add unit tests for the user and group name validation

2025-11-10 15:35:49 +01:00 · 2018-10-01 12:20:17 +02:00
parent ffeb1e9a3f
commit 2bc9a2d70f
4 changed files with 85 additions and 3 deletions
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/ValidationConstraints.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/ValidationConstraints.java
@@ -5,10 +5,10 @@ public final class ValidationConstraints {
  private ValidationConstraints() {}
  /**
-   * A user or group name should not start with the @ character
+   * A user or group name should not start with <code>@</code> or a whitespace
   * and it not contains whitespaces
-   * the characters: . - _ are allowed
+   * and the characters: . - _ @ are allowed
   */
-  public static final String USER_GROUP_PATTERN = "^[^@][A-z0-9\\.\\-_]|([A-z0-9\\.\\-_]*[A-z0-9\\.\\-_])?$";
+  public static final String USER_GROUP_PATTERN = "^[^@\\s][A-z0-9\\.\\-_@]+$";
 }
--- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/GroupRootResourceTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/GroupRootResourceTest.java
@@ -224,6 +224,32 @@ public class GroupRootResourceTest {
    assertEquals("user1", createdGroup.getMembers().get(0));
  }
  @Test
  public void shouldGet400OnCreatingNewGroupWithNotAllowedCharacters() throws URISyntaxException {
    // the @ character at the begin of the name is not allowed
    String groupJson = "{ \"name\": \"@grpname\", \"type\": \"admin\" }";
    MockHttpRequest request = MockHttpRequest
      .post("/" + GroupRootResource.GROUPS_PATH_V2)
      .contentType(VndMediaType.GROUP)
      .content(groupJson.getBytes());
    MockHttpResponse response = new MockHttpResponse();
    dispatcher.invoke(request, response);
    assertEquals(400, response.getStatus());
    // the whitespace at the begin opf the name is not allowed
    groupJson = "{ \"name\": \" grpname\", \"type\": \"admin\" }";
    request = MockHttpRequest
      .post("/" + GroupRootResource.GROUPS_PATH_V2)
      .contentType(VndMediaType.GROUP)
      .content(groupJson.getBytes());
    dispatcher.invoke(request, response);
    assertEquals(400, response.getStatus());
  }
  @Test
  public void shouldFailForMissingContent() throws URISyntaxException {
    MockHttpRequest request = MockHttpRequest
--- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/PermissionRootResourceTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/PermissionRootResourceTest.java
@@ -48,6 +48,7 @@ import java.util.stream.Stream;
 import static de.otto.edison.hal.Link.link;
 import static de.otto.edison.hal.Links.linkingTo;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.fail;
 import static org.junit.jupiter.api.DynamicTest.dynamicTest;
 import static org.mockito.Matchers.any;
@@ -233,6 +234,35 @@ public class PermissionRootResourceTest extends RepositoryTestBase {
    );
  }
  @Test
  public void shouldGet400OnCreatingNewPermissionWithNotAllowedCharacters() throws URISyntaxException {
    // the @ character at the begin of the name is not allowed
    createUserWithRepository("user");
    String permissionJson = "{ \"name\": \"@permission\", \"type\": \"OWNER\" }";
    MockHttpRequest request = MockHttpRequest
      .post("/" + RepositoryRootResource.REPOSITORIES_PATH_V2 + PATH_OF_ALL_PERMISSIONS)
      .content(permissionJson.getBytes())
      .contentType(VndMediaType.PERMISSION);
    MockHttpResponse response = new MockHttpResponse();
    dispatcher.invoke(request, response);
    assertEquals(400, response.getStatus());
    // the whitespace at the begin opf the name is not allowed
    permissionJson = "{ \"name\": \" permission\", \"type\": \"OWNER\" }";
    request = MockHttpRequest
      .post("/" + RepositoryRootResource.REPOSITORIES_PATH_V2 + PATH_OF_ALL_PERMISSIONS)
      .content(permissionJson.getBytes())
      .contentType(VndMediaType.PERMISSION);
    response = new MockHttpResponse();
    dispatcher.invoke(request, response);
    assertEquals(400, response.getStatus());
  }
  @Test
  public void shouldGetCreatedPermissions() throws URISyntaxException {
    createUserWithRepositoryAndPermissions(TEST_PERMISSIONS, PERMISSION_WRITE);
--- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/UserRootResourceTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/UserRootResourceTest.java
@@ -98,6 +98,32 @@ public class UserRootResourceTest {
    assertTrue(response.getContentAsString().contains("\"delete\":{\"href\":\"/v2/users/Neo\"}"));
  }
  @Test
  public void shouldGet400OnCreatingNewUserWithNotAllowedCharacters() throws URISyntaxException {
    // the @ character at the begin of the name is not allowed
    String userJson = "{ \"name\": \"@user\", \"type\": \"db\" }";
    MockHttpRequest request = MockHttpRequest
      .post("/" + UserRootResource.USERS_PATH_V2)
      .contentType(VndMediaType.USER)
      .content(userJson.getBytes());
    MockHttpResponse response = new MockHttpResponse();
    dispatcher.invoke(request, response);
    assertEquals(400, response.getStatus());
    // the whitespace at the begin opf the name is not allowed
    userJson = "{ \"name\": \" user\", \"type\": \"db\" }";
    request = MockHttpRequest
      .post("/" + UserRootResource.USERS_PATH_V2)
      .contentType(VndMediaType.USER)
      .content(userJson.getBytes());
    dispatcher.invoke(request, response);
    assertEquals(400, response.getStatus());
  }
  @Test
  @SubjectAware(username = "unpriv")
  public void shouldCreateLimitedResponseForSimpleUser() throws URISyntaxException {