aboutsummaryrefslogtreecommitdiffstats
path: root/rust/src/api_helpers.rs
diff options
context:
space:
mode:
Diffstat (limited to 'rust/src/api_helpers.rs')
-rw-r--r--rust/src/api_helpers.rs49
1 files changed, 48 insertions, 1 deletions
diff --git a/rust/src/api_helpers.rs b/rust/src/api_helpers.rs
index 7478da9d..79114d4f 100644
--- a/rust/src/api_helpers.rs
+++ b/rust/src/api_helpers.rs
@@ -228,13 +228,13 @@ pub fn make_edit_context(
})
}
-// TODO: verify username (alphanum, etc)
pub fn create_editor(
conn: &DbConn,
username: String,
is_admin: bool,
is_bot: bool,
) -> Result<EditorRow> {
+ check_username(&username)?;
let ed: EditorRow = diesel::insert_into(editor::table)
.values((
editor::username.eq(username),
@@ -245,6 +245,19 @@ pub fn create_editor(
Ok(ed)
}
+pub fn update_editor_username(
+ conn: &DbConn,
+ editor_id: FatCatId,
+ username: String,
+) -> Result<EditorRow> {
+ check_username(&username)?;
+ diesel::update(editor::table.find(editor_id.to_uuid()))
+ .set(editor::username.eq(username))
+ .execute(conn)?;
+ let editor: EditorRow = editor::table.find(editor_id.to_uuid()).get_result(conn)?;
+ Ok(editor)
+}
+
/// This function should always be run within a transaction
pub fn get_or_create_editgroup(editor_id: Uuid, conn: &DbConn) -> Result<Uuid> {
// check for current active
@@ -344,6 +357,40 @@ pub fn uuid2fcid(id: &Uuid) -> String {
BASE32_NOPAD.encode(raw).to_lowercase()
}
+pub fn check_username(raw: &str) -> Result<()> {
+ lazy_static! {
+ static ref RE: Regex = Regex::new(r"^[A-Za-z0-9][A-Za-z0-9._-]{2,15}$").unwrap();
+ }
+ if RE.is_match(raw) {
+ Ok(())
+ } else {
+ Err(ErrorKind::MalformedExternalId(format!(
+ "not a valid username: '{}' (expected, eg, 'AcidBurn')",
+ raw
+ ))
+ .into())
+ }
+}
+
+#[test]
+fn test_check_username() {
+ assert!(check_username("bnewbold").is_ok());
+ assert!(check_username("BNEWBOLD").is_ok());
+ assert!(check_username("admin").is_ok());
+ assert!(check_username("friend-bot").is_ok());
+ assert!(check_username("dog").is_ok());
+ assert!(check_username("g_____").is_ok());
+
+ assert!(check_username("").is_err());
+ assert!(check_username("_").is_err());
+ assert!(check_username("gg").is_err());
+ assert!(check_username("adminadminadminadminadminadminadmin").is_err());
+ assert!(check_username("bryan newbold").is_err());
+ assert!(check_username("01234567-3456-6780").is_err());
+ assert!(check_username(".admin").is_err());
+ assert!(check_username("-bot").is_err());
+}
+
pub fn check_pmcid(raw: &str) -> Result<()> {
lazy_static! {
static ref RE: Regex = Regex::new(r"^PMC\d+$").unwrap();