Merge pull request #1721 from constantine2nd/develop

Add username constraints :: Inject logged in user into CallContext data
2026-02-06 17:17:09 +00:00 · 2020-09-24 12:06:48 +02:00 · 2020-09-24 12:06:48 +02:00 · ffe48fe437
commit ffe48fe437
parent 59daf4d144 679abf662a
4 changed files with 40 additions and 7 deletions
--- a/obp-api/src/main/resources/i18n/lift-core.properties
+++ b/obp-api/src/main/resources/i18n/lift-core.properties
@ -366,4 +366,10 @@ Deleted = Deleted

 #OBP specific fields
 consumer.registration.nav.name=Get API Key
-invalid.login.credentials=Invalid Login Credentials
+invalid.login.credentials=Invalid Login Credentials
+invalid.username=Invalid Username: \
+1) Username must be between 8 and 100 characters long \
+2) Username must not start with _ or . \
+3) Username cannot contain  or . or ._ or .. \
+4) Allowed characters are: a-z A-Z 0-9 . _ \
+5) Username must not end with _ or .
--- a/obp-api/src/main/scala/code/api/util/APIUtil.scala
+++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala
@ -2542,7 +2542,9 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
      x => (x._1, x._2.map(_.copy(ipAddress = remoteIpAddress)))
    }  map {
      x => (x._1, x._2.map(_.copy(httpBody = body.toOption)))
-    } 
+    } map { // Inject logged in user into CallContext data
+      x => (x._1, x._2.map(_.copy(user = x._1)))
+    }
    
  }

--- a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
+++ b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
@ -112,6 +112,24 @@ class AuthUser extends MegaProtoUser[AuthUser] with MdcLoggable {
    override def validations = isEmpty(Helper.i18n("Please.enter.your.last.name")) _ :: super.validations
  }
  
+  /**
+   * Regex to validate a username
+   * 
+   * ^(?=.{8,100}$)(?![_.])(?!.*[_.]{2})[a-zA-Z0-9._]+(?<![_.])$
+   * └─────┬────┘└───┬──┘└─────┬─────┘└─────┬─────┘ └───┬───┘
+   *       │         │         │            │           no _ or . at the end
+   *       │         │         │            │
+   *       │         │         │            allowed characters
+   *       │         │         │
+   *       │         │         no __ or _. or ._ or .. inside
+   *       │         │
+   *       │         no _ or . at the beginning
+   *       │
+   *       username is 8-100 characters long
+   *       
+   */
+  private val usernameRegex = """^(?=.{8,100}$)(?![_.])(?!.*[_.]{2})[a-zA-Z0-9._]+(?<![_.])$""".r
+
  /**
    * The username field for the User.
    */
@ -123,9 +141,16 @@ class AuthUser extends MegaProtoUser[AuthUser] with MdcLoggable {
        case e if e.trim.isEmpty   => List(FieldError(this, Text(msg))) // issue 179
        case _                     => Nil
      }
+    def usernameIsValid(msg: => String)(e: String) = e match {
+      case null                                             => List(FieldError(this, Text(msg)))
+      case e if e.trim.isEmpty                              => List(FieldError(this, Text(msg)))
+      case e if usernameRegex.findFirstMatchIn(e).isDefined => Nil
+      case _                                                => List(FieldError(this, Text(msg)))
+    }
    override def displayName = S.?("Username")
    override def dbIndexed_? = true
-    override def validations = isEmpty(Helper.i18n("Please.enter.your.username")) _ :: 
+    override def validations = isEmpty(Helper.i18n("Please.enter.your.username")) _ ::
+                               usernameIsValid(Helper.i18n("invalid.username")) _ ::
                               valUnique(Helper.i18n("unique.username")) _ ::
                               valUniqueExternally(Helper.i18n("unique.username")) _ :: 
                               super.validations
--- a/obp-api/src/test/scala/code/sandbox/SandboxDataLoadingTest.scala
+++ b/obp-api/src/test/scala/code/sandbox/SandboxDataLoadingTest.scala
@ -454,8 +454,8 @@ class SandboxDataLoadingTest extends FlatSpec with SendServerRequests with Match
  val standardProducts = product1AtBank1 :: product2AtBank1 :: Nil


-  val user1 = SandboxUserImport(email = "user1@example.com", password = "TESOBE520berlin123!", user_name = "User 1")
-  val user2 = SandboxUserImport(email = "user2@example.com", password = "TESOBE520berlin123!", user_name = "User 2")
+  val user1 = SandboxUserImport(email = "user1@example.com", password = "TESOBE520berlin123!", user_name = "user.name_1")
+  val user2 = SandboxUserImport(email = "user2@example.com", password = "TESOBE520berlin123!", user_name = "user.name_2")

  val standardUsers = user1 :: user2 :: Nil

@ -778,11 +778,11 @@ class SandboxDataLoadingTest extends FlatSpec with SendServerRequests with Match
    }

    //emails of the user we will eventually create to show multiple users with different ids are possible
-    val secondUserName = "user-two"
+    val secondUserName = "user_two"

    val user1Json = Extraction.decompose(user1)

-    val differentUsername = "user-one"
+    val differentUsername = "user_one"
    differentUsername should not equal(user1.user_name)
    val userWithSameUsernameAsUser1 = user1Json