forked from GNUsocial/gnu-social
[SECURITY] Fix nickname validation and properly allow email auth
This commit is contained in:
parent
071b769997
commit
03f6029ce5
@ -1,10 +1,17 @@
|
|||||||
security:
|
security:
|
||||||
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
|
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
|
||||||
providers:
|
providers:
|
||||||
users:
|
local_user:
|
||||||
|
chain:
|
||||||
|
providers: [local_user_by_nickname, local_user_by_email]
|
||||||
|
local_user_by_nickname:
|
||||||
entity:
|
entity:
|
||||||
class: 'App\Entity\LocalUser'
|
class: 'App\Entity\LocalUser'
|
||||||
property: 'nickname'
|
property: 'nickname'
|
||||||
|
local_user_by_email:
|
||||||
|
entity:
|
||||||
|
class: 'App\Entity\LocalUser'
|
||||||
|
property: 'email'
|
||||||
firewalls:
|
firewalls:
|
||||||
dev:
|
dev:
|
||||||
pattern: ^/(_(profiler|wdt)|css|images|js)/
|
pattern: ^/(_(profiler|wdt)|css|images|js)/
|
||||||
@ -12,12 +19,12 @@ security:
|
|||||||
main:
|
main:
|
||||||
anonymous: true
|
anonymous: true
|
||||||
lazy: true
|
lazy: true
|
||||||
provider: users
|
provider: local_user
|
||||||
guard:
|
guard:
|
||||||
authenticators:
|
authenticators:
|
||||||
- App\Security\Authenticator
|
- App\Security\Authenticator
|
||||||
logout:
|
logout:
|
||||||
path: logout
|
path: security_logout
|
||||||
# where to redirect after logout
|
# where to redirect after logout
|
||||||
target: main_all
|
target: main_all
|
||||||
|
|
||||||
|
@ -149,7 +149,7 @@ parameters:
|
|||||||
image: "/theme/licenses/cc_by_4.0.png"
|
image: "/theme/licenses/cc_by_4.0.png"
|
||||||
|
|
||||||
nickname:
|
nickname:
|
||||||
reserved:
|
blacklisted:
|
||||||
- doc
|
- doc
|
||||||
- main
|
- main
|
||||||
- avatar
|
- avatar
|
||||||
@ -157,7 +157,6 @@ parameters:
|
|||||||
- settings
|
- settings
|
||||||
- admin
|
- admin
|
||||||
featured: []
|
featured: []
|
||||||
min_length: 4
|
|
||||||
|
|
||||||
password:
|
password:
|
||||||
min_length: 6
|
min_length: 6
|
||||||
|
@ -5,6 +5,8 @@ namespace App\Controller;
|
|||||||
use App\Core\Controller;
|
use App\Core\Controller;
|
||||||
use App\Core\DB\DB;
|
use App\Core\DB\DB;
|
||||||
use App\Core\Form;
|
use App\Core\Form;
|
||||||
|
use App\Util\Exception\NicknameInvalidException;
|
||||||
|
use LogicException;
|
||||||
use function App\Core\I18n\_m;
|
use function App\Core\I18n\_m;
|
||||||
use App\Core\Log;
|
use App\Core\Log;
|
||||||
use App\Core\VisibilityScope;
|
use App\Core\VisibilityScope;
|
||||||
@ -18,11 +20,9 @@ use App\Util\Common;
|
|||||||
use App\Util\Exception\DuplicateFoundException;
|
use App\Util\Exception\DuplicateFoundException;
|
||||||
use App\Util\Exception\EmailTakenException;
|
use App\Util\Exception\EmailTakenException;
|
||||||
use App\Util\Exception\NicknameEmptyException;
|
use App\Util\Exception\NicknameEmptyException;
|
||||||
use App\Util\Exception\NicknameReservedException;
|
use App\Util\Exception\NicknameNotAllowedException;
|
||||||
use App\Util\Exception\NicknameTakenException;
|
use App\Util\Exception\NicknameTakenException;
|
||||||
use App\Util\Exception\NicknameTooLongException;
|
use App\Util\Exception\NicknameTooLongException;
|
||||||
use App\Util\Exception\NicknameTooShortException;
|
|
||||||
use App\Util\Exception\NotImplementedException;
|
|
||||||
use App\Util\Exception\ServerException;
|
use App\Util\Exception\ServerException;
|
||||||
use App\Util\Form\FormFields;
|
use App\Util\Form\FormFields;
|
||||||
use App\Util\Nickname;
|
use App\Util\Nickname;
|
||||||
@ -57,7 +57,7 @@ class Security extends Controller
|
|||||||
'_template' => 'security/login.html.twig',
|
'_template' => 'security/login.html.twig',
|
||||||
'last_login_id' => $last_login_id,
|
'last_login_id' => $last_login_id,
|
||||||
'error' => $error,
|
'error' => $error,
|
||||||
'notes_fn' => fn () => Note::getAllNotes(VisibilityScope::$instance_scope),
|
'notes_fn' => fn () => Note::getAllNotes(VisibilityScope::$instance_scope),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -66,7 +66,7 @@ class Security extends Controller
|
|||||||
*/
|
*/
|
||||||
public function logout()
|
public function logout()
|
||||||
{
|
{
|
||||||
throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
|
throw new LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -74,25 +74,24 @@ class Security extends Controller
|
|||||||
* Register a user, making sure the nickname is not reserved and
|
* Register a user, making sure the nickname is not reserved and
|
||||||
* possibly sending a confirmation email
|
* possibly sending a confirmation email
|
||||||
*
|
*
|
||||||
* @param Request $request
|
* @param Request $request
|
||||||
* @param GuardAuthenticatorHandler $guard_handler
|
* @param GuardAuthenticatorHandler $guard_handler
|
||||||
* @param Authenticator $authenticator
|
* @param Authenticator $authenticator
|
||||||
*
|
*
|
||||||
|
* @return null|array|Response
|
||||||
* @throws EmailTakenException
|
* @throws EmailTakenException
|
||||||
* @throws NicknameTakenException
|
* @throws NicknameTakenException
|
||||||
* @throws ServerException
|
* @throws ServerException
|
||||||
* @throws DuplicateFoundException
|
* @throws DuplicateFoundException
|
||||||
* @throws NicknameEmptyException
|
* @throws NicknameEmptyException
|
||||||
* @throws NicknameReservedException
|
* @throws NicknameNotAllowedException
|
||||||
* @throws NicknameTooLongException
|
* @throws NicknameTooLongException
|
||||||
* @throws NicknameTooShortException
|
* @throws NicknameInvalidException
|
||||||
* @throws NotImplementedException
|
|
||||||
*
|
*
|
||||||
* @return null|array|Response
|
|
||||||
*/
|
*/
|
||||||
public function register(Request $request,
|
public function register(Request $request,
|
||||||
GuardAuthenticatorHandler $guard_handler,
|
GuardAuthenticatorHandler $guard_handler,
|
||||||
Authenticator $authenticator)
|
Authenticator $authenticator)
|
||||||
{
|
{
|
||||||
$form = Form::create([
|
$form = Form::create([
|
||||||
['nickname', TextType::class, [
|
['nickname', TextType::class, [
|
||||||
@ -101,8 +100,8 @@ class Security extends Controller
|
|||||||
'constraints' => [
|
'constraints' => [
|
||||||
new NotBlank(['message' => _m('Please enter a nickname')]),
|
new NotBlank(['message' => _m('Please enter a nickname')]),
|
||||||
new Length([
|
new Length([
|
||||||
'min' => Common::config('nickname', 'min_length'),
|
'min' => 1,
|
||||||
'minMessage' => _m(['Your nickname must be at least # characters long'], ['count' => Common::config('nickname', 'min_length')]),
|
'minMessage' => _m(['Your nickname must be at least # characters long'], ['count' => 1]),
|
||||||
'max' => Nickname::MAX_LEN,
|
'max' => Nickname::MAX_LEN,
|
||||||
'maxMessage' => _m(['Your nickname must be at most # characters long'], ['count' => Nickname::MAX_LEN]), ]),
|
'maxMessage' => _m(['Your nickname must be at most # characters long'], ['count' => Nickname::MAX_LEN]), ]),
|
||||||
],
|
],
|
||||||
@ -128,29 +127,16 @@ class Security extends Controller
|
|||||||
$data = $form->getData();
|
$data = $form->getData();
|
||||||
$data['password'] = $form->get('password')->getData();
|
$data['password'] = $form->get('password')->getData();
|
||||||
|
|
||||||
// This will throw the appropriate errors, result ignored
|
// TODO: ensure there's no user with this email registered already
|
||||||
$user = LocalUser::findByNicknameOrEmail($data['nickname'], $data['email']);
|
|
||||||
if ($user !== null) {
|
|
||||||
|
|
||||||
// If we do find something, there's a duplicate
|
// Already used is checked below
|
||||||
if ($user->getNickname() === $data['nickname']) {
|
$sanitized_nickname = Nickname::normalize($data['nickname'], check_already_used: false);
|
||||||
// Register page feedback on nickname already in use
|
|
||||||
$this->addFlash('verify_nickname_error', _m('Nickname is already in use on this server.'));
|
|
||||||
throw new NicknameTakenException;
|
|
||||||
} else {
|
|
||||||
// Register page feedback on email already in use
|
|
||||||
$this->addFlash('verify_email_error', _m('Email is already taken.'));
|
|
||||||
throw new EmailTakenException;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$valid_nickname = Nickname::validate($data['nickname'], check_already_used: false);
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// This already checks if the nickname is being used
|
// This already checks if the nickname is being used
|
||||||
$actor = Actor::create(['nickname' => $valid_nickname]);
|
$actor = Actor::create(['nickname' => $sanitized_nickname]);
|
||||||
$user = LocalUser::create([
|
$user = LocalUser::create([
|
||||||
'nickname' => $valid_nickname,
|
'nickname' => $sanitized_nickname,
|
||||||
'outgoing_email' => $data['email'],
|
'outgoing_email' => $data['email'],
|
||||||
'incoming_email' => $data['email'],
|
'incoming_email' => $data['email'],
|
||||||
'password' => LocalUser::hashPassword($data['password']),
|
'password' => LocalUser::hashPassword($data['password']),
|
||||||
@ -166,7 +152,7 @@ class Security extends Controller
|
|||||||
} catch (UniqueConstraintViolationException $e) {
|
} catch (UniqueConstraintViolationException $e) {
|
||||||
// _something_ was duplicated, but since we already check if nickname is in use, we can't tell what went wrong
|
// _something_ was duplicated, but since we already check if nickname is in use, we can't tell what went wrong
|
||||||
$e = 'An error occurred while trying to register';
|
$e = 'An error occurred while trying to register';
|
||||||
Log::critical($e . " with nickname: '{$valid_nickname}' and email '{$data['email']}'");
|
Log::critical($e . " with nickname: '{$sanitized_nickname}' and email '{$data['email']}'");
|
||||||
throw new ServerException(_m($e));
|
throw new ServerException(_m($e));
|
||||||
}
|
}
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
|
@ -308,9 +308,9 @@ class LocalUser extends Entity implements UserInterface
|
|||||||
*
|
*
|
||||||
* @return self Returns self if nickname or email found
|
* @return self Returns self if nickname or email found
|
||||||
*/
|
*/
|
||||||
public static function findByNicknameOrEmail(string $nickname, string $email): ?self
|
public static function getByEmail(string $email): ?self
|
||||||
{
|
{
|
||||||
$users = DB::findBy('local_user', ['or' => ['nickname' => $nickname, 'outgoing_email' => $email, 'incoming_email' => $email]]);
|
$users = DB::findBy('local_user', ['or' => ['outgoing_email' => $email, 'incoming_email' => $email]]);
|
||||||
switch (count($users)) {
|
switch (count($users)) {
|
||||||
case 0:
|
case 0:
|
||||||
return null;
|
return null;
|
||||||
|
@ -45,12 +45,12 @@ abstract class Main
|
|||||||
|
|
||||||
public static function load(RouteLoader $r): void
|
public static function load(RouteLoader $r): void
|
||||||
{
|
{
|
||||||
$r->connect('login', '/login', [C\Security::class, 'login']);
|
$r->connect('security_login', '/main/login', [C\Security::class, 'login']);
|
||||||
$r->connect('logout', '/logout', [C\Security::class, 'logout']);
|
$r->connect('security_logout', '/main/logout', [C\Security::class, 'logout']);
|
||||||
$r->connect('register', '/register', [C\Security::class, 'register']);
|
$r->connect('security_register', '/main/register', [C\Security::class, 'register']);
|
||||||
$r->connect('check_email', '/check-email', [C\ResetPassword::class, 'checkEmail']);
|
$r->connect('security_check_email', '/main/check-email', [C\ResetPassword::class, 'checkEmail']);
|
||||||
$r->connect('request_reset_password', '/request-reset-password', [C\ResetPassword::class, 'requestPasswordReset']);
|
$r->connect('security_recover_password', '/main/recover-password', [C\ResetPassword::class, 'requestPasswordReset']);
|
||||||
$r->connect('reset_password', '/reset/{token?}', [C\ResetPassword::class, 'reset']);
|
$r->connect('security_recover_password_token', '/main/recover-password/{token?}', [C\ResetPassword::class, 'reset']);
|
||||||
|
|
||||||
$r->connect('root', '/', RedirectController::class, ['defaults' => ['route' => 'main_all']]);
|
$r->connect('root', '/', RedirectController::class, ['defaults' => ['route' => 'main_all']]);
|
||||||
$r->connect('main_public', '/main/public', [C\Network::class, 'public']);
|
$r->connect('main_public', '/main/public', [C\Network::class, 'public']);
|
||||||
|
@ -20,6 +20,8 @@
|
|||||||
namespace App\Security;
|
namespace App\Security;
|
||||||
|
|
||||||
use App\Core\DB\DB;
|
use App\Core\DB\DB;
|
||||||
|
use App\Util\Exception\NoSuchActorException;
|
||||||
|
use App\Util\Exception\NotFoundException;
|
||||||
use function App\Core\I18n\_m;
|
use function App\Core\I18n\_m;
|
||||||
use App\Entity\LocalUser;
|
use App\Entity\LocalUser;
|
||||||
use App\Entity\User;
|
use App\Entity\User;
|
||||||
@ -52,7 +54,7 @@ class Authenticator extends AbstractFormLoginAuthenticator
|
|||||||
{
|
{
|
||||||
use TargetPathTrait;
|
use TargetPathTrait;
|
||||||
|
|
||||||
public const LOGIN_ROUTE = 'login';
|
public const LOGIN_ROUTE = 'security_login';
|
||||||
|
|
||||||
private $urlGenerator;
|
private $urlGenerator;
|
||||||
private $csrfTokenManager;
|
private $csrfTokenManager;
|
||||||
@ -70,17 +72,11 @@ class Authenticator extends AbstractFormLoginAuthenticator
|
|||||||
|
|
||||||
public function getCredentials(Request $request)
|
public function getCredentials(Request $request)
|
||||||
{
|
{
|
||||||
$credentials = [
|
return [
|
||||||
'nickname' => $request->request->get('nickname'),
|
'nickname_or_email' => $request->request->get('nickname_or_email'),
|
||||||
'password' => $request->request->get('password'),
|
'password' => $request->request->get('password'),
|
||||||
'csrf_token' => $request->request->get('_csrf_token'),
|
'csrf_token' => $request->request->get('_csrf_token'),
|
||||||
];
|
];
|
||||||
$request->getSession()->set(
|
|
||||||
Security::LAST_USERNAME,
|
|
||||||
$credentials['nickname']
|
|
||||||
);
|
|
||||||
|
|
||||||
return $credentials;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getUser($credentials, UserProviderInterface $userProvider)
|
public function getUser($credentials, UserProviderInterface $userProvider)
|
||||||
@ -90,12 +86,17 @@ class Authenticator extends AbstractFormLoginAuthenticator
|
|||||||
throw new InvalidCsrfTokenException();
|
throw new InvalidCsrfTokenException();
|
||||||
}
|
}
|
||||||
|
|
||||||
// $nick = Nickname::normalize($credentials['nickname']);
|
|
||||||
$nick = $credentials['nickname'];
|
|
||||||
$user = null;
|
|
||||||
try {
|
try {
|
||||||
$user = DB::findOneBy('local_user', ['or' => ['nickname' => $nick, 'outgoing_email' => $nick]]);
|
if (filter_var($credentials['nickname_or_email'], FILTER_VALIDATE_EMAIL) !== false) {
|
||||||
} catch (Exception $e) {
|
$user = LocalUser::getByEmail($credentials['nickname_or_email']);
|
||||||
|
} else {
|
||||||
|
$user = LocalUser::getWithPK(['nickname' => Nickname::normalize($credentials['nickname_or_email'], check_already_used: false)]);
|
||||||
|
}
|
||||||
|
if ($user === null) {
|
||||||
|
throw new NoSuchActorException('No such local user.');
|
||||||
|
}
|
||||||
|
$credentials['nickname'] = $user->getNickname();
|
||||||
|
} catch (Exception) {
|
||||||
throw new CustomUserMessageAuthenticationException(
|
throw new CustomUserMessageAuthenticationException(
|
||||||
_m('Invalid login credentials.'));
|
_m('Invalid login credentials.'));
|
||||||
}
|
}
|
||||||
@ -118,6 +119,10 @@ class Authenticator extends AbstractFormLoginAuthenticator
|
|||||||
|
|
||||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
|
||||||
{
|
{
|
||||||
|
$request->getSession()->set(
|
||||||
|
Security::LAST_USERNAME,
|
||||||
|
$token->getUser()->getNickname()
|
||||||
|
);
|
||||||
if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) {
|
if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) {
|
||||||
return new RedirectResponse($targetPath);
|
return new RedirectResponse($targetPath);
|
||||||
}
|
}
|
||||||
|
@ -41,11 +41,11 @@ namespace App\Util\Exception;
|
|||||||
|
|
||||||
use function App\Core\I18n\_m;
|
use function App\Core\I18n\_m;
|
||||||
|
|
||||||
class NicknameReservedException extends NicknameException
|
class NicknameNotAllowedException extends NicknameException
|
||||||
{
|
{
|
||||||
protected function defaultMessage(): string
|
protected function defaultMessage(): string
|
||||||
{
|
{
|
||||||
// TRANS: Validation error in form for registration, profile and group settings, etc.
|
// TRANS: Validation error in form for registration, profile and group settings, etc.
|
||||||
return _m('Nickname is reserved.');
|
return _m('This nickname is not allowed.');
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,54 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
// {{{ License
|
|
||||||
|
|
||||||
// This file is part of GNU social - https://www.gnu.org/software/social
|
|
||||||
//
|
|
||||||
// GNU social is free software: you can redistribute it and/or modify
|
|
||||||
// it under the terms of the GNU Affero General Public License as published by
|
|
||||||
// the Free Software Foundation, either version 3 of the License, or
|
|
||||||
// (at your option) any later version.
|
|
||||||
//
|
|
||||||
// GNU social is distributed in the hope that it will be useful,
|
|
||||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
// GNU Affero General Public License for more details.
|
|
||||||
//
|
|
||||||
// You should have received a copy of the GNU Affero General Public License
|
|
||||||
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
// }}}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Nickname too long exception
|
|
||||||
*
|
|
||||||
* @category Exception
|
|
||||||
* @package GNUsocial
|
|
||||||
*
|
|
||||||
* @author Zach Copley <zach@status.net>
|
|
||||||
* @copyright 2010 StatusNet Inc.
|
|
||||||
* @author Brion Vibber <brion@pobox.com>
|
|
||||||
* @author Mikael Nordfeldth <mmn@hethane.se>
|
|
||||||
* @author Nym Coy <nymcoy@gmail.com>
|
|
||||||
* @copyright 2009-2014 Free Software Foundation, Inc http://www.fsf.org
|
|
||||||
* @auuthor Daniel Supernault <danielsupernault@gmail.com>
|
|
||||||
* @auuthor Diogo Cordeiro <diogo@fc.up.pt>
|
|
||||||
*
|
|
||||||
* @author Hugo Sales <hugo@hsal.es>
|
|
||||||
* @copyright 2018-2021 Free Software Foundation, Inc http://www.fsf.org
|
|
||||||
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
|
|
||||||
*/
|
|
||||||
|
|
||||||
namespace App\Util\Exception;
|
|
||||||
|
|
||||||
use function App\Core\I18n\_m;
|
|
||||||
use App\Util\Common;
|
|
||||||
|
|
||||||
class NicknameTooShortException extends NicknameInvalidException
|
|
||||||
{
|
|
||||||
protected function defaultMessage(): string
|
|
||||||
{
|
|
||||||
// TRANS: Validation error in form for registration, profile and group settings, etc.
|
|
||||||
return _m(['Nickname cannot be less than # character long.'], ['count' => Common::config('nickname', 'min_length')]);
|
|
||||||
}
|
|
||||||
}
|
|
30
src/Util/Exception/NoSuchActorException.php
Normal file
30
src/Util/Exception/NoSuchActorException.php
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
// {{{ License
|
||||||
|
|
||||||
|
// This file is part of GNU social - https://www.gnu.org/software/social
|
||||||
|
//
|
||||||
|
// GNU social is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public License as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// GNU social is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public License
|
||||||
|
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
// }}}
|
||||||
|
|
||||||
|
namespace App\Util\Exception;
|
||||||
|
|
||||||
|
class NoSuchActorException extends ClientException
|
||||||
|
{
|
||||||
|
public function __construct(string $m)
|
||||||
|
{
|
||||||
|
parent::__construct($m);
|
||||||
|
}
|
||||||
|
}
|
@ -25,13 +25,13 @@ use App\Entity\LocalUser;
|
|||||||
use App\Util\Exception\NicknameEmptyException;
|
use App\Util\Exception\NicknameEmptyException;
|
||||||
use App\Util\Exception\NicknameException;
|
use App\Util\Exception\NicknameException;
|
||||||
use App\Util\Exception\NicknameInvalidException;
|
use App\Util\Exception\NicknameInvalidException;
|
||||||
use App\Util\Exception\NicknameReservedException;
|
use App\Util\Exception\NicknameNotAllowedException;
|
||||||
use App\Util\Exception\NicknameTakenException;
|
use App\Util\Exception\NicknameTakenException;
|
||||||
use App\Util\Exception\NicknameTooLongException;
|
use App\Util\Exception\NicknameTooLongException;
|
||||||
use App\Util\Exception\NicknameTooShortException;
|
use App\Util\Exception\NicknameTooShortException;
|
||||||
use App\Util\Exception\NotImplementedException;
|
use App\Util\Exception\NotImplementedException;
|
||||||
use Functional as F;
|
use Functional as F;
|
||||||
use Normalizer;
|
use InvalidArgumentException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Nickname validation
|
* Nickname validation
|
||||||
@ -45,9 +45,8 @@ use Normalizer;
|
|||||||
* @author Mikael Nordfeldth <mmn@hethane.se>
|
* @author Mikael Nordfeldth <mmn@hethane.se>
|
||||||
* @author Nym Coy <nymcoy@gmail.com>
|
* @author Nym Coy <nymcoy@gmail.com>
|
||||||
* @copyright 2009-2014 Free Software Foundation, Inc http://www.fsf.org
|
* @copyright 2009-2014 Free Software Foundation, Inc http://www.fsf.org
|
||||||
* @auuthor Daniel Supernault <danielsupernault@gmail.com>
|
* @author Daniel Supernault <danielsupernault@gmail.com>
|
||||||
* @auuthor Diogo Cordeiro <diogo@fc.up.pt>
|
* @author Diogo Cordeiro <mail@diogo.site>
|
||||||
*
|
|
||||||
* @author Hugo Sales <hugo@hsal.es>
|
* @author Hugo Sales <hugo@hsal.es>
|
||||||
* @copyright 2018-2021 Free Software Foundation, Inc http://www.fsf.org
|
* @copyright 2018-2021 Free Software Foundation, Inc http://www.fsf.org
|
||||||
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
|
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
|
||||||
@ -91,6 +90,11 @@ class Nickname
|
|||||||
*/
|
*/
|
||||||
const WEBFINGER_FMT = '(?:\w+[\w\-\_\.]*)?\w+\@' . URL_REGEX_DOMAIN_NAME;
|
const WEBFINGER_FMT = '(?:\w+[\w\-\_\.]*)?\w+\@' . URL_REGEX_DOMAIN_NAME;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Maximum number of characters in a canonical-form nickname. Changes must validate regexs
|
||||||
|
*/
|
||||||
|
const MAX_LEN = 64;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Regex fragment for checking a canonical nickname.
|
* Regex fragment for checking a canonical nickname.
|
||||||
*
|
*
|
||||||
@ -104,12 +108,7 @@ class Nickname
|
|||||||
*
|
*
|
||||||
* This, INPUT_FMT and DISPLAY_FMT should not be enclosed in []s.
|
* This, INPUT_FMT and DISPLAY_FMT should not be enclosed in []s.
|
||||||
*/
|
*/
|
||||||
const CANONICAL_FMT = '[0-9a-z]{1,64}';
|
const CANONICAL_FMT = '[0-9a-z]{1,' . self::MAX_LEN . '}';
|
||||||
|
|
||||||
/**
|
|
||||||
* Maximum number of characters in a canonical-form nickname. Changes must validate regexs
|
|
||||||
*/
|
|
||||||
const MAX_LEN = 64;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Regex with non-capturing group that matches whitespace and some
|
* Regex with non-capturing group that matches whitespace and some
|
||||||
@ -121,72 +120,78 @@ class Nickname
|
|||||||
*/
|
*/
|
||||||
const BEFORE_MENTIONS = '(?:^|[\s\.\,\:\;\[\(]+)';
|
const BEFORE_MENTIONS = '(?:^|[\s\.\,\:\;\[\(]+)';
|
||||||
|
|
||||||
const CHECK_LOCAL_USER = 1;
|
const CHECK_LOCAL_USER = 1;
|
||||||
const CHECK_LOCAL_GROUP = 2;
|
const CHECK_LOCAL_GROUP = 2;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if a nickname is valid or throw exceptions if it's not.
|
* Check if a nickname is valid or throw exceptions if it's not.
|
||||||
* Can optionally check if the nickname is currently in use
|
* Can optionally check if the nickname is currently in use
|
||||||
|
* @param string $nickname
|
||||||
|
* @param bool $check_already_used
|
||||||
|
* @param int $which
|
||||||
|
* @param bool $check_is_allowed
|
||||||
|
* @return bool
|
||||||
|
* @throws NicknameEmptyException
|
||||||
|
* @throws NicknameNotAllowedException
|
||||||
|
* @throws NicknameTakenException
|
||||||
|
* @throws NicknameTooLongException
|
||||||
*/
|
*/
|
||||||
public static function validate(string $nickname, bool $check_already_used = false, int $which = self::CHECK_LOCAL_USER)
|
public static function validate(string $nickname, bool $check_already_used = false, int $which = self::CHECK_LOCAL_USER, bool $check_is_allowed = true): bool
|
||||||
{
|
{
|
||||||
$nickname = trim($nickname);
|
$length = mb_strlen($nickname);
|
||||||
$length = mb_strlen($nickname);
|
|
||||||
|
|
||||||
if ($length < 1) {
|
if ($length < 1) {
|
||||||
throw new NicknameEmptyException();
|
throw new NicknameEmptyException();
|
||||||
} elseif ($length < Common::config('nickname', 'min_length')) {
|
|
||||||
// dd($nickname, $length, Common::config('nickname', 'min_length'));
|
|
||||||
throw new NicknameTooShortException();
|
|
||||||
} else {
|
} else {
|
||||||
if ($length > self::MAX_LEN) {
|
if ($length > self::MAX_LEN) {
|
||||||
throw new NicknameTooLongException();
|
throw new NicknameTooLongException();
|
||||||
} elseif (self::isReserved($nickname) || Common::isSystemPath($nickname)) {
|
} elseif ($check_is_allowed && self::isBlacklisted($nickname)) {
|
||||||
throw new NicknameReservedException();
|
throw new NicknameNotAllowedException();
|
||||||
} elseif ($check_already_used) {
|
} elseif ($check_already_used) {
|
||||||
switch ($which) {
|
switch ($which) {
|
||||||
case self::CHECK_LOCAL_USER:
|
case self::CHECK_LOCAL_USER:
|
||||||
$lu = LocalUser::findByNicknameOrEmail($nickname, email: '');
|
$lu = LocalUser::getWithPK(['nickname' => $nickname]);
|
||||||
if ($lu !== null) {
|
if ($lu !== null) {
|
||||||
throw new NicknameTakenException($lu->getActor());
|
throw new NicknameTakenException($lu->getActor());
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
case self::CHECK_LOCAL_GROUP:
|
case self::CHECK_LOCAL_GROUP:
|
||||||
throw new NotImplementedException();
|
throw new NotImplementedException();
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
throw new \InvalidArgumentException();
|
throw new InvalidArgumentException();
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $nickname;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Normalize an input $nickname, and normalize it to its canonical form.
|
* Normalize input $nickname to its canonical form and validates it.
|
||||||
* The canonical form will be returned, or an exception thrown if invalid.
|
* The canonical form will be returned, or an exception thrown if invalid.
|
||||||
*
|
*
|
||||||
* @throws NicknameException (base class)
|
* @param string $nickname
|
||||||
|
* @param bool $check_already_used
|
||||||
|
* @param bool $check_is_allowed
|
||||||
|
* @return string
|
||||||
* @throws NicknameEmptyException
|
* @throws NicknameEmptyException
|
||||||
* @throws NicknameInvalidException
|
* @throws NicknameInvalidException
|
||||||
|
* @throws NicknameNotAllowedException
|
||||||
* @throws NicknameTakenException
|
* @throws NicknameTakenException
|
||||||
* @throws NicknameTooLongException
|
* @throws NicknameTooLongException
|
||||||
* @throws NicknameTooShortException
|
|
||||||
*/
|
*/
|
||||||
public static function normalize(string $nickname, bool $check_already_used = true, bool $checking_reserved = false): string
|
public static function normalize(string $nickname, bool $check_already_used = true, bool $check_is_allowed = true): string
|
||||||
{
|
{
|
||||||
if (!$checking_reserved) {
|
|
||||||
$nickname = self::validate($nickname, $check_already_used);
|
|
||||||
}
|
|
||||||
|
|
||||||
$nickname = trim($nickname);
|
$nickname = trim($nickname);
|
||||||
$nickname = str_replace('_', '', $nickname);
|
$nickname = str_replace('_', '', $nickname);
|
||||||
$nickname = mb_strtolower($nickname);
|
$nickname = mb_strtolower($nickname);
|
||||||
$nickname = Normalizer::normalize($nickname, Normalizer::FORM_C);
|
// We could do UTF-8 normalization (å to a, etc.) with something like Normalizer::normalize($nickname, Normalizer::FORM_C)
|
||||||
if (!self::isCanonical($nickname) && !filter_var($nickname, FILTER_VALIDATE_EMAIL)) {
|
// We won't as it could confuse tremendously the user, he must know what is valid and should fix his own input
|
||||||
|
|
||||||
|
if (!self::validate($nickname, $check_already_used, $check_is_allowed) || !self::isCanonical($nickname)) {
|
||||||
throw new NicknameInvalidException();
|
throw new NicknameInvalidException();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -201,11 +206,11 @@ class Nickname
|
|||||||
*
|
*
|
||||||
* @return bool True if nickname is valid. False if invalid (or taken if $check_already_used == true).
|
* @return bool True if nickname is valid. False if invalid (or taken if $check_already_used == true).
|
||||||
*/
|
*/
|
||||||
public static function isValid(string $nickname, bool $check_already_used = true): bool
|
public static function isValid(string $nickname, bool $check_already_used = true, bool $check_is_allowed = true): bool
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
self::normalize($nickname, $check_already_used);
|
self::normalize($nickname, $check_already_used, $check_is_allowed);
|
||||||
} catch (NicknameException $e) {
|
} catch (NicknameException) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -214,6 +219,8 @@ class Nickname
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Is the given string a valid canonical nickname form?
|
* Is the given string a valid canonical nickname form?
|
||||||
|
* @param string $nickname
|
||||||
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public static function isCanonical(string $nickname): bool
|
public static function isCanonical(string $nickname): bool
|
||||||
{
|
{
|
||||||
@ -222,15 +229,22 @@ class Nickname
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Is the given string in our nickname blacklist?
|
* Is the given string in our nickname blacklist?
|
||||||
|
* @param string $nickname
|
||||||
|
* @return bool
|
||||||
|
* @throws NicknameEmptyException
|
||||||
|
* @throws NicknameInvalidException
|
||||||
|
* @throws NicknameNotAllowedException
|
||||||
|
* @throws NicknameTakenException
|
||||||
|
* @throws NicknameTooLongException
|
||||||
*/
|
*/
|
||||||
public static function isReserved(string $nickname): bool
|
public static function isBlacklisted(string $nickname): bool
|
||||||
{
|
{
|
||||||
$reserved = Common::config('nickname', 'reserved');
|
$reserved = Common::config('nickname', 'blacklist');
|
||||||
if (empty($reserved)) {
|
if (empty($reserved)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return in_array($nickname, array_merge($reserved, F\map($reserved, function ($n) {
|
return in_array($nickname, array_merge($reserved, F\map($reserved, function ($n) {
|
||||||
return self::normalize($n, check_already_used: false, checking_reserved: true);
|
return self::normalize($n, check_already_used: false, check_is_allowed: true);
|
||||||
})));
|
})));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -89,7 +89,7 @@
|
|||||||
Settings
|
Settings
|
||||||
</a>
|
</a>
|
||||||
|
|
||||||
<a title='{{ 'Logout from your account.' | trans }}' href='{{ path('logout') }}'>
|
<a title='{{ 'Logout from your account.' | trans }}' href='{{ path('security_logout') }}'>
|
||||||
Logout
|
Logout
|
||||||
</a>
|
</a>
|
||||||
</nav>
|
</nav>
|
||||||
@ -100,11 +100,11 @@
|
|||||||
<h2 class="section-title">Account</h2>
|
<h2 class="section-title">Account</h2>
|
||||||
<nav tabindex="0" class="profile-navigation" title="{{ 'Navigate through account related pages.' | trans }}">
|
<nav tabindex="0" class="profile-navigation" title="{{ 'Navigate through account related pages.' | trans }}">
|
||||||
|
|
||||||
<a title='{{ 'Login with your existing account.' | trans }}' href="{{ path('login') }}" class='hover-effect {{ active('login') }}'>
|
<a title='{{ 'Login with your existing account.' | trans }}' href="{{ path('security_login') }}" class='hover-effect {{ active('login') }}'>
|
||||||
Login
|
Login
|
||||||
</a>
|
</a>
|
||||||
|
|
||||||
<a title='{{ 'Register a new account!' | trans }}' href="{{ path('register') }}">
|
<a title='{{ 'Register a new account!' | trans }}' href="{{ path('security_register') }}">
|
||||||
Register
|
Register
|
||||||
</a>
|
</a>
|
||||||
|
|
||||||
|
@ -37,11 +37,11 @@
|
|||||||
|
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|
||||||
{# TODO: Login can be done with email, so the id's and stuff should reflect that, along with using the translation facilities #}
|
{# TODO: Login can be done with email, so the element id's should reflect that #}
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label class="section-form-label" for="inputNickname">{{ "Nickname or Email" | trans }}</label>
|
<label class="section-form-label" for="inputNickname">{{ "Nickname or Email" | trans }}</label>
|
||||||
<input type="text" value="{{ last_login_id }}" name="nickname" id="inputNickname" class="form-control" required autofocus>
|
<input type="text" value="{{ last_login_id }}" name="nickname_or_email" id="inputNickname" class="form-control" required autofocus>
|
||||||
<p class="help-text">{{ "Your nickname." | trans }}</p>
|
<p class="help-text">{{ "Your nickname or email address." | trans }}</p>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label class="section-form-label" for="inputPassword">{{ "Password" | trans }}</label>
|
<label class="section-form-label" for="inputPassword">{{ "Password" | trans }}</label>
|
||||||
|
@ -22,7 +22,7 @@ namespace App\Tests\Util;
|
|||||||
use App\Util\Common;
|
use App\Util\Common;
|
||||||
use App\Util\Exception\NicknameEmptyException;
|
use App\Util\Exception\NicknameEmptyException;
|
||||||
use App\Util\Exception\NicknameInvalidException;
|
use App\Util\Exception\NicknameInvalidException;
|
||||||
use App\Util\Exception\NicknameReservedException;
|
use App\Util\Exception\NicknameNotAllowedException;
|
||||||
use App\Util\Exception\NicknameTakenException;
|
use App\Util\Exception\NicknameTakenException;
|
||||||
use App\Util\Exception\NicknameTooLongException;
|
use App\Util\Exception\NicknameTooLongException;
|
||||||
use App\Util\Exception\NicknameTooShortException;
|
use App\Util\Exception\NicknameTooShortException;
|
||||||
@ -53,7 +53,7 @@ class NicknameTest extends GNUsocialTestCase
|
|||||||
static::assertThrows(NicknameTooShortException::class, fn () => Nickname::normalize('foo', check_already_used: false));
|
static::assertThrows(NicknameTooShortException::class, fn () => Nickname::normalize('foo', check_already_used: false));
|
||||||
static::assertThrows(NicknameEmptyException::class, fn () => Nickname::normalize('', check_already_used: false));
|
static::assertThrows(NicknameEmptyException::class, fn () => Nickname::normalize('', check_already_used: false));
|
||||||
// static::assertThrows(NicknameInvalidException::class, fn () => Nickname::normalize('FóóBár', check_already_used: false));
|
// static::assertThrows(NicknameInvalidException::class, fn () => Nickname::normalize('FóóBár', check_already_used: false));
|
||||||
static::assertThrows(NicknameReservedException::class, fn () => Nickname::normalize('this_nickname_is_reserved', check_already_used: false));
|
static::assertThrows(NicknameNotAllowedException::class, fn () => Nickname::normalize('this_nickname_is_reserved', check_already_used: false));
|
||||||
|
|
||||||
static::bootKernel();
|
static::bootKernel();
|
||||||
static::assertSame('foobar', Nickname::normalize('foobar', check_already_used: true));
|
static::assertSame('foobar', Nickname::normalize('foobar', check_already_used: true));
|
||||||
@ -79,13 +79,13 @@ class NicknameTest extends GNUsocialTestCase
|
|||||||
static::assertTrue($cb instanceof ContainerBagInterface);
|
static::assertTrue($cb instanceof ContainerBagInterface);
|
||||||
$cb->method('get')->willReturnMap([['gnusocial', $conf], ['gnusocial_defaults', $conf]]);
|
$cb->method('get')->willReturnMap([['gnusocial', $conf], ['gnusocial_defaults', $conf]]);
|
||||||
Common::setupConfig($cb);
|
Common::setupConfig($cb);
|
||||||
static::assertTrue(Nickname::isReserved('this_nickname_is_reserved'));
|
static::assertTrue(Nickname::isBlacklisted('this_nickname_is_reserved'));
|
||||||
static::assertFalse(Nickname::isReserved('this_nickname_is_not_reserved'));
|
static::assertFalse(Nickname::isBlacklisted('this_nickname_is_not_reserved'));
|
||||||
|
|
||||||
$conf = ['nickname' => ['min_length' => 4, 'reserved' => []]];
|
$conf = ['nickname' => ['min_length' => 4, 'reserved' => []]];
|
||||||
$cb = $this->createMock(ContainerBagInterface::class);
|
$cb = $this->createMock(ContainerBagInterface::class);
|
||||||
$cb->method('get')->willReturnMap([['gnusocial', $conf], ['gnusocial_defaults', $conf]]);
|
$cb->method('get')->willReturnMap([['gnusocial', $conf], ['gnusocial_defaults', $conf]]);
|
||||||
Common::setupConfig($cb);
|
Common::setupConfig($cb);
|
||||||
static::assertFalse(Nickname::isReserved('this_nickname_is_reserved'));
|
static::assertFalse(Nickname::isBlacklisted('this_nickname_is_reserved'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user