From 01f1a028374d1659eaf9c18d0b68e6d4e5110549 Mon Sep 17 00:00:00 2001 From: Kurt Hutten Date: Tue, 10 Nov 2020 20:49:19 +1100 Subject: [PATCH] Add alpha numeric regex to username on sign up resolves #82 --- api/src/functions/identity-signup.js | 3 ++- api/src/services/helpers.js | 2 ++ api/src/services/parts/parts.js | 5 ++--- api/src/services/users/users.js | 3 ++- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/api/src/functions/identity-signup.js b/api/src/functions/identity-signup.js index 1d0a003..b9f3460 100644 --- a/api/src/functions/identity-signup.js +++ b/api/src/functions/identity-signup.js @@ -1,5 +1,6 @@ import { createUserInsecure } from 'src/services/users/users.js' import { db } from 'src/lib/db' +import { enforceAlphaNumeric } from 'src/services/helpers' export const handler = async (req, _context) => { const body = JSON.parse(req.body) @@ -74,7 +75,7 @@ export const handler = async (req, _context) => { const newSeed = count === 1 ? `${seed}_${count}` : seed.slice(0,-1) + count return generateUniqueUserName(newSeed, count) } - const userNameSeed = email.split('@')[0] + const userNameSeed = enforceAlphaNumeric(email.split('@')[0]) const userName = await generateUniqueUserName(userNameSeed) // TODO maybe come up with a better default userName? const input = { email, diff --git a/api/src/services/helpers.js b/api/src/services/helpers.js index ed474f3..d6e21f3 100644 --- a/api/src/services/helpers.js +++ b/api/src/services/helpers.js @@ -11,3 +11,5 @@ export const foreignKeyReplacement = (input) => { }) return output } + +export const enforceAlphaNumeric = (string) => string.replace(/([^a-zA-Z\d_:])/g, '-') diff --git a/api/src/services/parts/parts.js b/api/src/services/parts/parts.js index 1b96b42..260442c 100644 --- a/api/src/services/parts/parts.js +++ b/api/src/services/parts/parts.js @@ -1,8 +1,7 @@ import { db } from 'src/lib/db' -import { foreignKeyReplacement } from 'src/services/helpers' +import { foreignKeyReplacement, enforceAlphaNumeric } from 'src/services/helpers' import { requireAuth } from 'src/lib/auth' import { requireOwnership } from 'src/lib/owner' -import { user } from 'src/services/users/users' export const parts = () => { return db.part.findMany() @@ -40,7 +39,7 @@ export const updatePart = async ({ id, input }) => { requireAuth() await requireOwnership({partId: id}) if(input.title) { - input.title = input.title.replace(/([^a-zA-Z\d_:])/g, '-') + input.title = enforceAlphaNumeric(input.title) } return db.part.update({ data: foreignKeyReplacement(input), diff --git a/api/src/services/users/users.js b/api/src/services/users/users.js index cae1557..c06e1bf 100644 --- a/api/src/services/users/users.js +++ b/api/src/services/users/users.js @@ -2,6 +2,7 @@ import { db } from 'src/lib/db' import { requireAuth } from 'src/lib/auth' import { requireOwnership } from 'src/lib/owner' import { UserInputError } from '@redwoodjs/api' +import { enforceAlphaNumeric } from 'src/services/helpers' export const users = () => { requireAuth({ role: 'admin' }) @@ -42,7 +43,7 @@ export const updateUserByUserName = async ({ userName, input }) => { requireAuth() await requireOwnership({userName}) if(input.userName) { - input.userName = input.userName.replace(/([^a-zA-Z\d_:])/g, '-') + input.userName = enforceAlphaNumeric(input.userName) } if(input.userName && ['new', 'edit', 'update'].includes(input.userName)) { //TODO complete this and use a regexp so that it's not case sensitive, don't want someone with the userName eDiT throw new UserInputError(`You've tried to used a protected word as you userName, try something other than `)