From 7ca5200ec22a7223b363882c292cca34c68cb6b4 Mon Sep 17 00:00:00 2001 From: "marcel.kocisek" Date: Tue, 25 Feb 2025 13:08:19 +0100 Subject: [PATCH 1/3] Adjust length of username to some sensible length --- server/mergin/auth/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/mergin/auth/models.py b/server/mergin/auth/models.py index b57631cb..52530756 100644 --- a/server/mergin/auth/models.py +++ b/server/mergin/auth/models.py @@ -200,7 +200,7 @@ def generate_username(cls, email: str) -> Optional[str]: # remove forbidden chars username = re.sub( r"[\@\#\$\%\^\&\*\(\)\{\}\[\]\?\'\"`,;\:\+\=\~\\\/\|\<\>]", "", username - ) + ).ljust(4, "0") # check if we already do not have existing usernames suffix = db.session.execute( text( From ea5e0284f060c02b5994e9b8b0f102feeb46e9a0 Mon Sep 17 00:00:00 2001 From: "marcel.kocisek" Date: Tue, 25 Feb 2025 13:26:49 +0100 Subject: [PATCH 2/3] Add tests for usernames --- server/mergin/tests/test_auth.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/server/mergin/tests/test_auth.py b/server/mergin/tests/test_auth.py index fcd98d8b..7b9f8a24 100644 --- a/server/mergin/tests/test_auth.py +++ b/server/mergin/tests/test_auth.py @@ -844,6 +844,11 @@ def test_username_generation(client): # generate username from email containing invalid chars for username, e.g. + assert User.generate_username("tralala+test@example.com") == "tralalatest" + # generate username from short email + user = add_user("t000", "user") + assert User.generate_username("t@example.com") == "t0001" + assert User.generate_username("t11@example.com") == "t110" + def test_server_usage(client): """Test server usage endpoint""" From ba1f0a17d0c21deada98c8f6a0efa2844cf914d3 Mon Sep 17 00:00:00 2001 From: "marcel.kocisek" Date: Wed, 26 Feb 2025 12:56:03 +0100 Subject: [PATCH 3/3] Add additioanl checks for reserved words --- server/mergin/auth/models.py | 4 +++- server/mergin/tests/test_auth.py | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/server/mergin/auth/models.py b/server/mergin/auth/models.py index 52530756..b54336ce 100644 --- a/server/mergin/auth/models.py +++ b/server/mergin/auth/models.py @@ -12,7 +12,7 @@ from ..app import db from ..sync.models import ProjectUser -from ..sync.utils import get_user_agent, get_ip, get_device_id +from ..sync.utils import get_user_agent, get_ip, get_device_id, is_reserved_word class User(db.Model): @@ -201,6 +201,8 @@ def generate_username(cls, email: str) -> Optional[str]: username = re.sub( r"[\@\#\$\%\^\&\*\(\)\{\}\[\]\?\'\"`,;\:\+\=\~\\\/\|\<\>]", "", username ).ljust(4, "0") + # additional check for reserved words + username = f"{username}0" if is_reserved_word(username) else username # check if we already do not have existing usernames suffix = db.session.execute( text( diff --git a/server/mergin/tests/test_auth.py b/server/mergin/tests/test_auth.py index 7b9f8a24..ee2dc725 100644 --- a/server/mergin/tests/test_auth.py +++ b/server/mergin/tests/test_auth.py @@ -849,6 +849,9 @@ def test_username_generation(client): assert User.generate_username("t@example.com") == "t0001" assert User.generate_username("t11@example.com") == "t110" + user = add_user("support1", "user") + assert User.generate_username("support@example.com") == "support0" + def test_server_usage(client): """Test server usage endpoint"""