From 56edf8b268e77d87d3be2b3bc5a9e4d28000788b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Mili=C4=87?= <marko@tesobe.com>
Date: Thu, 24 Sep 2020 10:21:32 +0200
Subject: [PATCH] feature/Add username constraints

---
 .../main/resources/i18n/lift-core.properties  |  8 +++++-
 .../code/model/dataAccess/AuthUser.scala      | 27 ++++++++++++++++++-
 .../code/sandbox/SandboxDataLoadingTest.scala |  8 +++---
 3 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/obp-api/src/main/resources/i18n/lift-core.properties b/obp-api/src/main/resources/i18n/lift-core.properties
index 310c30d1a..858d53024 100644
--- a/obp-api/src/main/resources/i18n/lift-core.properties
+++ b/obp-api/src/main/resources/i18n/lift-core.properties
@@ -366,4 +366,10 @@ Deleted = Deleted
 
 #OBP specific fields
 consumer.registration.nav.name=Get API Key
-invalid.login.credentials=Invalid Login Credentials
\ No newline at end of file
+invalid.login.credentials=Invalid Login Credentials
+invalid.username=Invalid username. \
+  1) username is 8-100 characters long \
+  2) no _ or . at the beginning \
+  3) no __ or _. or ._ or .. inside \
+  4) allowed characters: a-z A-Z 0-9 . _ \
+  5) no _ or . at the end
\ No newline at end of file
diff --git a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
index 3784afcd2..c62488f35 100644
--- a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
+++ b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
@@ -112,6 +112,24 @@ class AuthUser extends MegaProtoUser[AuthUser] with MdcLoggable {
     override def validations = isEmpty(Helper.i18n("Please.enter.your.last.name")) _ :: super.validations
   }
   
+  /**
+   * Regex to validate a username
+   * 
+   * ^(?=.{8,100}$)(?![_.])(?!.*[_.]{2})[a-zA-Z0-9._]+(?<![_.])$
+   * └─────┬────┘└───┬──┘└─────┬─────┘└─────┬─────┘ └───┬───┘
+   *       │         │         │            │           no _ or . at the end
+   *       │         │         │            │
+   *       │         │         │            allowed characters
+   *       │         │         │
+   *       │         │         no __ or _. or ._ or .. inside
+   *       │         │
+   *       │         no _ or . at the beginning
+   *       │
+   *       username is 8-100 characters long
+   *       
+   */
+  private val usernameRegex = """^(?=.{8,100}$)(?![_.])(?!.*[_.]{2})[a-zA-Z0-9._]+(?<![_.])$""".r
+
   /**
     * The username field for the User.
     */
@@ -123,9 +141,16 @@ class AuthUser extends MegaProtoUser[AuthUser] with MdcLoggable {
         case e if e.trim.isEmpty   => List(FieldError(this, Text(msg))) // issue 179
         case _                     => Nil
       }
+    def isUsernamelValid(msg: => String)(e: String) = e match {
+      case null                                             => List(FieldError(this, Text(msg)))
+      case e if e.trim.isEmpty                              => List(FieldError(this, Text(msg)))
+      case e if usernameRegex.findFirstMatchIn(e).isDefined => Nil
+      case _                                                => List(FieldError(this, Text(msg)))
+    }
     override def displayName = S.?("Username")
     override def dbIndexed_? = true
-    override def validations = isEmpty(Helper.i18n("Please.enter.your.username")) _ :: 
+    override def validations = isEmpty(Helper.i18n("Please.enter.your.username")) _ ::
+                               isUsernamelValid(Helper.i18n("invalid.username")) _ ::
                                valUnique(Helper.i18n("unique.username")) _ ::
                                valUniqueExternally(Helper.i18n("unique.username")) _ :: 
                                super.validations
diff --git a/obp-api/src/test/scala/code/sandbox/SandboxDataLoadingTest.scala b/obp-api/src/test/scala/code/sandbox/SandboxDataLoadingTest.scala
index 24f5b7cfc..7ba604745 100644
--- a/obp-api/src/test/scala/code/sandbox/SandboxDataLoadingTest.scala
+++ b/obp-api/src/test/scala/code/sandbox/SandboxDataLoadingTest.scala
@@ -454,8 +454,8 @@ class SandboxDataLoadingTest extends FlatSpec with SendServerRequests with Match
   val standardProducts = product1AtBank1 :: product2AtBank1 :: Nil
 
 
-  val user1 = SandboxUserImport(email = "user1@example.com", password = "TESOBE520berlin123!", user_name = "User 1")
-  val user2 = SandboxUserImport(email = "user2@example.com", password = "TESOBE520berlin123!", user_name = "User 2")
+  val user1 = SandboxUserImport(email = "user1@example.com", password = "TESOBE520berlin123!", user_name = "user.name_1")
+  val user2 = SandboxUserImport(email = "user2@example.com", password = "TESOBE520berlin123!", user_name = "user.name_2")
 
   val standardUsers = user1 :: user2 :: Nil
 
@@ -778,11 +778,11 @@ class SandboxDataLoadingTest extends FlatSpec with SendServerRequests with Match
     }
 
     //emails of the user we will eventually create to show multiple users with different ids are possible
-    val secondUserName = "user-two"
+    val secondUserName = "user_two"
 
     val user1Json = Extraction.decompose(user1)
 
-    val differentUsername = "user-one"
+    val differentUsername = "user_one"
     differentUsername should not equal(user1.user_name)
     val userWithSameUsernameAsUser1 = user1Json