notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/core] Stricter local user username validation

Browse source
This commit is contained in:
Laura Hausmann 2024-08-14 00:40:58 +02:00
parent d786d8976d
commit b69f92dbdc
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
Iceshrimp.Backend/Core/Services/UserService.cs
View file

@ -1,6 +1,7 @@
using System.Diagnostics.CodeAnalysis; using System.Diagnostics.CodeAnalysis;
using System.Net; using System.Net;
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Text.RegularExpressions;
using AsyncKeyedLock; using AsyncKeyedLock;
using EntityFramework.Exceptions.Common; using EntityFramework.Exceptions.Common;
using Iceshrimp.Backend.Core.Configuration; using Iceshrimp.Backend.Core.Configuration;
@ -377,8 +378,8 @@ public class UserService(
if (security.Value.Registrations == Enums.Registrations.Invite && if (security.Value.Registrations == Enums.Registrations.Invite &&
!await db.RegistrationInvites.AnyAsync(p => p.Code == invite)) !await db.RegistrationInvites.AnyAsync(p => p.Code == invite))
throw new GracefulException(HttpStatusCode.Forbidden, "The specified invite code is invalid"); throw new GracefulException(HttpStatusCode.Forbidden, "The specified invite code is invalid");
if (username.Contains('.')) if (!Regex.IsMatch(username, @"^\w+$"))
throw new GracefulException(HttpStatusCode.BadRequest, "Username must not contain the dot character"); throw new GracefulException(HttpStatusCode.BadRequest, "Username must only contain letters");
if (Constants.SystemUsers.Contains(username.ToLowerInvariant())) if (Constants.SystemUsers.Contains(username.ToLowerInvariant()))
throw new GracefulException(HttpStatusCode.BadRequest, "Username must not be a system user"); throw new GracefulException(HttpStatusCode.BadRequest, "Username must not be a system user");
if (await db.Users.AnyAsync(p => p.IsLocalUser && p.UsernameLower == username.ToLowerInvariant())) if (await db.Users.AnyAsync(p => p.IsLocalUser && p.UsernameLower == username.ToLowerInvariant()))