99b23ac3c6ba.zip | |
Merge pull request #40 from crupest/format
Add username format check.
Diffstat (limited to 'Timeline')
| -rw-r--r-- | Timeline/Controllers/UserController.cs | 34 | ||||
| -rw-r--r-- | Timeline/Services/UserService.cs | 82 |
2 files changed, 102 insertions, 14 deletions
diff --git a/Timeline/Controllers/UserController.cs b/Timeline/Controllers/UserController.cs index 6f2fe77f..d38f96e1 100644 --- a/Timeline/Controllers/UserController.cs +++ b/Timeline/Controllers/UserController.cs @@ -18,9 +18,11 @@ namespace Timeline.Controllers {
public const int Get_NotExist = -1001;
- public const int Patch_NotExist = -2001;
+ public const int Put_BadUsername = -2001;
- public const int ChangePassword_BadOldPassword = -3001;
+ public const int Patch_NotExist = -3001;
+
+ public const int ChangePassword_BadOldPassword = -4001;
}
private readonly ILogger<UserController> _logger;
@@ -53,17 +55,25 @@ namespace Timeline.Controllers [HttpPut("users/{username}"), AdminAuthorize]
public async Task<IActionResult> Put([FromBody] UserPutRequest request, [FromRoute] string username)
{
- var result = await _userService.PutUser(username, request.Password, request.Administrator.Value);
- switch (result)
+ try
+ {
+ var result = await _userService.PutUser(username, request.Password, request.Administrator.Value);
+ switch (result)
+ {
+ case PutResult.Created:
+ _logger.LogInformation(FormatLogMessage("A user is created.", Pair("Username", username)));
+ return CreatedAtAction("Get", new { username }, CommonPutResponse.Created);
+ case PutResult.Modified:
+ _logger.LogInformation(FormatLogMessage("A user is modified.", Pair("Username", username)));
+ return Ok(CommonPutResponse.Modified);
+ default:
+ throw new Exception("Unreachable code.");
+ }
+ }
+ catch (UsernameBadFormatException e)
{
- case PutResult.Created:
- _logger.LogInformation(FormatLogMessage("A user is created.", Pair("Username", username)));
- return CreatedAtAction("Get", new { username }, CommonPutResponse.Created);
- case PutResult.Modified:
- _logger.LogInformation(FormatLogMessage("A user is modified.", Pair("Username", username)));
- return Ok(CommonPutResponse.Modified);
- default:
- throw new Exception("Unreachable code.");
+ _logger.LogInformation(e, FormatLogMessage("Attempt to create a user with bad username failed.", Pair("Username", username)));
+ return BadRequest(new CommonResponse(ErrorCodes.Put_BadUsername, "Username is of bad format."));
}
}
diff --git a/Timeline/Services/UserService.cs b/Timeline/Services/UserService.cs index 28218612..0993d3dc 100644 --- a/Timeline/Services/UserService.cs +++ b/Timeline/Services/UserService.cs @@ -3,6 +3,7 @@ using Microsoft.Extensions.Caching.Memory; using Microsoft.Extensions.Logging;
using System;
using System.Linq;
+using System.Text.RegularExpressions;
using System.Threading.Tasks;
using Timeline.Entities;
using Timeline.Models;
@@ -102,6 +103,74 @@ namespace Timeline.Services public long RequiredVersion { get; private set; }
}
+ /// <summary>
+ /// Thrown when username is of bad format.
+ /// </summary>
+ [Serializable]
+ public class UsernameBadFormatException : Exception
+ {
+ public UsernameBadFormatException(string username, string message) : base(message) { Username = username; }
+ public UsernameBadFormatException(string username, string message, Exception inner) : base(message, inner) { Username = username; }
+ protected UsernameBadFormatException(
+ System.Runtime.Serialization.SerializationInfo info,
+ System.Runtime.Serialization.StreamingContext context) : base(info, context) { }
+
+ /// <summary>
+ /// Username of bad format.
+ /// </summary>
+ public string Username { get; private set; }
+ }
+
+ public class UsernameValidator
+ {
+ public const int MaxLength = 26;
+ public const string RegexPattern = @"^[a-zA-Z0-9_][a-zA-Z0-9-_]*$";
+
+ private readonly Regex _regex = new Regex(RegexPattern);
+
+ /// <summary>
+ /// Validate a username.
+ /// </summary>
+ /// <param name="username">The username. Can't be null.</param>
+ /// <param name="message">Set as error message if there is error. Or null if no error.</param>
+ /// <returns>True if validation passed. Otherwise false.</returns>
+ /// <exception cref="ArgumentNullException">Thrown when <paramref name="username"/> is null.</exception>
+ public bool Validate(string username, out string message)
+ {
+ if (username == null)
+ throw new ArgumentNullException(nameof(username));
+
+ if (username.Length == 0)
+ {
+ message = "An empty string is not permitted.";
+ return false;
+ }
+
+ if (username.Length > 26)
+ {
+ message = $"Too long, more than 26 characters is not premitted, found {username.Length}.";
+ return false;
+ }
+
+ foreach ((char c, int i) in username.Select((c, i) => (c, i)))
+ if (char.IsWhiteSpace(c))
+ {
+ message = $"A whitespace is found at {i} . Whitespace is not permited.";
+ return false;
+ }
+
+ var match = _regex.Match(username);
+ if (!match.Success)
+ {
+ message = "Regex match failed.";
+ return false;
+ }
+
+ message = null;
+ return true;
+ }
+ }
+
public interface IUserService
{
/// <summary>
@@ -144,14 +213,14 @@ namespace Timeline.Services /// <summary>
/// Create or modify a user with given username.
- /// Return <see cref="PutUserResult.Created"/> if a new user is created.
- /// Return <see cref="PutUserResult.Modified"/> if a existing user is modified.
+ /// Username must be match with [a-zA-z0-9-_].
/// </summary>
/// <param name="username">Username of user.</param>
/// <param name="password">Password of user.</param>
/// <param name="administrator">Whether the user is administrator.</param>
/// <returns>Return <see cref="PutResult.Created"/> if a new user is created.
/// Return <see cref="PutResult.Modified"/> if a existing user is modified.</returns>
+ /// <exception cref="UsernameBadFormatException">Thrown when <paramref name="username"/> is of bad format.</exception>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="username"/> or <paramref name="password"/> is null.</exception>
Task<PutResult> PutUser(string username, string password, bool administrator);
@@ -209,6 +278,8 @@ namespace Timeline.Services private readonly IJwtService _jwtService;
private readonly IPasswordService _passwordService;
+ private readonly UsernameValidator _usernameValidator;
+
public UserService(ILogger<UserService> logger, IMemoryCache memoryCache, DatabaseContext databaseContext, IJwtService jwtService, IPasswordService passwordService)
{
_logger = logger;
@@ -216,6 +287,8 @@ namespace Timeline.Services _databaseContext = databaseContext;
_jwtService = jwtService;
_passwordService = passwordService;
+
+ _usernameValidator = new UsernameValidator();
}
private string GenerateCacheKeyByUserId(long id) => $"user:{id}";
@@ -308,6 +381,11 @@ namespace Timeline.Services if (password == null)
throw new ArgumentNullException(nameof(password));
+ if (!_usernameValidator.Validate(username, out var message))
+ {
+ throw new UsernameBadFormatException(username, message);
+ }
+
var user = await _databaseContext.Users.Where(u => u.Name == username).SingleOrDefaultAsync();
if (user == null)
|