Mercurial > p > roundup > code

comparison test/test_userauditor.py @ 5958:5148e46dd314

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
issue2550921 - prevent usernames with characters ',' and '<', '>' Can create login name with , in it. Confuses nosy list editing. Also can embed html tags. Updated userauditor.py to prevent this.
author John Rouillard <rouilj@ieee.org>
date Thu, 24 Oct 2019 21:53:46 -0400
parents d26921b851c3
children 0a37979bbd46
comparison
equal deleted inserted replaced
5957:f822a91b3778 5958:5148e46dd314
100 # make sure we strip whitespace 100 # make sure we strip whitespace
101 self.db.user.set(userid, roles=' User ') 101 self.db.user.set(userid, roles=' User ')
102 # check for all-whitespace (treat as no role) 102 # check for all-whitespace (treat as no role)
103 self.db.user.set(userid, roles=' ') 103 self.db.user.set(userid, roles=' ')
104 104
105 def testBadUsernames(self):
106 ''' ky,le raises:
107 ValueError: Username/Login Name must consist only of the letters a-z (any case), digits 0-9 and the symbols: @._-!+%
108 '''
109
110 for name in [ "ky'le", "ky<br>le" ]:
111 with self.assertRaises(ValueError) as ctx:
112 self.db.user.create(username=name,
113 address='kyle@example.com',
114 realname='Kyle Broflovski', roles='User')
115 self.assertEqual(str(ctx.exception), "Username/Login Name must "
116 "consist only of the letters a-z (any case), "
117 "digits 0-9 and the symbols: @._-!%")
118
119 self.db.user.create(username='rouilj-1+mya_ddr@users.example.com',
120 address='kyle1@example.com',
121 realname='Kyle Broflovski', roles='User')
122
105 # vim: filetype=python sts=4 sw=4 et si 123 # vim: filetype=python sts=4 sw=4 et si
Roundup Issue Tracker: http://roundup-tracker.org/