Validate username in admin user creation process

This runs usernames through the same checks as the web interface,
ensuring no invalid user is created, such as user_name or userName.

This closes #49
This commit is contained in:
Matt Baer 2018-12-19 21:26:13 -05:00
parent 852ca5eea4
commit 5e5b283daf
1 changed files with 16 additions and 0 deletions

16
app.go
View File

@ -26,6 +26,7 @@ import (
"github.com/writeas/web-core/auth"
"github.com/writeas/web-core/converter"
"github.com/writeas/web-core/log"
"github.com/writeas/writefreely/author"
"github.com/writeas/writefreely/config"
"github.com/writeas/writefreely/page"
)
@ -508,6 +509,21 @@ func adminCreateUser(app *app, credStr string, isAdmin bool) {
username := creds[0]
password := creds[1]
// Normalize and validate username
desiredUsername := username
username = getSlug(username, "")
usernameDesc := username
if username != desiredUsername {
usernameDesc += " (originally: " + desiredUsername + ")"
}
if !author.IsValidUsername(app.cfg, username) {
log.Error("Username %s is invalid, reserved, or shorter than configured minimum length (%d characters).", usernameDesc, app.cfg.App.MinUsernameLen)
os.Exit(1)
}
// Hash the password
hashedPass, err := auth.HashPass([]byte(password))
if err != nil {
log.Error("Unable to hash password: %v", err)