From 6c50c57959a37f6cb6e99847ae11879b305d0238 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mili=C4=87?= Date: Thu, 17 Sep 2020 15:44:32 +0200 Subject: [PATCH 1/3] feature/Inject logged in user into CallContext data --- obp-api/src/main/scala/code/api/util/APIUtil.scala | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala index bd38ae5ff..e105ff3ee 100644 --- a/obp-api/src/main/scala/code/api/util/APIUtil.scala +++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala @@ -2542,7 +2542,9 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ x => (x._1, x._2.map(_.copy(ipAddress = remoteIpAddress))) } map { x => (x._1, x._2.map(_.copy(httpBody = body.toOption))) - } + } map { // Inject logged in user into CallContext data + x => (x._1, x._2.map(_.copy(user = x._1))) + } } From 56edf8b268e77d87d3be2b3bc5a9e4d28000788b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mili=C4=87?= Date: Thu, 24 Sep 2020 10:21:32 +0200 Subject: [PATCH 2/3] feature/Add username constraints --- .../main/resources/i18n/lift-core.properties | 8 +++++- .../code/model/dataAccess/AuthUser.scala | 27 ++++++++++++++++++- .../code/sandbox/SandboxDataLoadingTest.scala | 8 +++--- 3 files changed, 37 insertions(+), 6 deletions(-) diff --git a/obp-api/src/main/resources/i18n/lift-core.properties b/obp-api/src/main/resources/i18n/lift-core.properties index 310c30d1a..858d53024 100644 --- a/obp-api/src/main/resources/i18n/lift-core.properties +++ b/obp-api/src/main/resources/i18n/lift-core.properties @@ -366,4 +366,10 @@ Deleted = Deleted #OBP specific fields consumer.registration.nav.name=Get API Key -invalid.login.credentials=Invalid Login Credentials \ No newline at end of file +invalid.login.credentials=Invalid Login Credentials +invalid.username=Invalid username. \ + 1) username is 8-100 characters long \ + 2) no _ or . at the beginning \ + 3) no __ or _. or ._ or .. inside \ + 4) allowed characters: a-z A-Z 0-9 . _ \ + 5) no _ or . at the end \ No newline at end of file diff --git a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala index 3784afcd2..c62488f35 100644 --- a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala +++ b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala @@ -112,6 +112,24 @@ class AuthUser extends MegaProtoUser[AuthUser] with MdcLoggable { override def validations = isEmpty(Helper.i18n("Please.enter.your.last.name")) _ :: super.validations } + /** + * Regex to validate a username + * + * ^(?=.{8,100}$)(?![_.])(?!.*[_.]{2})[a-zA-Z0-9._]+(? List(FieldError(this, Text(msg))) // issue 179 case _ => Nil } + def isUsernamelValid(msg: => String)(e: String) = e match { + case null => List(FieldError(this, Text(msg))) + case e if e.trim.isEmpty => List(FieldError(this, Text(msg))) + case e if usernameRegex.findFirstMatchIn(e).isDefined => Nil + case _ => List(FieldError(this, Text(msg))) + } override def displayName = S.?("Username") override def dbIndexed_? = true - override def validations = isEmpty(Helper.i18n("Please.enter.your.username")) _ :: + override def validations = isEmpty(Helper.i18n("Please.enter.your.username")) _ :: + isUsernamelValid(Helper.i18n("invalid.username")) _ :: valUnique(Helper.i18n("unique.username")) _ :: valUniqueExternally(Helper.i18n("unique.username")) _ :: super.validations diff --git a/obp-api/src/test/scala/code/sandbox/SandboxDataLoadingTest.scala b/obp-api/src/test/scala/code/sandbox/SandboxDataLoadingTest.scala index 24f5b7cfc..7ba604745 100644 --- a/obp-api/src/test/scala/code/sandbox/SandboxDataLoadingTest.scala +++ b/obp-api/src/test/scala/code/sandbox/SandboxDataLoadingTest.scala @@ -454,8 +454,8 @@ class SandboxDataLoadingTest extends FlatSpec with SendServerRequests with Match val standardProducts = product1AtBank1 :: product2AtBank1 :: Nil - val user1 = SandboxUserImport(email = "user1@example.com", password = "TESOBE520berlin123!", user_name = "User 1") - val user2 = SandboxUserImport(email = "user2@example.com", password = "TESOBE520berlin123!", user_name = "User 2") + val user1 = SandboxUserImport(email = "user1@example.com", password = "TESOBE520berlin123!", user_name = "user.name_1") + val user2 = SandboxUserImport(email = "user2@example.com", password = "TESOBE520berlin123!", user_name = "user.name_2") val standardUsers = user1 :: user2 :: Nil @@ -778,11 +778,11 @@ class SandboxDataLoadingTest extends FlatSpec with SendServerRequests with Match } //emails of the user we will eventually create to show multiple users with different ids are possible - val secondUserName = "user-two" + val secondUserName = "user_two" val user1Json = Extraction.decompose(user1) - val differentUsername = "user-one" + val differentUsername = "user_one" differentUsername should not equal(user1.user_name) val userWithSameUsernameAsUser1 = user1Json From 679abf662a8b3b2d83a8f961f73d1ed9e7b32696 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mili=C4=87?= Date: Thu, 24 Sep 2020 11:58:02 +0200 Subject: [PATCH 3/3] feature/Add username constraints - tweakk name/message --- obp-api/src/main/resources/i18n/lift-core.properties | 12 ++++++------ .../main/scala/code/model/dataAccess/AuthUser.scala | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/obp-api/src/main/resources/i18n/lift-core.properties b/obp-api/src/main/resources/i18n/lift-core.properties index 858d53024..39e92df54 100644 --- a/obp-api/src/main/resources/i18n/lift-core.properties +++ b/obp-api/src/main/resources/i18n/lift-core.properties @@ -367,9 +367,9 @@ Deleted = Deleted #OBP specific fields consumer.registration.nav.name=Get API Key invalid.login.credentials=Invalid Login Credentials -invalid.username=Invalid username. \ - 1) username is 8-100 characters long \ - 2) no _ or . at the beginning \ - 3) no __ or _. or ._ or .. inside \ - 4) allowed characters: a-z A-Z 0-9 . _ \ - 5) no _ or . at the end \ No newline at end of file +invalid.username=Invalid Username: \ +1) Username must be between 8 and 100 characters long \ +2) Username must not start with _ or . \ +3) Username cannot contain or . or ._ or .. \ +4) Allowed characters are: a-z A-Z 0-9 . _ \ +5) Username must not end with _ or . \ No newline at end of file diff --git a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala index c62488f35..80f00d85a 100644 --- a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala +++ b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala @@ -141,7 +141,7 @@ class AuthUser extends MegaProtoUser[AuthUser] with MdcLoggable { case e if e.trim.isEmpty => List(FieldError(this, Text(msg))) // issue 179 case _ => Nil } - def isUsernamelValid(msg: => String)(e: String) = e match { + def usernameIsValid(msg: => String)(e: String) = e match { case null => List(FieldError(this, Text(msg))) case e if e.trim.isEmpty => List(FieldError(this, Text(msg))) case e if usernameRegex.findFirstMatchIn(e).isDefined => Nil @@ -150,7 +150,7 @@ class AuthUser extends MegaProtoUser[AuthUser] with MdcLoggable { override def displayName = S.?("Username") override def dbIndexed_? = true override def validations = isEmpty(Helper.i18n("Please.enter.your.username")) _ :: - isUsernamelValid(Helper.i18n("invalid.username")) _ :: + usernameIsValid(Helper.i18n("invalid.username")) _ :: valUnique(Helper.i18n("unique.username")) _ :: valUniqueExternally(Helper.i18n("unique.username")) _ :: super.validations