From 1073d54813a25e1e9c0c41b989c69f77d2aca9cb Mon Sep 17 00:00:00 2001
From: 杨宇千 <crupest@outlook.com>
Date: Mon, 12 Aug 2019 16:24:17 +0800
Subject: Add username format check.

---
 Timeline.Tests/UserUnitTest.cs         | 11 +++++++++++
 Timeline/Controllers/UserController.cs | 34 ++++++++++++++++++++++------------
 Timeline/Services/UserService.cs       |  9 +++++++++
 3 files changed, 42 insertions(+), 12 deletions(-)

diff --git a/Timeline.Tests/UserUnitTest.cs b/Timeline.Tests/UserUnitTest.cs
index 1f72000c..2aa89fe3 100644
--- a/Timeline.Tests/UserUnitTest.cs
+++ b/Timeline.Tests/UserUnitTest.cs
@@ -78,6 +78,17 @@ namespace Timeline.Tests
                         .Which.Administrator.Should().Be(administrator);
                 }
 
+                {
+                    // Put Bad Username.
+                    var res = await client.PutAsJsonAsync("users/dsf fddf", new UserPutRequest
+                    {
+                        Password = password,
+                        Administrator = false
+                    });
+                    res.Should().HaveStatusCodeBadRequest()
+                        .And.Should().HaveBodyAsCommonResponseWithCode(UserController.ErrorCodes.Put_BadUsername);
+                }
+
                 {
                     // Put Created.
                     var res = await client.PutAsJsonAsync(url, new UserPutRequest
diff --git a/Timeline/Controllers/UserController.cs b/Timeline/Controllers/UserController.cs
index 6f2fe77f..d38f96e1 100644
--- a/Timeline/Controllers/UserController.cs
+++ b/Timeline/Controllers/UserController.cs
@@ -18,9 +18,11 @@ namespace Timeline.Controllers
         {
             public const int Get_NotExist = -1001;
 
-            public const int Patch_NotExist = -2001;
+            public const int Put_BadUsername = -2001;
 
-            public const int ChangePassword_BadOldPassword = -3001;
+            public const int Patch_NotExist = -3001;
+
+            public const int ChangePassword_BadOldPassword = -4001;
         }
 
         private readonly ILogger<UserController> _logger;
@@ -53,17 +55,25 @@ namespace Timeline.Controllers
         [HttpPut("users/{username}"), AdminAuthorize]
         public async Task<IActionResult> Put([FromBody] UserPutRequest request, [FromRoute] string username)
         {
-            var result = await _userService.PutUser(username, request.Password, request.Administrator.Value);
-            switch (result)
+            try
+            {
+                var result = await _userService.PutUser(username, request.Password, request.Administrator.Value);
+                switch (result)
+                {
+                    case PutResult.Created:
+                        _logger.LogInformation(FormatLogMessage("A user is created.", Pair("Username", username)));
+                        return CreatedAtAction("Get", new { username }, CommonPutResponse.Created);
+                    case PutResult.Modified:
+                        _logger.LogInformation(FormatLogMessage("A user is modified.", Pair("Username", username)));
+                        return Ok(CommonPutResponse.Modified);
+                    default:
+                        throw new Exception("Unreachable code.");
+                }
+            }
+            catch (UsernameBadFormatException e)
             {
-                case PutResult.Created:
-                    _logger.LogInformation(FormatLogMessage("A user is created.", Pair("Username", username)));
-                    return CreatedAtAction("Get", new { username }, CommonPutResponse.Created);
-                case PutResult.Modified:
-                    _logger.LogInformation(FormatLogMessage("A user is modified.", Pair("Username", username)));
-                    return Ok(CommonPutResponse.Modified);
-                default:
-                    throw new Exception("Unreachable code.");
+                _logger.LogInformation(e, FormatLogMessage("Attempt to create a user with bad username failed.", Pair("Username", username)));
+                return BadRequest(new CommonResponse(ErrorCodes.Put_BadUsername, "Username is of bad format."));
             }
         }
 
diff --git a/Timeline/Services/UserService.cs b/Timeline/Services/UserService.cs
index 50aa4187..0993d3dc 100644
--- a/Timeline/Services/UserService.cs
+++ b/Timeline/Services/UserService.cs
@@ -278,6 +278,8 @@ namespace Timeline.Services
         private readonly IJwtService _jwtService;
         private readonly IPasswordService _passwordService;
 
+        private readonly UsernameValidator _usernameValidator;
+
         public UserService(ILogger<UserService> logger, IMemoryCache memoryCache, DatabaseContext databaseContext, IJwtService jwtService, IPasswordService passwordService)
         {
             _logger = logger;
@@ -285,6 +287,8 @@ namespace Timeline.Services
             _databaseContext = databaseContext;
             _jwtService = jwtService;
             _passwordService = passwordService;
+
+            _usernameValidator = new UsernameValidator();
         }
 
         private string GenerateCacheKeyByUserId(long id) => $"user:{id}";
@@ -377,6 +381,11 @@ namespace Timeline.Services
             if (password == null)
                 throw new ArgumentNullException(nameof(password));
 
+            if (!_usernameValidator.Validate(username, out var message))
+            {
+                throw new UsernameBadFormatException(username, message);
+            }
+
             var user = await _databaseContext.Users.Where(u => u.Name == username).SingleOrDefaultAsync();
 
             if (user == null)
-- 
cgit v1.2.3