krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 14:47:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

PR to fix: Disallow line breaks in display names (#12380)

Browse Source 
* Update settings.json

* Update index.js

* Update validation.js

* Update validation.js

* Update validation.js

Removes the second check

* Update tests and validation

Added tests, and updated validation
This commit is contained in:
Amber
2020-07-18 15:41:19 -05:00
committed by GitHub
parent e550ca1531
commit ead0b6c56f
5 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
test/api/v3/integration/user/PUT-user.test.js
View File

@@ -92,6 +92,14 @@ describe('PUT /user', () => {
error: 'BadRequest', error: 'BadRequest',
message: t('displaynameIssueSlur'), message: t('displaynameIssueSlur'),
}); });
await expect(user.put('/user', {
'profile.name': 'namecontainsnewline\n',
})).to.eventually.be.rejected.and.eql({
code: 400,
error: 'BadRequest',
message: t('displaynameIssueNewline'),
});
}); });
}); });

6
test/api/v4/user/auth/POST-user_verify_display_name.test.js
View File

@@ -53,5 +53,11 @@ describe('POST /user/auth/verify-display-name', async () => {
displayName: 'this is a very long display name over 30 characters', displayName: 'this is a very long display name over 30 characters',
})).to.eventually.eql({ isUsable: false, issues: [t('displaynameIssueLength')] }); })).to.eventually.eql({ isUsable: false, issues: [t('displaynameIssueLength')] });
}); });
it('errors if display name contains a newline', async () => {
await expect(user.post(ENDPOINT, {
displayName: 'namecontainsnewline\n',
})).to.eventually.eql({ isUsable: false, issues: [t('displaynameIssueNewline')] });
});
}); });
}); });

1
website/common/locales/en/settings.json
View File

@@ -202,6 +202,7 @@
"currentUsername": "Current username:", "currentUsername": "Current username:",
"displaynameIssueLength": "Display Names must be between 1 and 30 characters.", "displaynameIssueLength": "Display Names must be between 1 and 30 characters.",
"displaynameIssueSlur": "Display Names may not contain inappropriate language.", "displaynameIssueSlur": "Display Names may not contain inappropriate language.",
"displaynameIssueNewline": "Display Names may not contain backslashes followed by the letter N.",
"goToSettings": "Go to Settings", "goToSettings": "Go to Settings",
"usernameVerifiedConfirmation": "Your username, <%= username %>, is confirmed!", "usernameVerifiedConfirmation": "Your username, <%= username %>, is confirmed!",
"usernameNotVerified": "Please confirm your username.", "usernameNotVerified": "Please confirm your username.",

3
website/server/libs/user/index.js
View File

@@ -6,7 +6,7 @@ import {
NotAuthorized, NotAuthorized,
} from '../errors'; } from '../errors';
import { model as User, schema as UserSchema } from '../../models/user'; import { model as User, schema as UserSchema } from '../../models/user';
import { nameContainsSlur } from './validation'; import { nameContainsSlur, nameContainsNewline } from './validation';
export async function get (req, res, { isV3 = false }) { export async function get (req, res, { isV3 = false }) {
const { user } = res.locals; const { user } = res.locals;
@@ -112,6 +112,7 @@ export async function update (req, res, { isV3 = false }) {
if (newName === null) throw new BadRequest(res.t('invalidReqParams')); if (newName === null) throw new BadRequest(res.t('invalidReqParams'));
if (newName.length > 30) throw new BadRequest(res.t('displaynameIssueLength')); if (newName.length > 30) throw new BadRequest(res.t('displaynameIssueLength'));
if (nameContainsSlur(newName)) throw new BadRequest(res.t('displaynameIssueSlur')); if (nameContainsSlur(newName)) throw new BadRequest(res.t('displaynameIssueSlur'));
if (nameContainsNewline(newName)) throw new BadRequest(res.t('displaynameIssueNewline'));
} }
_.each(req.body, (val, key) => { _.each(req.body, (val, key) => {

5
website/server/libs/user/validation.js
View File

@@ -15,6 +15,10 @@ export function nameContainsSlur (username) {
return false; return false;
} }
export function nameContainsNewline (username) {
return username.includes('\n');
}
function usernameIsForbidden (username) { function usernameIsForbidden (username) {
const forbidddenWordsMatched = getMatchesByWordArray(username, forbiddenUsernames); const forbidddenWordsMatched = getMatchesByWordArray(username, forbiddenUsernames);
return forbidddenWordsMatched.length > 0; return forbidddenWordsMatched.length > 0;
@@ -30,6 +34,7 @@ export function verifyDisplayName (displayName, res) {
const issues = []; const issues = [];
if (displayName.length < 1 || displayName.length > 30) issues.push(res.t('displaynameIssueLength')); if (displayName.length < 1 || displayName.length > 30) issues.push(res.t('displaynameIssueLength'));
if (nameContainsSlur(displayName)) issues.push(res.t('displaynameIssueSlur')); if (nameContainsSlur(displayName)) issues.push(res.t('displaynameIssueSlur'));
if (nameContainsNewline(displayName)) issues.push(res.t('displaynameIssueNewline'));
return issues; return issues;
} }