hippoz/cinny
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #14 from phildenhoff/phildenhoff/fix-at-sigil-in-localpart

Browse source 
Remove username login requirements and sanitise out leading "@"
This commit is contained in:
Ajay Bura 2021-07-29 11:22:06 +05:30 committed by GitHub
commit 2e8830b9d3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
package.json
View file

@ -4,8 +4,8 @@
"description": "Organized and powerful matrix client.", "description": "Organized and powerful matrix client.",
"main": "index.js", "main": "index.js",
"engines": { "engines": {
"npm": "6.14.11", "npm": ">=6.14.11",
"node": "14.6.0" "node": ">=14.6.0"
}, },
"scripts": { "scripts": {
"start": "webpack serve --config ./webpack.dev.js --open", "start": "webpack serve --config ./webpack.dev.js --open",

43
src/app/templates/auth/Auth.jsx
View file

@ -13,8 +13,12 @@ import Spinner from '../../atoms/spinner/Spinner';
import CinnySvg from '../../../../public/res/svg/cinny.svg'; import CinnySvg from '../../../../public/res/svg/cinny.svg';
const USERNAME_REGEX = /^[a-z0-9_\-.=/]+$/; // This regex validates historical usernames, which don't satisy today's username requirements.
const BAD_USERNAME_ERROR = 'Username must contain only lowercase letters, numbers, dashes and underscores.'; // See https://matrix.org/docs/spec/appendices#id13 for more info.
const LOCALPART_LOGIN_REGEX = /^[!-9|;-~]+$/;
const LOCALPART_SIGNUP_REGEX = /^[a-z0-9_\-.=/]+$/;
const BAD_LOCALPART_ERROR = 'Username must contain only a-z, 0-9, ., _, =, -, and /.';
const USER_ID_TOO_LONG_ERROR = 'Your user ID, including the hostname, can\'t be more than 255 characters long.';
const PASSWORD_REGEX = /.+/; const PASSWORD_REGEX = /.+/;
const PASSWORD_STRENGHT_REGEX = /^(?=.*\d)(?=.*[A-Z])(?=.*[a-z])(?=.*[^\w\d\s:])([^\s]){8,16}$/; const PASSWORD_STRENGHT_REGEX = /^(?=.*\d)(?=.*[A-Z])(?=.*[a-z])(?=.*[^\w\d\s:])([^\s]){8,16}$/;
@ -52,6 +56,18 @@ function validateOnChange(e, regex, error) {
document.getElementById('auth_submit-btn').disabled = false; document.getElementById('auth_submit-btn').disabled = false;
} }
/**
* Normalizes a username into a standard format.
*
* Removes leading and trailing whitespaces and leading "@" symbols.
* @param {string} rawUsername A raw-input username, which may include invalid characters.
* @returns {string}
*/
function normalizeUsername(rawUsername) {
const noLeadingAt = rawUsername.indexOf('@') === 0 ? rawUsername.substr(1) : rawUsername;
return noLeadingAt.trim();
}
function Auth({ type }) { function Auth({ type }) {
const [process, changeProcess] = useState(null); const [process, changeProcess] = useState(null);
const usernameRef = useRef(null); const usernameRef = useRef(null);
@ -99,12 +115,17 @@ function Auth({ type }) {
document.getElementById('auth_submit-btn').disabled = true; document.getElementById('auth_submit-btn').disabled = true;
document.getElementById('auth_error').style.display = 'none'; document.getElementById('auth_error').style.display = 'none';
if (!isValidInput(usernameRef.current.value, USERNAME_REGEX)) { /** @type {string} */
showBadInputError(usernameRef.current, BAD_USERNAME_ERROR); const rawUsername = usernameRef.current.value;
/** @type {string} */
const normalizedUsername = normalizeUsername(rawUsername);
if (!isValidInput(normalizedUsername, LOCALPART_LOGIN_REGEX)) {
showBadInputError(usernameRef.current, BAD_LOCALPART_ERROR);
return; return;
} }
auth.login(usernameRef.current.value, homeserverRef.current.value, passwordRef.current.value) auth.login(normalizedUsername, homeserverRef.current.value, passwordRef.current.value)
.then(() => { .then(() => {
document.getElementById('auth_submit-btn').disabled = false; document.getElementById('auth_submit-btn').disabled = false;
window.location.replace('/'); window.location.replace('/');
@ -122,8 +143,8 @@ function Auth({ type }) {
document.getElementById('auth_submit-btn').disabled = true; document.getElementById('auth_submit-btn').disabled = true;
document.getElementById('auth_error').style.display = 'none'; document.getElementById('auth_error').style.display = 'none';
if (!isValidInput(usernameRef.current.value, USERNAME_REGEX)) { if (!isValidInput(usernameRef.current.value, LOCALPART_SIGNUP_REGEX)) {
showBadInputError(usernameRef.current, BAD_USERNAME_ERROR); showBadInputError(usernameRef.current, BAD_LOCALPART_ERROR);
return; return;
} }
if (!isValidInput(passwordRef.current.value, PASSWORD_STRENGHT_REGEX)) { if (!isValidInput(passwordRef.current.value, PASSWORD_STRENGHT_REGEX)) {
@ -138,6 +159,10 @@ function Auth({ type }) {
showBadInputError(emailRef.current, BAD_EMAIL_ERROR); showBadInputError(emailRef.current, BAD_EMAIL_ERROR);
return; return;
} }
if (`@${usernameRef.current.value}:${homeserverRef.current.value}`.length > 255) {
showBadInputError(usernameRef.current, USER_ID_TOO_LONG_ERROR);
return;
}
register(); register();
} }
@ -171,7 +196,9 @@ function Auth({ type }) {
<div className="username__wrapper"> <div className="username__wrapper">
<Input <Input
forwardRef={usernameRef} forwardRef={usernameRef}
onChange={(e) => validateOnChange(e, USERNAME_REGEX, BAD_USERNAME_ERROR)} onChange={(e) => (type === 'login'
? validateOnChange(e, LOCALPART_LOGIN_REGEX, BAD_LOCALPART_ERROR)
: validateOnChange(e, LOCALPART_SIGNUP_REGEX, BAD_LOCALPART_ERROR))}
id="auth_username" id="auth_username"
label="Username" label="Username"
required required