[james-project] 14/16: JAMES-2950 Should not be possible to add a user with special characters in its local part

Wed, 05 Feb 2020 19:55:40 -0800 

This is an automated email from the ASF dual-hosted git repository.

rcordier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git

commit fdf418bca5365ea52356b78d1457691202e6b369
Author: Rene Cordier <[email protected]>
AuthorDate: Fri Jan 17 17:09:33 2020 +0700

    JAMES-2950 Should not be possible to add a user with special characters in 
its local part
    
    We check this only when adding a user to not break compatibility with 
existing users having some of those characters
---
 .../james/user/lib/AbstractUsersRepository.java    | 12 +++++++++
 .../user/lib/AbstractUsersRepositoryTest.java      | 30 ++++++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git 
a/server/data/data-library/src/main/java/org/apache/james/user/lib/AbstractUsersRepository.java
 
b/server/data/data-library/src/main/java/org/apache/james/user/lib/AbstractUsersRepository.java
index 24558f2..d0dd787 100644
--- 
a/server/data/data-library/src/main/java/org/apache/james/user/lib/AbstractUsersRepository.java
+++ 
b/server/data/data-library/src/main/java/org/apache/james/user/lib/AbstractUsersRepository.java
@@ -38,8 +38,10 @@ import org.apache.james.user.api.UsersRepository;
 import org.apache.james.user.api.UsersRepositoryException;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.CharMatcher;
 
 public abstract class AbstractUsersRepository implements UsersRepository, 
Configurable {
+    private static String ILLEGAL_USERNAME_CHARACTERS = "\"(),:; <>@[\\]";
 
     private final DomainList domainList;
     private boolean virtualHosting;
@@ -93,6 +95,11 @@ public abstract class AbstractUsersRepository implements 
UsersRepository, Config
                 throw new InvalidUsernameException("Given Username contains a 
@domainpart but virtualhosting support is disabled");
             }
         }
+
+        if (!assertLocalPartValid(username)) {
+            throw new InvalidUsernameException(String.format("Given Username 
'%s' should not contain any of those characters: %s",
+                username.asString(), ILLEGAL_USERNAME_CHARACTERS));
+        }
     }
 
     @Override
@@ -148,4 +155,9 @@ public abstract class AbstractUsersRepository implements 
UsersRepository, Config
             throw new UsersRepositoryException("Failed to compute mail address 
associated with the user", e);
         }
     }
+
+    private boolean assertLocalPartValid(Username username) {
+        return CharMatcher.anyOf(ILLEGAL_USERNAME_CHARACTERS)
+            .matchesNoneOf(username.getLocalPart());
+    }
 }
diff --git 
a/server/data/data-library/src/test/java/org/apache/james/user/lib/AbstractUsersRepositoryTest.java
 
b/server/data/data-library/src/test/java/org/apache/james/user/lib/AbstractUsersRepositoryTest.java
index 99a967d..09ec685 100644
--- 
a/server/data/data-library/src/test/java/org/apache/james/user/lib/AbstractUsersRepositoryTest.java
+++ 
b/server/data/data-library/src/test/java/org/apache/james/user/lib/AbstractUsersRepositoryTest.java
@@ -24,6 +24,7 @@ import static 
org.assertj.core.api.Assertions.assertThatThrownBy;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.Optional;
+import java.util.stream.Stream;
 
 import org.apache.james.core.Domain;
 import org.apache.james.core.MailAddress;
@@ -31,10 +32,14 @@ import org.apache.james.core.Username;
 import org.apache.james.domainlist.api.mock.SimpleDomainList;
 import org.apache.james.lifecycle.api.LifecycleUtil;
 import org.apache.james.user.api.AlreadyExistInUsersRepositoryException;
+import org.apache.james.user.api.InvalidUsernameException;
 import org.apache.james.user.api.UsersRepositoryException;
 import org.apache.james.user.api.model.User;
 import org.junit.jupiter.api.Assumptions;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
 
 
 public abstract class AbstractUsersRepositoryTest {
@@ -509,4 +514,29 @@ public abstract class AbstractUsersRepositoryTest {
         assertThat(usersRepository.getMailAddressFor(Username.of(username)))
             .isEqualTo(new MailAddress(username, 
domainList.getDefaultDomain()));
     }
+
+    @ParameterizedTest
+    @MethodSource("illegalCharacters")
+    void 
assertValidShouldThrowWhenUsernameLocalPartWithIllegalCharacter(String 
illegalCharacter) {
+        assertThatThrownBy(() -> usersRepository.assertValid(Username.of("a" + 
illegalCharacter + "a")))
+            .isInstanceOf(InvalidUsernameException.class);
+    }
+
+    private static Stream<Arguments> illegalCharacters() {
+        return Stream.of(
+            "\"",
+            "(",
+            ")",
+            ",",
+            ":",
+            ";",
+            "<",
+            ">",
+            "@",
+            "[",
+            "\\",
+            "]",
+            " ")
+            .map(Arguments::of);
+    }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to