From 1b12240ebc2ab2430316c1723d6efc5b61573ea9 Mon Sep 17 00:00:00 2001 From: Martin Varga Date: Mon, 13 Jan 2025 16:17:33 +0100 Subject: [PATCH] Fix username autogeneration from email --- server/mergin/auth/models.py | 5 +++++ server/mergin/tests/test_auth.py | 3 +++ 2 files changed, 8 insertions(+) diff --git a/server/mergin/auth/models.py b/server/mergin/auth/models.py index c16c21f6..b57631cb 100644 --- a/server/mergin/auth/models.py +++ b/server/mergin/auth/models.py @@ -6,6 +6,7 @@ import datetime from typing import List, Optional import bcrypt +import re from flask import current_app, request from sqlalchemy import or_, func, text @@ -196,6 +197,10 @@ def generate_username(cls, email: str) -> Optional[str]: if not "@" in email: return username = email.split("@")[0].strip().lower() + # remove forbidden chars + username = re.sub( + r"[\@\#\$\%\^\&\*\(\)\{\}\[\]\?\'\"`,;\:\+\=\~\\\/\|\<\>]", "", username + ) # check if we already do not have existing usernames suffix = db.session.execute( text( diff --git a/server/mergin/tests/test_auth.py b/server/mergin/tests/test_auth.py index 91027fb4..280626de 100644 --- a/server/mergin/tests/test_auth.py +++ b/server/mergin/tests/test_auth.py @@ -850,6 +850,9 @@ def test_username_generation(client): user = add_user("user25", "user") assert User.generate_username(user.email) == user.username + "1" + # generate username from email containing invalid chars for username, e.g. + + assert User.generate_username("tralala+test@example.com") == "tralalatest" + def test_server_usage(client): """Test server usage endpoint"""