Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
a03d29da
Commit
a03d29da
authored
Jan 31, 2018
by
Douwe Maan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Validate User username only on Namespace, and bubble up appropriately
parent
75144b1e
Changes
12
Hide whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
23 additions
and
90 deletions
+23
-90
app/models/user.rb
app/models/user.rb
+1
-3
app/validators/abstract_path_validator.rb
app/validators/abstract_path_validator.rb
+1
-5
app/validators/namespace_path_validator.rb
app/validators/namespace_path_validator.rb
+0
-4
app/validators/project_path_validator.rb
app/validators/project_path_validator.rb
+0
-4
app/validators/user_path_validator.rb
app/validators/user_path_validator.rb
+0
-15
lib/constraints/user_url_constrainer.rb
lib/constraints/user_url_constrainer.rb
+1
-1
lib/gitlab/o_auth/user.rb
lib/gitlab/o_auth/user.rb
+1
-1
lib/gitlab/path_regex.rb
lib/gitlab/path_regex.rb
+0
-12
spec/lib/gitlab/path_regex_spec.rb
spec/lib/gitlab/path_regex_spec.rb
+4
-4
spec/models/user_spec.rb
spec/models/user_spec.rb
+14
-2
spec/services/groups/transfer_service_spec.rb
spec/services/groups/transfer_service_spec.rb
+1
-1
spec/validators/user_path_validator_spec.rb
spec/validators/user_path_validator_spec.rb
+0
-38
No files found.
app/models/user.rb
View file @
a03d29da
...
@@ -151,9 +151,7 @@ class User < ActiveRecord::Base
...
@@ -151,9 +151,7 @@ class User < ActiveRecord::Base
validates
:projects_limit
,
validates
:projects_limit
,
presence:
true
,
presence:
true
,
numericality:
{
greater_than_or_equal_to:
0
,
less_than_or_equal_to:
Gitlab
::
Database
::
MAX_INT_VALUE
}
numericality:
{
greater_than_or_equal_to:
0
,
less_than_or_equal_to:
Gitlab
::
Database
::
MAX_INT_VALUE
}
validates
:username
,
validates
:username
,
presence:
true
user_path:
true
,
presence:
true
validates
:namespace
,
presence:
true
validates
:namespace
,
presence:
true
validate
:namespace_move_dir_allowed
,
if: :username_changed?
validate
:namespace_move_dir_allowed
,
if: :username_changed?
...
...
app/validators/abstract_path_validator.rb
View file @
a03d29da
...
@@ -13,10 +13,6 @@ class AbstractPathValidator < ActiveModel::EachValidator
...
@@ -13,10 +13,6 @@ class AbstractPathValidator < ActiveModel::EachValidator
raise
NotImplementedError
raise
NotImplementedError
end
end
def
self
.
full_path
(
record
,
value
)
value
end
def
self
.
valid_path?
(
path
)
def
self
.
valid_path?
(
path
)
encode!
(
path
)
encode!
(
path
)
"
#{
path
}
/"
=~
path_regex
"
#{
path
}
/"
=~
path_regex
...
@@ -28,7 +24,7 @@ class AbstractPathValidator < ActiveModel::EachValidator
...
@@ -28,7 +24,7 @@ class AbstractPathValidator < ActiveModel::EachValidator
return
return
end
end
full_path
=
self
.
class
.
full_path
(
record
,
value
)
full_path
=
record
.
build_full_path
return
unless
full_path
return
unless
full_path
unless
self
.
class
.
valid_path?
(
full_path
)
unless
self
.
class
.
valid_path?
(
full_path
)
...
...
app/validators/namespace_path_validator.rb
View file @
a03d29da
...
@@ -12,8 +12,4 @@ class NamespacePathValidator < AbstractPathValidator
...
@@ -12,8 +12,4 @@ class NamespacePathValidator < AbstractPathValidator
def
self
.
format_error_message
def
self
.
format_error_message
Gitlab
::
PathRegex
.
namespace_format_message
Gitlab
::
PathRegex
.
namespace_format_message
end
end
def
self
.
full_path
(
record
,
value
)
record
.
build_full_path
end
end
end
app/validators/project_path_validator.rb
View file @
a03d29da
...
@@ -12,8 +12,4 @@ class ProjectPathValidator < AbstractPathValidator
...
@@ -12,8 +12,4 @@ class ProjectPathValidator < AbstractPathValidator
def
self
.
format_error_message
def
self
.
format_error_message
Gitlab
::
PathRegex
.
project_path_format_message
Gitlab
::
PathRegex
.
project_path_format_message
end
end
def
self
.
full_path
(
record
,
value
)
record
.
build_full_path
end
end
end
app/validators/user_path_validator.rb
deleted
100644 → 0
View file @
75144b1e
class
UserPathValidator
<
AbstractPathValidator
extend
Gitlab
::
EncodingHelper
def
self
.
path_regex
Gitlab
::
PathRegex
.
root_namespace_path_regex
end
def
self
.
format_regex
Gitlab
::
PathRegex
.
namespace_format_regex
end
def
self
.
format_error_message
Gitlab
::
PathRegex
.
namespace_format_message
end
end
lib/constraints/user_url_constrainer.rb
View file @
a03d29da
...
@@ -2,7 +2,7 @@ class UserUrlConstrainer
...
@@ -2,7 +2,7 @@ class UserUrlConstrainer
def
matches?
(
request
)
def
matches?
(
request
)
full_path
=
request
.
params
[
:username
]
full_path
=
request
.
params
[
:username
]
return
false
unless
User
PathValidator
.
valid_path?
(
full_path
)
return
false
unless
Namespace
PathValidator
.
valid_path?
(
full_path
)
User
.
find_by_full_path
(
full_path
,
follow_redirects:
request
.
get?
).
present?
User
.
find_by_full_path
(
full_path
,
follow_redirects:
request
.
get?
).
present?
end
end
...
...
lib/gitlab/o_auth/user.rb
View file @
a03d29da
...
@@ -178,7 +178,7 @@ module Gitlab
...
@@ -178,7 +178,7 @@ module Gitlab
valid_username
=
::
Namespace
.
clean_path
(
username
)
valid_username
=
::
Namespace
.
clean_path
(
username
)
uniquify
=
Uniquify
.
new
uniquify
=
Uniquify
.
new
valid_username
=
uniquify
.
string
(
valid_username
)
{
|
s
|
!
User
PathValidator
.
valid_path?
(
s
)
}
valid_username
=
uniquify
.
string
(
valid_username
)
{
|
s
|
!
Namespace
PathValidator
.
valid_path?
(
s
)
}
name
=
auth_hash
.
name
name
=
auth_hash
.
name
name
=
valid_username
if
name
.
strip
.
empty?
name
=
valid_username
if
name
.
strip
.
empty?
...
...
lib/gitlab/path_regex.rb
View file @
a03d29da
...
@@ -171,26 +171,14 @@ module Gitlab
...
@@ -171,26 +171,14 @@ module Gitlab
@project_git_route_regex
||=
/
#{
project_route_regex
}
\.git/
.
freeze
@project_git_route_regex
||=
/
#{
project_route_regex
}
\.git/
.
freeze
end
end
def
root_namespace_path_regex
@root_namespace_path_regex
||=
%r{
\A
#{
root_namespace_route_regex
}
/
\z
}
end
def
full_namespace_path_regex
def
full_namespace_path_regex
@full_namespace_path_regex
||=
%r{
\A
#{
full_namespace_route_regex
}
/
\z
}
@full_namespace_path_regex
||=
%r{
\A
#{
full_namespace_route_regex
}
/
\z
}
end
end
def
project_path_regex
@project_path_regex
||=
%r{
\A
#{
project_route_regex
}
/
\z
}
end
def
full_project_path_regex
def
full_project_path_regex
@full_project_path_regex
||=
%r{
\A
#{
full_namespace_route_regex
}
/
#{
project_route_regex
}
/
\z
}
@full_project_path_regex
||=
%r{
\A
#{
full_namespace_route_regex
}
/
#{
project_route_regex
}
/
\z
}
end
end
def
full_namespace_format_regex
@namespace_format_regex
||=
/A
#{
FULL_NAMESPACE_FORMAT_REGEX
}
\z/
.
freeze
end
def
namespace_format_regex
def
namespace_format_regex
@namespace_format_regex
||=
/\A
#{
NAMESPACE_FORMAT_REGEX
}
\z/
.
freeze
@namespace_format_regex
||=
/\A
#{
NAMESPACE_FORMAT_REGEX
}
\z/
.
freeze
end
end
...
...
spec/lib/gitlab/path_regex_spec.rb
View file @
a03d29da
...
@@ -194,8 +194,8 @@ describe Gitlab::PathRegex do
...
@@ -194,8 +194,8 @@ describe Gitlab::PathRegex do
end
end
end
end
describe
'.root_namespace_
path
_regex'
do
describe
'.root_namespace_
route
_regex'
do
subject
{
described_class
.
root_namespace_path_regex
}
subject
{
%r{
\A
#{
described_class
.
root_namespace_route_regex
}
/
\z
}
}
it
'rejects top level routes'
do
it
'rejects top level routes'
do
expect
(
subject
).
not_to
match
(
'admin/'
)
expect
(
subject
).
not_to
match
(
'admin/'
)
...
@@ -318,8 +318,8 @@ describe Gitlab::PathRegex do
...
@@ -318,8 +318,8 @@ describe Gitlab::PathRegex do
end
end
end
end
describe
'.project_
path
_regex'
do
describe
'.project_
route
_regex'
do
subject
{
described_class
.
project_path_regex
}
subject
{
%r{
\A
#{
described_class
.
project_route_regex
}
/
\z
}
}
it
'accepts top level routes'
do
it
'accepts top level routes'
do
expect
(
subject
).
to
match
(
'admin/'
)
expect
(
subject
).
to
match
(
'admin/'
)
...
...
spec/models/user_spec.rb
View file @
a03d29da
...
@@ -140,7 +140,19 @@ describe User do
...
@@ -140,7 +140,19 @@ describe User do
user
=
build
(
:user
,
username:
username
)
user
=
build
(
:user
,
username:
username
)
expect
(
user
).
not_to
be_valid
expect
(
user
).
not_to
be_valid
expect
(
user
.
errors
.
messages
[
:"namespace.route.path"
].
first
).
to
eq
(
'foo has been taken before. Please use another one'
)
expect
(
user
.
errors
.
full_messages
).
to
eq
([
'Username has been taken before'
])
end
end
context
'when the username is in use by another user'
do
let
(
:username
)
{
'foo'
}
let!
(
:other_user
)
{
create
(
:user
,
username:
username
)
}
it
'is invalid'
do
user
=
build
(
:user
,
username:
username
)
expect
(
user
).
not_to
be_valid
expect
(
user
.
errors
.
full_messages
).
to
eq
([
'Username has already been taken'
])
end
end
end
end
end
end
...
@@ -2634,7 +2646,7 @@ describe User do
...
@@ -2634,7 +2646,7 @@ describe User do
it
'should raise an ActiveRecord::RecordInvalid exception'
do
it
'should raise an ActiveRecord::RecordInvalid exception'
do
user2
=
build
(
:user
,
username:
'foo'
)
user2
=
build
(
:user
,
username:
'foo'
)
expect
{
user2
.
save!
}.
to
raise_error
(
ActiveRecord
::
RecordInvalid
,
/
Namespace route path foo
has been taken before/
)
expect
{
user2
.
save!
}.
to
raise_error
(
ActiveRecord
::
RecordInvalid
,
/
Username
has been taken before/
)
end
end
end
end
...
...
spec/services/groups/transfer_service_spec.rb
View file @
a03d29da
...
@@ -177,7 +177,7 @@ describe Groups::TransferService, :postgresql do
...
@@ -177,7 +177,7 @@ describe Groups::TransferService, :postgresql do
it
'should add an error on group'
do
it
'should add an error on group'
do
transfer_service
.
execute
(
new_parent_group
)
transfer_service
.
execute
(
new_parent_group
)
expect
(
transfer_service
.
error
).
to
eq
(
'Transfer failed: Validation failed:
Route path has already been taken, Route is invalid
'
)
expect
(
transfer_service
.
error
).
to
eq
(
'Transfer failed: Validation failed:
Path has already been taken
'
)
end
end
end
end
...
...
spec/validators/user_path_validator_spec.rb
deleted
100644 → 0
View file @
75144b1e
require
'spec_helper'
describe
UserPathValidator
do
let
(
:validator
)
{
described_class
.
new
(
attributes:
[
:username
])
}
describe
'.valid_path?'
do
it
'handles invalid utf8'
do
expect
(
described_class
.
valid_path?
(
"a
\0
weird
\255
path"
)).
to
be_falsey
end
end
describe
'#validates_each'
do
it
'adds a message when the path is not in the correct format'
do
user
=
build
(
:user
)
validator
.
validate_each
(
user
,
:username
,
"Path with spaces, and comma's!"
)
expect
(
user
.
errors
[
:username
]).
to
include
(
Gitlab
::
PathRegex
.
namespace_format_message
)
end
it
'adds a message when the path is reserved when creating'
do
user
=
build
(
:user
,
username:
'help'
)
validator
.
validate_each
(
user
,
:username
,
'help'
)
expect
(
user
.
errors
[
:username
]).
to
include
(
'help is a reserved name'
)
end
it
'adds a message when the path is reserved when updating'
do
user
=
create
(
:user
)
user
.
username
=
'help'
validator
.
validate_each
(
user
,
:username
,
'help'
)
expect
(
user
.
errors
[
:username
]).
to
include
(
'help is a reserved name'
)
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment