Skip to content

Commit

Permalink
Merge pull request #594 from mishaschwartz/allow-case-sensitive-regex…
Browse files Browse the repository at this point in the history
…-matches
  • Loading branch information
fmigneault authored Oct 27, 2023
2 parents 89bd257 + 56eab63 commit 5a96689
Show file tree
Hide file tree
Showing 5 changed files with 50 additions and 3 deletions.
8 changes: 7 additions & 1 deletion CHANGES.rst
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,13 @@ Changes
`Unreleased <https://github.com/Ouranosinc/Magpie/tree/master>`_ (latest)
------------------------------------------------------------------------------------

* Nothing new for the moment.
Features / Changes
~~~~~~~~~~~~~~~~~~

* Ensure that the settings/environment variable ``MAGPIE_USER_NAME_EXTRA_REGEX`` is case sensitive.
Previously, the check was case insensitive meaning that it could not be used to restrict usernames based on case.
For example, setting this value to ``^[a-z]+$`` would have permit the username ``"someuser"`` as well as
``"Someuser"``. Now, the same regular expression will not match ``"Someuser"`` since case sensitivity in enforced.

.. _changes_3.37.0:

Expand Down
3 changes: 2 additions & 1 deletion docs/configuration.rst
Original file line number Diff line number Diff line change
Expand Up @@ -953,7 +953,8 @@ remain available as described at the start of the :ref:`Configuration` section.

.. versionadded:: 3.37

A (python3 syntax) regular expression used to validate a ``user_name`` when creating or updating a :term:`User`.
A case sensitive (python3 syntax) regular expression used to validate a ``user_name`` when creating or updating a
:term:`User`.

For example, if ``MAGPIE_USER_NAME_EXTRA_REGEX='^\w+$'``, then a :term:`User` can have ``userA`` as a ``user_name``
but not ``user.A`` or ``user-A``.
Expand Down
2 changes: 1 addition & 1 deletion magpie/api/exception.py
Original file line number Diff line number Diff line change
Expand Up @@ -249,7 +249,7 @@ def verify_param( # noqa: E126 # pylint: disable=R0913,too-many-arguments
if matches:
param_compare_regex = param_compare
if isinstance(param_compare, six.string_types):
param_compare_regex = re.compile(param_compare, re.I | re.X)
param_compare_regex = re.compile(param_compare, re.X)
fail_conditions.update({"matches": bool(re.match(param_compare_regex, param))})
fail_verify = fail_verify or not fail_conditions["matches"]
if fail_verify:
Expand Down
21 changes: 21 additions & 0 deletions tests/interfaces.py
Original file line number Diff line number Diff line change
Expand Up @@ -7537,6 +7537,27 @@ def test_AddUser_FormSubmit_WithExtraUsernameRegex_Invalid(self):
msg = s.Users_CheckInfo_UserNameValueExtraRegex_BadRequestResponseSchema.description
utils.check_val_is_in(msg, html.unescape(body))

@runner.MAGPIE_TEST_USERS
def test_AddUser_FormSubmit_WithExtraUsernameRegex_CaseInvalid(self):
"""
Check that the extra_user_name_regex setting is used to validate a new user name when the user name is
invalid according to that regex because the case is incorrect but is valid according to the ax.PARAM_REGEX.
.. versionchanged:: 3.37.1
"""
utils.warn_version(self, "case sensitive user name extra regex", "3.37.1", skip=True)
with utils.mocked_get_settings(settings={"magpie.user_name_extra_regex": "^[a-z]+$"}):
data = {"user_name": "UpperCaseUserName", "group_name": get_constant("MAGPIE_USERS_GROUP"),
"email": "{}@mail.com".format(self.test_user_name),
"password": self.test_user_name, "confirm": self.test_user_name}
path = "/ui/users/add"
form = "add_user_form"
resp = utils.TestSetup.check_FormSubmit(self, form_match=form, form_submit="create", form_data=data,
path=path)
body = utils.check_ui_response_basic_info(resp)
msg = s.Users_CheckInfo_UserNameValueExtraRegex_BadRequestResponseSchema.description
utils.check_val_is_in(msg, html.unescape(body))

@runner.MAGPIE_TEST_USERS
def test_AddUser_FormSubmit_WithExtraUsernameRegex_ValidGoodUsername(self):
"""
Expand Down
19 changes: 19 additions & 0 deletions tests/test_magpie_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -489,6 +489,25 @@ def test_PostUsers_WithExtraRegex_InvalidExtraRegex(self):
headers=self.json_headers, cookies=self.cookies, expect_errors=True)
utils.check_response_basic_info(resp, 400, expected_method="POST")

@runner.MAGPIE_TEST_USERS
def test_PostUsers_WithExtraRegex_CaseInvalidExtraRegex(self):
"""
Check that the user_name_extra_regex setting is used to validate a new user name when the user name is
invalid according to that regex because the case is incorrect but is valid according to the ax.PARAM_REGEX.
.. versionchanged:: 3.37.1
"""
utils.warn_version(self, "case sensitive user name extra regex", "3.37.1", skip=True)
with utils.mocked_get_settings(settings={"magpie.user_name_extra_regex": "^[a-z]+$"}):
data = {
"user_name": "UpperCaseUserName",
"password": self.test_user_name,
"email": "[email protected]",
}
resp = utils.test_request(self, "POST", "/users", data=data,
headers=self.json_headers, cookies=self.cookies, expect_errors=True)
utils.check_response_basic_info(resp, 400, expected_method="POST")

@runner.MAGPIE_TEST_USERS
def test_PostUsers_WithExtraRegex_InvalidRegex(self):
"""
Expand Down

0 comments on commit 5a96689

Please sign in to comment.