Trim email and username (#386)

Also forbid whitespaces in username
Fix #385
This commit is contained in:
fdb-hiroshima 2018-12-25 18:00:21 +01:00 committed by GitHub
parent 9b3b79ef9c
commit ccba485215
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -300,7 +300,7 @@ pub fn passwords_match(form: &NewUserForm) -> Result<(), ValidationError> {
} }
pub fn validate_username(username: &str) -> Result<(), ValidationError> { pub fn validate_username(username: &str) -> Result<(), ValidationError> {
if username.contains(&['<', '>', '&', '@', '\'', '"'][..]) { if username.contains(&['<', '>', '&', '@', '\'', '"', ' ', '\n', '\t'][..]) {
Err(ValidationError::new("username_illegal_char")) Err(ValidationError::new("username_illegal_char"))
} else { } else {
Ok(()) Ok(())
@ -316,6 +316,9 @@ pub fn create(conn: DbConn, form: LenientForm<NewUserForm>, intl: I18n) -> Resul
return Ok(Redirect::to(uri!(new))); // Actually, it is an error return Ok(Redirect::to(uri!(new))); // Actually, it is an error
} }
let mut form = form.into_inner();
form.username = form.username.trim().to_owned();
form.email = form.email.trim().to_owned();
form.validate() form.validate()
.map(|_| { .map(|_| {
NewUser::new_local( NewUser::new_local(
@ -333,7 +336,7 @@ pub fn create(conn: DbConn, form: LenientForm<NewUserForm>, intl: I18n) -> Resul
render!(users::new( render!(users::new(
&(&*conn, &intl.catalog, None), &(&*conn, &intl.catalog, None),
Instance::get_local(&*conn).map(|i| i.open_registrations).unwrap_or(true), Instance::get_local(&*conn).map(|i| i.open_registrations).unwrap_or(true),
&*form, &form,
err err
)) ))
}) })