Commit 3565aca0 authored by ale's avatar ale

Force all usernames to lowercase

Add tests to verify this is enforced.
parent b7d3a9f6
Pipeline #2844 passed with stages
in 4 minutes and 22 seconds
......@@ -4,6 +4,7 @@ import (
"context"
"fmt"
"log"
"strings"
"git.autistici.org/ai3/go-common/pwhash"
)
......@@ -129,6 +130,9 @@ type CreateUserRequest struct {
// applyTemplate fills in default values for the resources in the request.
func (r *CreateUserRequest) applyTemplate(rctx *RequestContext) error {
// Usernames must be lowercase.
r.User.Name = strings.ToLower(r.User.Name)
// Some fields should be always unset because there are
// specific methods to modify them.
r.User.Status = UserStatusActive
......
package integrationtest
import (
"log"
"testing"
as "git.autistici.org/ai3/accountserver"
......@@ -31,6 +32,36 @@ func TestIntegration_CreateUser(t *testing.T) {
true,
},
{
// Valid request but already existing user.
"email_only_dup",
&as.User{
Name: "newuser1@example.com",
Resources: []*as.Resource{
&as.Resource{
Type: as.ResourceTypeEmail,
Name: "newuser1@example.com",
},
},
},
false,
},
{
// Valid request but already existing user (case-folded).
"email_only_dup_case_folded",
&as.User{
Name: "NEWUSER1@example.com",
Resources: []*as.Resource{
&as.Resource{
Type: as.ResourceTypeEmail,
Name: "NEWUSER1@example.com",
},
},
},
false,
},
{
// User creation request without any resources at all.
"no_resources",
......@@ -54,9 +85,27 @@ func TestIntegration_CreateUser(t *testing.T) {
},
false,
},
{
// Invalid request: the email name does not
// match the user name.
"email_user_mismatch",
&as.User{
Name: "newuser4@example.com",
Resources: []*as.Resource{
&as.Resource{
Type: as.ResourceTypeEmail,
Name: "newuser7@example.com",
},
},
},
false,
},
}
for _, td := range testdata {
log.Printf("running test %s", td.name)
var resp as.CreateUserResponse
err := c.request("/api/user/create", &as.CreateUserRequest{
AdminRequestBase: as.AdminRequestBase{
......
......@@ -834,9 +834,13 @@ func (c *templateContext) setCommonResourceAttrs(ctx context.Context, r *Resourc
// Apply default values to an Email resource.
func (c *templateContext) emailResourceTemplate(ctx context.Context, r *Resource, _ *User) error {
// Force the email address to lowercase.
r.Name = strings.ToLower(r.Name)
if r.Email == nil {
r.Email = new(Email)
}
addrParts := strings.Split(r.Name, "@")
if len(addrParts) != 2 {
return errors.New("malformed name")
......@@ -852,6 +856,9 @@ func (c *templateContext) websiteResourceTemplate(ctx context.Context, r *Resour
return errors.New("website resource needs owner")
}
// Force the website address to lowercase.
r.Name = strings.ToLower(r.Name)
if r.Website == nil {
r.Website = new(Website)
}
......@@ -892,6 +899,10 @@ func (c *templateContext) davResourceTemplate(ctx context.Context, r *Resource,
if user == nil {
return errors.New("dav resource needs owner")
}
// Force the account name to lowercase.
r.Name = strings.ToLower(r.Name)
if r.DAV == nil {
r.DAV = new(WebDAV)
}
......@@ -909,6 +920,10 @@ func (c *templateContext) databaseResourceTemplate(ctx context.Context, r *Resou
if user == nil {
return errors.New("database resource needs owner")
}
// Force the database name to lowercase.
r.Name = strings.ToLower(r.Name)
if r.Database == nil {
r.Database = new(Database)
}
......@@ -921,6 +936,9 @@ func (c *templateContext) databaseResourceTemplate(ctx context.Context, r *Resou
// Apply default values to a MailingList resource.
func (c *templateContext) listResourceTemplate(ctx context.Context, r *Resource, user *User) error {
// Force the list address to lowercase.
r.Name = strings.ToLower(r.Name)
if r.List == nil {
r.List = new(MailingList)
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment