Browse Source

[SECURITY] Fix nickname validation and properly allow email auth

undefined
parent
commit
4c2eca5797
Signed by: diogo <mail@diogo.site> GPG Key ID: 18D2D35001FBFAB0
12 changed files with 133 additions and 176 deletions
  1. +10
    -3
      config/packages/security.yaml
  2. +1
    -2
      social.yaml
  3. +20
    -34
      src/Controller/Security.php
  4. +2
    -2
      src/Entity/LocalUser.php
  5. +6
    -6
      src/Routes/Main.php
  6. +19
    -14
      src/Security/Authenticator.php
  7. +2
    -2
      src/Util/Exception/NicknameNotAllowedException.php
  8. +0
    -54
      src/Util/Exception/NicknameTooShortException.php
  9. +62
    -48
      src/Util/Nickname.php
  10. +3
    -3
      templates/cards/navigation/view.html.twig
  11. +3
    -3
      templates/security/login.html.twig
  12. +5
    -5
      tests/Util/NicknameTest.php

+ 10
- 3
config/packages/security.yaml View File

@@ -1,10 +1,17 @@
security: security:
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers: providers:
users:
local_user:
chain:
providers: [local_user_by_nickname, local_user_by_email]
local_user_by_nickname:
entity: entity:
class: 'App\Entity\LocalUser' class: 'App\Entity\LocalUser'
property: 'nickname' property: 'nickname'
local_user_by_email:
entity:
class: 'App\Entity\LocalUser'
property: 'email'
firewalls: firewalls:
dev: dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/ pattern: ^/(_(profiler|wdt)|css|images|js)/
@@ -12,12 +19,12 @@ security:
main: main:
anonymous: true anonymous: true
lazy: true lazy: true
provider: users
provider: local_user
guard: guard:
authenticators: authenticators:
- App\Security\Authenticator - App\Security\Authenticator
logout: logout:
path: logout
path: security_logout
# where to redirect after logout # where to redirect after logout
target: main_all target: main_all




+ 1
- 2
social.yaml View File

@@ -149,7 +149,7 @@ parameters:
image: "/theme/licenses/cc_by_4.0.png" image: "/theme/licenses/cc_by_4.0.png"


nickname: nickname:
reserved:
blacklisted:
- doc - doc
- main - main
- avatar - avatar
@@ -157,7 +157,6 @@ parameters:
- settings - settings
- admin - admin
featured: [] featured: []
min_length: 4


password: password:
min_length: 6 min_length: 6


+ 20
- 34
src/Controller/Security.php View File

@@ -5,6 +5,8 @@ namespace App\Controller;
use App\Core\Controller; use App\Core\Controller;
use App\Core\DB\DB; use App\Core\DB\DB;
use App\Core\Form; use App\Core\Form;
use App\Util\Exception\NicknameInvalidException;
use LogicException;
use function App\Core\I18n\_m; use function App\Core\I18n\_m;
use App\Core\Log; use App\Core\Log;
use App\Core\VisibilityScope; use App\Core\VisibilityScope;
@@ -18,11 +20,9 @@ use App\Util\Common;
use App\Util\Exception\DuplicateFoundException; use App\Util\Exception\DuplicateFoundException;
use App\Util\Exception\EmailTakenException; use App\Util\Exception\EmailTakenException;
use App\Util\Exception\NicknameEmptyException; use App\Util\Exception\NicknameEmptyException;
use App\Util\Exception\NicknameReservedException;
use App\Util\Exception\NicknameNotAllowedException;
use App\Util\Exception\NicknameTakenException; use App\Util\Exception\NicknameTakenException;
use App\Util\Exception\NicknameTooLongException; use App\Util\Exception\NicknameTooLongException;
use App\Util\Exception\NicknameTooShortException;
use App\Util\Exception\NotImplementedException;
use App\Util\Exception\ServerException; use App\Util\Exception\ServerException;
use App\Util\Form\FormFields; use App\Util\Form\FormFields;
use App\Util\Nickname; use App\Util\Nickname;
@@ -57,7 +57,7 @@ class Security extends Controller
'_template' => 'security/login.html.twig', '_template' => 'security/login.html.twig',
'last_login_id' => $last_login_id, 'last_login_id' => $last_login_id,
'error' => $error, 'error' => $error,
'notes_fn' => fn () => Note::getAllNotes(VisibilityScope::$instance_scope),
'notes_fn' => fn () => Note::getAllNotes(VisibilityScope::$instance_scope),
]; ];
} }


@@ -66,7 +66,7 @@ class Security extends Controller
*/ */
public function logout() public function logout()
{ {
throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
throw new LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
} }


/** /**
@@ -74,25 +74,24 @@ class Security extends Controller
* Register a user, making sure the nickname is not reserved and * Register a user, making sure the nickname is not reserved and
* possibly sending a confirmation email * possibly sending a confirmation email
* *
* @param Request $request
* @param Request $request
* @param GuardAuthenticatorHandler $guard_handler * @param GuardAuthenticatorHandler $guard_handler
* @param Authenticator $authenticator
* @param Authenticator $authenticator
* *
* @return null|array|Response
* @throws EmailTakenException * @throws EmailTakenException
* @throws NicknameTakenException * @throws NicknameTakenException
* @throws ServerException * @throws ServerException
* @throws DuplicateFoundException * @throws DuplicateFoundException
* @throws NicknameEmptyException * @throws NicknameEmptyException
* @throws NicknameReservedException
* @throws NicknameNotAllowedException
* @throws NicknameTooLongException * @throws NicknameTooLongException
* @throws NicknameTooShortException
* @throws NotImplementedException
* @throws NicknameInvalidException
* *
* @return null|array|Response
*/ */
public function register(Request $request,
public function register(Request $request,
GuardAuthenticatorHandler $guard_handler, GuardAuthenticatorHandler $guard_handler,
Authenticator $authenticator)
Authenticator $authenticator)
{ {
$form = Form::create([ $form = Form::create([
['nickname', TextType::class, [ ['nickname', TextType::class, [
@@ -101,8 +100,8 @@ class Security extends Controller
'constraints' => [ 'constraints' => [
new NotBlank(['message' => _m('Please enter a nickname')]), new NotBlank(['message' => _m('Please enter a nickname')]),
new Length([ new Length([
'min' => Common::config('nickname', 'min_length'),
'minMessage' => _m(['Your nickname must be at least # characters long'], ['count' => Common::config('nickname', 'min_length')]),
'min' => 1,
'minMessage' => _m(['Your nickname must be at least # characters long'], ['count' => 1]),
'max' => Nickname::MAX_LEN, 'max' => Nickname::MAX_LEN,
'maxMessage' => _m(['Your nickname must be at most # characters long'], ['count' => Nickname::MAX_LEN]), ]), 'maxMessage' => _m(['Your nickname must be at most # characters long'], ['count' => Nickname::MAX_LEN]), ]),
], ],
@@ -128,29 +127,16 @@ class Security extends Controller
$data = $form->getData(); $data = $form->getData();
$data['password'] = $form->get('password')->getData(); $data['password'] = $form->get('password')->getData();


// This will throw the appropriate errors, result ignored
$user = LocalUser::findByNicknameOrEmail($data['nickname'], $data['email']);
if ($user !== null) {

// If we do find something, there's a duplicate
if ($user->getNickname() === $data['nickname']) {
// Register page feedback on nickname already in use
$this->addFlash('verify_nickname_error', _m('Nickname is already in use on this server.'));
throw new NicknameTakenException;
} else {
// Register page feedback on email already in use
$this->addFlash('verify_email_error', _m('Email is already taken.'));
throw new EmailTakenException;
}
}
// TODO: ensure there's no user with this email registered already


$valid_nickname = Nickname::validate($data['nickname'], check_already_used: false);
// Already used is checked below
$sanitized_nickname = Nickname::normalize($data['nickname'], check_already_used: false);


try { try {
// This already checks if the nickname is being used // This already checks if the nickname is being used
$actor = Actor::create(['nickname' => $valid_nickname]);
$actor = Actor::create(['nickname' => $sanitized_nickname]);
$user = LocalUser::create([ $user = LocalUser::create([
'nickname' => $valid_nickname,
'nickname' => $sanitized_nickname,
'outgoing_email' => $data['email'], 'outgoing_email' => $data['email'],
'incoming_email' => $data['email'], 'incoming_email' => $data['email'],
'password' => LocalUser::hashPassword($data['password']), 'password' => LocalUser::hashPassword($data['password']),
@@ -166,7 +152,7 @@ class Security extends Controller
} catch (UniqueConstraintViolationException $e) { } catch (UniqueConstraintViolationException $e) {
// _something_ was duplicated, but since we already check if nickname is in use, we can't tell what went wrong // _something_ was duplicated, but since we already check if nickname is in use, we can't tell what went wrong
$e = 'An error occurred while trying to register'; $e = 'An error occurred while trying to register';
Log::critical($e . " with nickname: '{$valid_nickname}' and email '{$data['email']}'");
Log::critical($e . " with nickname: '{$sanitized_nickname}' and email '{$data['email']}'");
throw new ServerException(_m($e)); throw new ServerException(_m($e));
} }
// @codeCoverageIgnoreEnd // @codeCoverageIgnoreEnd


+ 2
- 2
src/Entity/LocalUser.php View File

@@ -308,9 +308,9 @@ class LocalUser extends Entity implements UserInterface
* *
* @return self Returns self if nickname or email found * @return self Returns self if nickname or email found
*/ */
public static function findByNicknameOrEmail(string $nickname, string $email): ?self
public static function getByEmail(string $email): ?self
{ {
$users = DB::findBy('local_user', ['or' => ['nickname' => $nickname, 'outgoing_email' => $email, 'incoming_email' => $email]]);
$users = DB::findBy('local_user', ['or' => ['outgoing_email' => $email, 'incoming_email' => $email]]);
switch (count($users)) { switch (count($users)) {
case 0: case 0:
return null; return null;


+ 6
- 6
src/Routes/Main.php View File

@@ -45,12 +45,12 @@ abstract class Main


public static function load(RouteLoader $r): void public static function load(RouteLoader $r): void
{ {
$r->connect('login', '/login', [C\Security::class, 'login']);
$r->connect('logout', '/logout', [C\Security::class, 'logout']);
$r->connect('register', '/register', [C\Security::class, 'register']);
$r->connect('check_email', '/check-email', [C\ResetPassword::class, 'checkEmail']);
$r->connect('request_reset_password', '/request-reset-password', [C\ResetPassword::class, 'requestPasswordReset']);
$r->connect('reset_password', '/reset/{token?}', [C\ResetPassword::class, 'reset']);
$r->connect('security_login', '/main/login', [C\Security::class, 'login']);
$r->connect('security_logout', '/main/logout', [C\Security::class, 'logout']);
$r->connect('security_register', '/main/register', [C\Security::class, 'register']);
$r->connect('security_check_email', '/main/check-email', [C\ResetPassword::class, 'checkEmail']);
$r->connect('security_recover_password', '/main/recover-password', [C\ResetPassword::class, 'requestPasswordReset']);
$r->connect('security_recover_password_token', '/main/recover-password/{token?}', [C\ResetPassword::class, 'reset']);


$r->connect('root', '/', RedirectController::class, ['defaults' => ['route' => 'main_all']]); $r->connect('root', '/', RedirectController::class, ['defaults' => ['route' => 'main_all']]);
$r->connect('main_public', '/main/public', [C\Network::class, 'public']); $r->connect('main_public', '/main/public', [C\Network::class, 'public']);


+ 19
- 14
src/Security/Authenticator.php View File

@@ -20,6 +20,8 @@
namespace App\Security; namespace App\Security;


use App\Core\DB\DB; use App\Core\DB\DB;
use App\Util\Exception\NoSuchActorException;
use App\Util\Exception\NotFoundException;
use function App\Core\I18n\_m; use function App\Core\I18n\_m;
use App\Entity\LocalUser; use App\Entity\LocalUser;
use App\Entity\User; use App\Entity\User;
@@ -52,7 +54,7 @@ class Authenticator extends AbstractFormLoginAuthenticator
{ {
use TargetPathTrait; use TargetPathTrait;


public const LOGIN_ROUTE = 'login';
public const LOGIN_ROUTE = 'security_login';


private $urlGenerator; private $urlGenerator;
private $csrfTokenManager; private $csrfTokenManager;
@@ -70,17 +72,11 @@ class Authenticator extends AbstractFormLoginAuthenticator


public function getCredentials(Request $request) public function getCredentials(Request $request)
{ {
$credentials = [
'nickname' => $request->request->get('nickname'),
return [
'nickname_or_email' => $request->request->get('nickname_or_email'),
'password' => $request->request->get('password'), 'password' => $request->request->get('password'),
'csrf_token' => $request->request->get('_csrf_token'), 'csrf_token' => $request->request->get('_csrf_token'),
]; ];
$request->getSession()->set(
Security::LAST_USERNAME,
$credentials['nickname']
);

return $credentials;
} }


public function getUser($credentials, UserProviderInterface $userProvider) public function getUser($credentials, UserProviderInterface $userProvider)
@@ -90,12 +86,17 @@ class Authenticator extends AbstractFormLoginAuthenticator
throw new InvalidCsrfTokenException(); throw new InvalidCsrfTokenException();
} }


// $nick = Nickname::normalize($credentials['nickname']);
$nick = $credentials['nickname'];
$user = null;
try { try {
$user = DB::findOneBy('local_user', ['or' => ['nickname' => $nick, 'outgoing_email' => $nick]]);
} catch (Exception $e) {
if (filter_var($credentials['nickname_or_email'], FILTER_VALIDATE_EMAIL) !== false) {
$user = LocalUser::getByEmail($credentials['nickname_or_email']);
} else {
$user = LocalUser::getWithPK(['nickname' => Nickname::normalize($credentials['nickname_or_email'], check_already_used: false)]);
}
if ($user === null) {
throw new NoSuchActorException('No such local user.');
}
$credentials['nickname'] = $user->getNickname();
} catch (Exception) {
throw new CustomUserMessageAuthenticationException( throw new CustomUserMessageAuthenticationException(
_m('Invalid login credentials.')); _m('Invalid login credentials.'));
} }
@@ -118,6 +119,10 @@ class Authenticator extends AbstractFormLoginAuthenticator


public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{ {
$request->getSession()->set(
Security::LAST_USERNAME,
$token->getUser()->getNickname()
);
if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) { if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) {
return new RedirectResponse($targetPath); return new RedirectResponse($targetPath);
} }


src/Util/Exception/NicknameReservedException.php → src/Util/Exception/NicknameNotAllowedException.php View File

@@ -41,11 +41,11 @@ namespace App\Util\Exception;


use function App\Core\I18n\_m; use function App\Core\I18n\_m;


class NicknameReservedException extends NicknameException
class NicknameNotAllowedException extends NicknameException
{ {
protected function defaultMessage(): string protected function defaultMessage(): string
{ {
// TRANS: Validation error in form for registration, profile and group settings, etc. // TRANS: Validation error in form for registration, profile and group settings, etc.
return _m('Nickname is reserved.');
return _m('This nickname is not allowed.');
} }
} }

+ 0
- 54
src/Util/Exception/NicknameTooShortException.php View File

@@ -1,54 +0,0 @@
<?php

// {{{ License

// This file is part of GNU social - https://www.gnu.org/software/social
//
// GNU social is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// GNU social is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.

// }}}

/**
* Nickname too long exception
*
* @category Exception
* @package GNUsocial
*
* @author Zach Copley <zach@status.net>
* @copyright 2010 StatusNet Inc.
* @author Brion Vibber <brion@pobox.com>
* @author Mikael Nordfeldth <mmn@hethane.se>
* @author Nym Coy <nymcoy@gmail.com>
* @copyright 2009-2014 Free Software Foundation, Inc http://www.fsf.org
* @auuthor Daniel Supernault <danielsupernault@gmail.com>
* @auuthor Diogo Cordeiro <diogo@fc.up.pt>
*
* @author Hugo Sales <hugo@hsal.es>
* @copyright 2018-2021 Free Software Foundation, Inc http://www.fsf.org
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/

namespace App\Util\Exception;

use function App\Core\I18n\_m;
use App\Util\Common;

class NicknameTooShortException extends NicknameInvalidException
{
protected function defaultMessage(): string
{
// TRANS: Validation error in form for registration, profile and group settings, etc.
return _m(['Nickname cannot be less than # character long.'], ['count' => Common::config('nickname', 'min_length')]);
}
}

+ 62
- 48
src/Util/Nickname.php View File

@@ -25,13 +25,13 @@ use App\Entity\LocalUser;
use App\Util\Exception\NicknameEmptyException; use App\Util\Exception\NicknameEmptyException;
use App\Util\Exception\NicknameException; use App\Util\Exception\NicknameException;
use App\Util\Exception\NicknameInvalidException; use App\Util\Exception\NicknameInvalidException;
use App\Util\Exception\NicknameReservedException;
use App\Util\Exception\NicknameNotAllowedException;
use App\Util\Exception\NicknameTakenException; use App\Util\Exception\NicknameTakenException;
use App\Util\Exception\NicknameTooLongException; use App\Util\Exception\NicknameTooLongException;
use App\Util\Exception\NicknameTooShortException; use App\Util\Exception\NicknameTooShortException;
use App\Util\Exception\NotImplementedException; use App\Util\Exception\NotImplementedException;
use Functional as F; use Functional as F;
use Normalizer;
use InvalidArgumentException;


/** /**
* Nickname validation * Nickname validation
@@ -45,9 +45,8 @@ use Normalizer;
* @author Mikael Nordfeldth <mmn@hethane.se> * @author Mikael Nordfeldth <mmn@hethane.se>
* @author Nym Coy <nymcoy@gmail.com> * @author Nym Coy <nymcoy@gmail.com>
* @copyright 2009-2014 Free Software Foundation, Inc http://www.fsf.org * @copyright 2009-2014 Free Software Foundation, Inc http://www.fsf.org
* @auuthor Daniel Supernault <danielsupernault@gmail.com>
* @auuthor Diogo Cordeiro <diogo@fc.up.pt>
*
* @author Daniel Supernault <danielsupernault@gmail.com>
* @author Diogo Cordeiro <mail@diogo.site>
* @author Hugo Sales <hugo@hsal.es> * @author Hugo Sales <hugo@hsal.es>
* @copyright 2018-2021 Free Software Foundation, Inc http://www.fsf.org * @copyright 2018-2021 Free Software Foundation, Inc http://www.fsf.org
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
@@ -91,6 +90,11 @@ class Nickname
*/ */
const WEBFINGER_FMT = '(?:\w+[\w\-\_\.]*)?\w+\@' . URL_REGEX_DOMAIN_NAME; const WEBFINGER_FMT = '(?:\w+[\w\-\_\.]*)?\w+\@' . URL_REGEX_DOMAIN_NAME;


/**
* Maximum number of characters in a canonical-form nickname. Changes must validate regexs
*/
const MAX_LEN = 64;

/** /**
* Regex fragment for checking a canonical nickname. * Regex fragment for checking a canonical nickname.
* *
@@ -104,12 +108,7 @@ class Nickname
* *
* This, INPUT_FMT and DISPLAY_FMT should not be enclosed in []s. * This, INPUT_FMT and DISPLAY_FMT should not be enclosed in []s.
*/ */
const CANONICAL_FMT = '[0-9a-z]{1,64}';

/**
* Maximum number of characters in a canonical-form nickname. Changes must validate regexs
*/
const MAX_LEN = 64;
const CANONICAL_FMT = '[0-9a-z]{1,' . self::MAX_LEN . '}';


/** /**
* Regex with non-capturing group that matches whitespace and some * Regex with non-capturing group that matches whitespace and some
@@ -121,72 +120,78 @@ class Nickname
*/ */
const BEFORE_MENTIONS = '(?:^|[\s\.\,\:\;\[\(]+)'; const BEFORE_MENTIONS = '(?:^|[\s\.\,\:\;\[\(]+)';


const CHECK_LOCAL_USER = 1;
const CHECK_LOCAL_USER = 1;
const CHECK_LOCAL_GROUP = 2; const CHECK_LOCAL_GROUP = 2;


/** /**
* Check if a nickname is valid or throw exceptions if it's not. * Check if a nickname is valid or throw exceptions if it's not.
* Can optionally check if the nickname is currently in use * Can optionally check if the nickname is currently in use
* @param string $nickname
* @param bool $check_already_used
* @param int $which
* @param bool $check_is_allowed
* @return bool
* @throws NicknameEmptyException
* @throws NicknameNotAllowedException
* @throws NicknameTakenException
* @throws NicknameTooLongException
*/ */
public static function validate(string $nickname, bool $check_already_used = false, int $which = self::CHECK_LOCAL_USER)
public static function validate(string $nickname, bool $check_already_used = false, int $which = self::CHECK_LOCAL_USER, bool $check_is_allowed = true): bool
{ {
$nickname = trim($nickname);
$length = mb_strlen($nickname);
$length = mb_strlen($nickname);


if ($length < 1) { if ($length < 1) {
throw new NicknameEmptyException(); throw new NicknameEmptyException();
} elseif ($length < Common::config('nickname', 'min_length')) {
// dd($nickname, $length, Common::config('nickname', 'min_length'));
throw new NicknameTooShortException();
} else { } else {
if ($length > self::MAX_LEN) { if ($length > self::MAX_LEN) {
throw new NicknameTooLongException(); throw new NicknameTooLongException();
} elseif (self::isReserved($nickname) || Common::isSystemPath($nickname)) {
throw new NicknameReservedException();
} elseif ($check_is_allowed && self::isBlacklisted($nickname)) {
throw new NicknameNotAllowedException();
} elseif ($check_already_used) { } elseif ($check_already_used) {
switch ($which) { switch ($which) {
case self::CHECK_LOCAL_USER:
$lu = LocalUser::findByNicknameOrEmail($nickname, email: '');
if ($lu !== null) {
throw new NicknameTakenException($lu->getActor());
}
break;
case self::CHECK_LOCAL_USER:
$lu = LocalUser::getWithPK(['nickname' => $nickname]);
if ($lu !== null) {
throw new NicknameTakenException($lu->getActor());
}
break;
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
case self::CHECK_LOCAL_GROUP:
throw new NotImplementedException();
break;
default:
throw new \InvalidArgumentException();
case self::CHECK_LOCAL_GROUP:
throw new NotImplementedException();
break;
default:
throw new InvalidArgumentException();
// @codeCoverageIgnoreEnd // @codeCoverageIgnoreEnd
} }
} }
} }


return $nickname;
return true;
} }


/** /**
* Normalize an input $nickname, and normalize it to its canonical form.
* Normalize input $nickname to its canonical form and validates it.
* The canonical form will be returned, or an exception thrown if invalid. * The canonical form will be returned, or an exception thrown if invalid.
* *
* @throws NicknameException (base class)
* @param string $nickname
* @param bool $check_already_used
* @param bool $check_is_allowed
* @return string
* @throws NicknameEmptyException * @throws NicknameEmptyException
* @throws NicknameInvalidException * @throws NicknameInvalidException
* @throws NicknameNotAllowedException
* @throws NicknameTakenException * @throws NicknameTakenException
* @throws NicknameTooLongException * @throws NicknameTooLongException
* @throws NicknameTooShortException
*/ */
public static function normalize(string $nickname, bool $check_already_used = true, bool $checking_reserved = false): string
public static function normalize(string $nickname, bool $check_already_used = true, bool $check_is_allowed = true): string
{ {
if (!$checking_reserved) {
$nickname = self::validate($nickname, $check_already_used);
}

$nickname = trim($nickname); $nickname = trim($nickname);
$nickname = str_replace('_', '', $nickname); $nickname = str_replace('_', '', $nickname);
$nickname = mb_strtolower($nickname); $nickname = mb_strtolower($nickname);
$nickname = Normalizer::normalize($nickname, Normalizer::FORM_C);
if (!self::isCanonical($nickname) && !filter_var($nickname, FILTER_VALIDATE_EMAIL)) {
// We could do UTF-8 normalization (å to a, etc.) with something like Normalizer::normalize($nickname, Normalizer::FORM_C)
// We won't as it could confuse tremendously the user, he must know what is valid and should fix his own input

if (!self::validate($nickname, $check_already_used, $check_is_allowed) || !self::isCanonical($nickname)) {
throw new NicknameInvalidException(); throw new NicknameInvalidException();
} }


@@ -201,11 +206,11 @@ class Nickname
* *
* @return bool True if nickname is valid. False if invalid (or taken if $check_already_used == true). * @return bool True if nickname is valid. False if invalid (or taken if $check_already_used == true).
*/ */
public static function isValid(string $nickname, bool $check_already_used = true): bool
public static function isValid(string $nickname, bool $check_already_used = true, bool $check_is_allowed = true): bool
{ {
try { try {
self::normalize($nickname, $check_already_used);
} catch (NicknameException $e) {
self::normalize($nickname, $check_already_used, $check_is_allowed);
} catch (NicknameException) {
return false; return false;
} }


@@ -214,6 +219,8 @@ class Nickname


/** /**
* Is the given string a valid canonical nickname form? * Is the given string a valid canonical nickname form?
* @param string $nickname
* @return bool
*/ */
public static function isCanonical(string $nickname): bool public static function isCanonical(string $nickname): bool
{ {
@@ -222,15 +229,22 @@ class Nickname


/** /**
* Is the given string in our nickname blacklist? * Is the given string in our nickname blacklist?
* @param string $nickname
* @return bool
* @throws NicknameEmptyException
* @throws NicknameInvalidException
* @throws NicknameNotAllowedException
* @throws NicknameTakenException
* @throws NicknameTooLongException
*/ */
public static function isReserved(string $nickname): bool
public static function isBlacklisted(string $nickname): bool
{ {
$reserved = Common::config('nickname', 'reserved');
$reserved = Common::config('nickname', 'blacklist');
if (empty($reserved)) { if (empty($reserved)) {
return false; return false;
} }
return in_array($nickname, array_merge($reserved, F\map($reserved, function ($n) { return in_array($nickname, array_merge($reserved, F\map($reserved, function ($n) {
return self::normalize($n, check_already_used: false, checking_reserved: true);
return self::normalize($n, check_already_used: false, check_is_allowed: true);
}))); })));
} }
} }

+ 3
- 3
templates/cards/navigation/view.html.twig View File

@@ -89,7 +89,7 @@
Settings Settings
</a> </a>


<a title='{{ 'Logout from your account.' | trans }}' href='{{ path('logout') }}'>
<a title='{{ 'Logout from your account.' | trans }}' href='{{ path('security_logout') }}'>
Logout Logout
</a> </a>
</nav> </nav>
@@ -100,11 +100,11 @@
<h2 class="section-title">Account</h2> <h2 class="section-title">Account</h2>
<nav tabindex="0" class="profile-navigation" title="{{ 'Navigate through account related pages.' | trans }}"> <nav tabindex="0" class="profile-navigation" title="{{ 'Navigate through account related pages.' | trans }}">


<a title='{{ 'Login with your existing account.' | trans }}' href="{{ path('login') }}" class='hover-effect {{ active('login') }}'>
<a title='{{ 'Login with your existing account.' | trans }}' href="{{ path('security_login') }}" class='hover-effect {{ active('login') }}'>
Login Login
</a> </a>


<a title='{{ 'Register a new account!' | trans }}' href="{{ path('register') }}">
<a title='{{ 'Register a new account!' | trans }}' href="{{ path('security_register') }}">
Register Register
</a> </a>




+ 3
- 3
templates/security/login.html.twig View File

@@ -37,11 +37,11 @@


{% else %} {% else %}


{# TODO: Login can be done with email, so the id's and stuff should reflect that, along with using the translation facilities #}
{# TODO: Login can be done with email, so the element id's should reflect that #}
<div class="form-group"> <div class="form-group">
<label class="section-form-label" for="inputNickname">{{ "Nickname or Email" | trans }}</label> <label class="section-form-label" for="inputNickname">{{ "Nickname or Email" | trans }}</label>
<input type="text" value="{{ last_login_id }}" name="nickname" id="inputNickname" class="form-control" required autofocus>
<p class="help-text">{{ "Your nickname." | trans }}</p>
<input type="text" value="{{ last_login_id }}" name="nickname_or_email" id="inputNickname" class="form-control" required autofocus>
<p class="help-text">{{ "Your nickname or email address." | trans }}</p>
</div> </div>
<div class="form-group"> <div class="form-group">
<label class="section-form-label" for="inputPassword">{{ "Password" | trans }}</label> <label class="section-form-label" for="inputPassword">{{ "Password" | trans }}</label>


+ 5
- 5
tests/Util/NicknameTest.php View File

@@ -22,7 +22,7 @@ namespace App\Tests\Util;
use App\Util\Common; use App\Util\Common;
use App\Util\Exception\NicknameEmptyException; use App\Util\Exception\NicknameEmptyException;
use App\Util\Exception\NicknameInvalidException; use App\Util\Exception\NicknameInvalidException;
use App\Util\Exception\NicknameReservedException;
use App\Util\Exception\NicknameNotAllowedException;
use App\Util\Exception\NicknameTakenException; use App\Util\Exception\NicknameTakenException;
use App\Util\Exception\NicknameTooLongException; use App\Util\Exception\NicknameTooLongException;
use App\Util\Exception\NicknameTooShortException; use App\Util\Exception\NicknameTooShortException;
@@ -53,7 +53,7 @@ class NicknameTest extends GNUsocialTestCase
static::assertThrows(NicknameTooShortException::class, fn () => Nickname::normalize('foo', check_already_used: false)); static::assertThrows(NicknameTooShortException::class, fn () => Nickname::normalize('foo', check_already_used: false));
static::assertThrows(NicknameEmptyException::class, fn () => Nickname::normalize('', check_already_used: false)); static::assertThrows(NicknameEmptyException::class, fn () => Nickname::normalize('', check_already_used: false));
// static::assertThrows(NicknameInvalidException::class, fn () => Nickname::normalize('FóóBár', check_already_used: false)); // static::assertThrows(NicknameInvalidException::class, fn () => Nickname::normalize('FóóBár', check_already_used: false));
static::assertThrows(NicknameReservedException::class, fn () => Nickname::normalize('this_nickname_is_reserved', check_already_used: false));
static::assertThrows(NicknameNotAllowedException::class, fn () => Nickname::normalize('this_nickname_is_reserved', check_already_used: false));


static::bootKernel(); static::bootKernel();
static::assertSame('foobar', Nickname::normalize('foobar', check_already_used: true)); static::assertSame('foobar', Nickname::normalize('foobar', check_already_used: true));
@@ -79,13 +79,13 @@ class NicknameTest extends GNUsocialTestCase
static::assertTrue($cb instanceof ContainerBagInterface); static::assertTrue($cb instanceof ContainerBagInterface);
$cb->method('get')->willReturnMap([['gnusocial', $conf], ['gnusocial_defaults', $conf]]); $cb->method('get')->willReturnMap([['gnusocial', $conf], ['gnusocial_defaults', $conf]]);
Common::setupConfig($cb); Common::setupConfig($cb);
static::assertTrue(Nickname::isReserved('this_nickname_is_reserved'));
static::assertFalse(Nickname::isReserved('this_nickname_is_not_reserved'));
static::assertTrue(Nickname::isBlacklisted('this_nickname_is_reserved'));
static::assertFalse(Nickname::isBlacklisted('this_nickname_is_not_reserved'));


$conf = ['nickname' => ['min_length' => 4, 'reserved' => []]]; $conf = ['nickname' => ['min_length' => 4, 'reserved' => []]];
$cb = $this->createMock(ContainerBagInterface::class); $cb = $this->createMock(ContainerBagInterface::class);
$cb->method('get')->willReturnMap([['gnusocial', $conf], ['gnusocial_defaults', $conf]]); $cb->method('get')->willReturnMap([['gnusocial', $conf], ['gnusocial_defaults', $conf]]);
Common::setupConfig($cb); Common::setupConfig($cb);
static::assertFalse(Nickname::isReserved('this_nickname_is_reserved'));
static::assertFalse(Nickname::isBlacklisted('this_nickname_is_reserved'));
} }
} }

Loading…
Cancel
Save