From 44cf1fa24cd14a2ffbf51216245c023234122fb3 Mon Sep 17 00:00:00 2001 From: Diogo Peralta Cordeiro Date: Mon, 18 Oct 2021 16:48:16 +0100 Subject: [PATCH] [UTIL][Nickname] Fix some parameters issues found with strict types --- src/Controller/Security.php | 2 +- src/Security/Authenticator.php | 2 +- src/Util/Nickname.php | 26 +++++++++++++------------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/Controller/Security.php b/src/Controller/Security.php index e91482da7d..13505c1bb3 100644 --- a/src/Controller/Security.php +++ b/src/Controller/Security.php @@ -132,7 +132,7 @@ class Security extends Controller // TODO: ensure there's no user with this email registered already // Already used is checked below - $sanitized_nickname = Nickname::normalize($data['nickname'], check_already_used: false); + $sanitized_nickname = Nickname::normalize($data['nickname'], check_already_used: false, which: Nickname::CHECK_LOCAL_USER, check_is_allowed: false); try { // This already checks if the nickname is being used diff --git a/src/Security/Authenticator.php b/src/Security/Authenticator.php index fa0c074e45..4180435d53 100644 --- a/src/Security/Authenticator.php +++ b/src/Security/Authenticator.php @@ -92,7 +92,7 @@ class Authenticator extends AbstractFormLoginAuthenticator if (filter_var($credentials['nickname_or_email'], FILTER_VALIDATE_EMAIL) !== false) { $user = LocalUser::getByEmail($credentials['nickname_or_email']); } else { - $user = LocalUser::getWithPK(['nickname' => Nickname::normalize($credentials['nickname_or_email'], check_already_used: false)]); + $user = LocalUser::getWithPK(['nickname' => Nickname::normalize($credentials['nickname_or_email'], check_already_used: false, which: Nickname::CHECK_LOCAL_USER, check_is_allowed: false)]); } if ($user === null) { throw new NoSuchActorException('No such local user.'); diff --git a/src/Util/Nickname.php b/src/Util/Nickname.php index ae587534dd..b46b53164c 100644 --- a/src/Util/Nickname.php +++ b/src/Util/Nickname.php @@ -55,6 +55,11 @@ use InvalidArgumentException; */ class Nickname { + /** + * Maximum number of characters in a canonical-form nickname. Changes must validate regexs + */ + const MAX_LEN = 64; + /** * Regex fragment for pulling a formated nickname *OR* ID number. * Suitable for router def of 'id' parameters on API actions. @@ -67,7 +72,7 @@ class Nickname * * @fixme would prefer to define in reference to the other constants */ - public const INPUT_FMT = '(?:[0-9]+|[0-9a-zA-Z_]{1,64})'; + public const INPUT_FMT = '(?:[0-9]+|[0-9a-zA-Z_]{1,' . self::MAX_LEN . '})'; /** * Regex fragment for acceptable user-formatted variant of a nickname. @@ -82,7 +87,7 @@ class Nickname * * This, INPUT_FMT and CANONICAL_FMT should not be enclosed in []s. */ - public const DISPLAY_FMT = '[0-9a-zA-Z_]{1,64}'; + public const DISPLAY_FMT = '[0-9a-zA-Z_]{1,' . self::MAX_LEN . '}'; /** * Simplified regex fragment for acceptable full WebFinger ID of a user @@ -92,11 +97,6 @@ class Nickname */ public const WEBFINGER_FMT = '(?:\w+[\w\-\_\.]*)?\w+\@' . URL_REGEX_DOMAIN_NAME; - /** - * Maximum number of characters in a canonical-form nickname. Changes must validate regexs - */ - const MAX_LEN = 64; - /** * Regex fragment for checking a canonical nickname. * @@ -182,7 +182,7 @@ class Nickname * @throws NicknameTakenException * @throws NicknameTooLongException */ - public static function normalize(string $nickname, bool $check_already_used = true, bool $check_is_allowed = true): string + public static function normalize(string $nickname, bool $check_already_used = false, int $which = self::CHECK_LOCAL_USER, bool $check_is_allowed = true): string { $nickname = trim($nickname); $nickname = str_replace('_', '', $nickname); @@ -190,7 +190,7 @@ class Nickname // We could do UTF-8 normalization (å to a, etc.) with something like Normalizer::normalize($nickname, Normalizer::FORM_C) // We won't as it could confuse tremendously the user, he must know what is valid and should fix his own input - if (!self::validate($nickname, $check_already_used, $check_is_allowed) || !self::isCanonical($nickname)) { + if (!self::validate(nickname: $nickname, check_already_used: $check_already_used, which: $which, check_is_allowed: $check_is_allowed) || !self::isCanonical($nickname)) { throw new NicknameInvalidException(); } @@ -201,14 +201,14 @@ class Nickname * Nice simple check of whether the given string is a valid input nickname, * which can be normalized into an internally canonical form. * - * Note that valid nicknames may be in use or reserved. + * Note that valid nicknames may be in use or blacklisted. * * @return bool True if nickname is valid. False if invalid (or taken if $check_already_used == true). */ - public static function isValid(string $nickname, bool $check_already_used = true, bool $check_is_allowed = true): bool + public static function isValid(string $nickname, bool $check_already_used = false, int $which = self::CHECK_LOCAL_USER, bool $check_is_allowed = true): bool { try { - self::normalize($nickname, $check_already_used, $check_is_allowed); + self::normalize(nickname: $nickname, check_already_used: $check_already_used, which: $which, check_is_allowed: $check_is_allowed); } catch (NicknameException) { return false; } @@ -223,7 +223,7 @@ class Nickname */ public static function isCanonical(string $nickname): bool { - return preg_match('/^(?:' . self::CANONICAL_FMT . ')$/', $nickname); + return preg_match('/^(?:' . self::CANONICAL_FMT . ')$/', $nickname) > 0; } /**