Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modified odin to trim leading/trailing whitespace #88

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Modified odin to trim leading/trailing whitespace #88

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Cpp/odin-views/app.mint.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,12 +65,12 @@ namespace {
"Must pass both username and password fields");
}
const auto username =
fostlib::coerce<fostlib::string>(body["username"]);
fostlib::trim(fostlib::coerce<fostlib::string>(body["username"]));
const auto password =
fostlib::coerce<fostlib::string>(body["password"]);

auto user = odin::credentials(
cnx, username, password, req.remote_address());
cnx, username.value(), password, req.remote_address());
if (user.isnull()) {
throw fostlib::exceptions::not_implemented(
__PRETTY_FUNCTION__, "User not found");
Expand Down
8 changes: 5 additions & 3 deletions Cpp/odin-views/registration.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,11 @@ namespace {
auto body_str = fostlib::coerce<fostlib::string>(
fostlib::coerce<fostlib::utf8_string>(req.data()->data()));
fostlib::json body = fostlib::json::parse(body_str);
const auto username =
fostlib::coerce<fostlib::nullable<f5::u8view>>(
body["username"]);
const auto username = (config["trim"] != fostlib::json(false)) ?
fostlib::trim(fostlib::coerce<fostlib::nullable<f5::u8view>>(
body["username"])) :
fostlib::coerce<fostlib::nullable<f5::u8view>>(
body["username"]);

if (not username || username.value().empty()) {
throw fostlib::exceptions::not_implemented(
Expand Down
14 changes: 14 additions & 0 deletions tests/registration-self.fg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,20 @@ odin.user test-user test-user pw1234
odin.jwt.authorization test-user pw1234
GET odin /api/ 200 {"odin": {"user": "./user/:user-id/"}, "user": {"id": "test-user"}}

setting webserver views/odin/register-trim-false {
"view": "odin.register",
"configuration": {
"trim": false
}
}

# Any leading/trailing whitespace in username will be trimmed
POST odin/register / {"username": "\u0020user\u2008", "password": "password1234"} 201
POST odin/login / {"username": "user", "password": "password1234"} 200

# However, if set "trim" config to false, it won't trim
POST odin/register-trim-false / {"username": "\u0020user2\u2008", "password": "password1234"} 201
POST odin/login / {"username": "\u0020user2\u2008", "password": "password1234"} 200

# Put the user
PUT odin /api/user/test-user {"password": "1234"} 200
Expand Down
57 changes: 51 additions & 6 deletions views/app.register.fg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,15 @@ POST odin/app/register / {
"email": "[email protected]"
} 500

# Check database validity, the identity_id should be the identity that installation API generated
GET odin/test/validate-register /fred 200 {
"id": "installation_ref",
"email": "[email protected]",
"full_name": "Fred",
"login": "fred",
"app_id": "bowling-app"
}


# Existing username register twice should failed
sql.insert odin.identity {"id": "installation_ref2"}
Expand All @@ -136,11 +145,47 @@ POST odin/app/register / {
"email": "[email protected]"
} 500

# Check database validity, the identity_id should be the identity that installation API generated
GET odin/test/validate-register /fred 200 {
"id": "installation_ref",
"email": "[email protected]",
"full_name": "Fred",
"login": "fred",
# Register with leading/trailing username should be trimmed by default
POST odin/app/register / {
"username": "\uFEFF\n\u3000broski\u1680\u180E",
"password": "mercury2",
"password2": "mercury2",
"full-name": "Broski",
"email": "[email protected]"
} 200

# The data should already be trimmed after registration
GET odin/test/validate-register /broski 200 {
"id": "installation_ref2",
"email": "[email protected]",
"full_name": "Broski",
"login": "broski",
"app_id": "bowling-app"
}

# Register new account with "trim": false config
sql.insert odin.identity {"id": "installation_ref3"}
sql.insert odin.app_user_installation_id_ledger {
"reference": "reference3",
"app_id": "bowling-app",
"identity_id": "installation_ref3",
"installation_id": "fred-mobile3"
}

set app_jwt (odin.jwt.mint {"sub": "installation_ref3", "iss": "http://odin.felspar.com/app/bowling-app"} <JWT_SECRET>bowling-app)
set-path testserver.headers ["Authorization"] (cat "Bearer " (lookup app_jwt))
POST odin/app/register-test-trim-false / {
"username": "ciao",
"password": "mercury2",
"password2": "mercury2",
"full-name": "\u2002Ciao\u2001",
"email": "\[email protected]\t"
} 200

GET odin/test/validate-register /ciao 200 {
"id": "installation_ref3",
"email": "\[email protected]\t",
"full_name": "\u2002Ciao\u2001",
"login": "ciao",
"app_id": "bowling-app"
}
189 changes: 189 additions & 0 deletions views/app.register.test.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,195 @@
}
}]
}
},
"views/odin/app/register-test-trim-false": {
"view": "odin.app.secure",
"configuration": {
"unsecure": {
"view": "fost.response.403"
},
"secure": {
"view": "fost.schema.validate",
"configuration": {
"schema": {
"type": "object",
"properties": {
"username": {
"type": "string",
"minLength": 1
},
"password": {
"type": "string",
"minLength": 8
},
"password2": {
"type": "string",
"minLength": 8
},
"full_name": {
"type": "string"
},
"email": {
"type": "string",
"minLength": 1
}
},
"required": [
"username",
"password",
"password2",
"full-name",
"email"
]
},
"valid": {
"view": "odin.password.hash",
"configuration": {
"hash": [
"body",
"password"
],
"verify": [
"body",
"password2"
],
"then": {
"view": "odin.middleware.reference",
"configuration": {
"then": {
"view": "fost.control.status-condition",
"configuration": {
"if": {
"view": "fostgres.control.pg-error",
"configuration": {
"execute": {
"view": "fostgres.sql",
"configuration": {
"sql": [
{
"path": [],
"return": "object",
"POST": [
{
"table": "odin.credentials_password_ledger",
"columns": {
"reference": {
"source": [
"request",
"headers",
"__odin_reference"
]
},
"identity_id": {
"source": [
"request",
"headers",
"__user"
]
},
"login": {
"source": ["body", "username"]
},
"password": {
"source": ["request", "headers", "__hash"]
},
"process": {
"source": ["request", "headers", "__hash_process"]
}
}
},
{
"table": "odin.identity_full_name_ledger",
"columns": {
"reference": {
"source": [
"request",
"headers",
"__odin_reference"
]
},
"identity_id": {
"source": [
"request",
"headers",
"__user"
]
},
"full_name": {
"source": ["body", "full-name"],
"trim": false
}
}
},
{
"table": "odin.identity_email_ledger",
"columns": {
"reference": {
"source": [
"request",
"headers",
"__odin_reference"
]
},
"identity_id": {
"source": [
"request",
"headers",
"__user"
]
},
"email": {
"source": ["body", "email"],
"trim": false
}
}
},
{
"table": "odin.app_user_ledger",
"columns": {
"reference": {
"source": [
"request",
"headers",
"__odin_reference"
]
},
"app_id": {
"source": ["request", "headers", "__app"]
},
"identity_id": {
"source": [
"request",
"headers",
"__user"
]
}
}
}
]
}
]
}
},
"": "fost.response.500"
}
},
"then": {
"view": "odin.app.mint",
"configuration": {
"expires": {"hours": 72}
}
},
"else": "fost.response.500"
}
}
}
}
}
}
}
}
}
}
}
}