Skip to content

Commit 891705f

Browse files
committed
Validate real name
1 parent 15367f0 commit 891705f

File tree

5 files changed

+80
-1
lines changed

5 files changed

+80
-1
lines changed

coderd/httpapi/httpapi.go

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,20 @@ func init() {
8080
if err != nil {
8181
panic(err)
8282
}
83+
84+
userRealNameValidator := func(fl validator.FieldLevel) bool {
85+
f := fl.Field().Interface()
86+
str, ok := f.(string)
87+
if !ok {
88+
return false
89+
}
90+
valid := UserRealNameValid(str)
91+
return valid == nil
92+
}
93+
err = Validate.RegisterValidation("user_real_name", userRealNameValidator)
94+
if err != nil {
95+
panic(err)
96+
}
8397
}
8498

8599
// Is404Error returns true if the given error should return a 404 status code.

coderd/httpapi/name.go

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,3 +79,16 @@ func TemplateDisplayNameValid(str string) error {
7979
}
8080
return nil
8181
}
82+
83+
// UserRealNameValid returns whether the input string is a valid real user name.
84+
func UserRealNameValid(str string) error {
85+
if len(str) > 64 {
86+
return xerrors.New("must be <= 64 characters")
87+
}
88+
89+
trimmed := strings.TrimSpace(str)
90+
if trimmed != str {
91+
return xerrors.New("must not have leading or trailing white spaces")
92+
}
93+
return nil
94+
}

coderd/httpapi/name_test.go

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -209,3 +209,32 @@ func TestFrom(t *testing.T) {
209209
})
210210
}
211211
}
212+
213+
func TestUserRealNameValid(t *testing.T) {
214+
t.Parallel()
215+
216+
testCases := []struct {
217+
Name string
218+
Valid bool
219+
}{
220+
{"1", true},
221+
{"A", true},
222+
{"A1", true},
223+
{".", true},
224+
{"Mr Bean", true},
225+
{"John Doe", true},
226+
{". .", true},
227+
228+
{"John Doe ", false},
229+
{" John Doe", false},
230+
{" ", false},
231+
}
232+
for _, testCase := range testCases {
233+
testCase := testCase
234+
t.Run(testCase.Name, func(t *testing.T) {
235+
t.Parallel()
236+
valid := httpapi.UserRealNameValid(testCase.Name)
237+
require.Equal(t, testCase.Valid, valid == nil)
238+
})
239+
}
240+
}

coderd/users_test.go

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -702,6 +702,29 @@ func TestUpdateUserProfile(t *testing.T) {
702702
require.Len(t, auditor.AuditLogs(), numLogs)
703703
require.Equal(t, database.AuditActionWrite, auditor.AuditLogs()[numLogs-1].Action)
704704
})
705+
706+
t.Run("InvalidRealUserName", func(t *testing.T) {
707+
t.Parallel()
708+
client := coderdtest.New(t, nil)
709+
user := coderdtest.CreateFirstUser(t, client)
710+
711+
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
712+
defer cancel()
713+
714+
_, err := client.CreateUser(ctx, codersdk.CreateUserRequest{
715+
Email: "john@coder.com",
716+
Username: "john",
717+
Password: "SomeSecurePassword!",
718+
OrganizationID: user.OrganizationID,
719+
})
720+
require.NoError(t, err)
721+
_, err = client.UpdateUserProfile(ctx, codersdk.Me, codersdk.UpdateUserProfileRequest{
722+
Name: " Mr Bean", // must not have leading space
723+
})
724+
var apiErr *codersdk.Error
725+
require.ErrorAs(t, err, &apiErr)
726+
require.Equal(t, http.StatusBadRequest, apiErr.StatusCode())
727+
})
705728
}
706729

707730
func TestUpdateUserPassword(t *testing.T) {

codersdk/users.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ type CreateUserRequest struct {
119119

120120
type UpdateUserProfileRequest struct {
121121
Username string `json:"username" validate:"required,username"`
122-
Name string `json:"name"`
122+
Name string `json:"name" validate:"user_real_name"`
123123
}
124124

125125
type UpdateUserAppearanceSettingsRequest struct {

0 commit comments

Comments
 (0)