Mercurial > p > roundup > code

diff test/test_userauditor.py @ 5958:5148e46dd314

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
issue2550921 - prevent usernames with characters ',' and '<', '>' Can create login name with , in it. Confuses nosy list editing. Also can embed html tags. Updated userauditor.py to prevent this.
author John Rouillard <rouilj@ieee.org>
date Thu, 24 Oct 2019 21:53:46 -0400
parents d26921b851c3
children 0a37979bbd46
line wrap: on
line diff
--- a/test/test_userauditor.py	Thu Oct 24 20:47:46 2019 -0400
+++ b/test/test_userauditor.py	Thu Oct 24 21:53:46 2019 -0400
@@ -102,4 +102,22 @@
         # check for all-whitespace (treat as no role)
         self.db.user.set(userid, roles='   ')
 
+    def testBadUsernames(self):
+        ''' ky,le raises:
+        ValueError: Username/Login Name must consist only of the letters a-z (any case), digits 0-9 and the symbols: @._-!+%
+        '''
+
+        for name in [ "ky'le", "ky<br>le" ]:
+            with self.assertRaises(ValueError) as ctx:
+                self.db.user.create(username=name,
+                                    address='kyle@example.com',
+                                    realname='Kyle Broflovski', roles='User')
+                self.assertEqual(str(ctx.exception), "Username/Login Name must "
+                                 "consist only of the letters a-z (any case), "
+                                 "digits 0-9 and the symbols: @._-!%")
+
+        self.db.user.create(username='rouilj-1+mya_ddr@users.example.com',
+            address='kyle1@example.com',
+            realname='Kyle Broflovski', roles='User')
+
 # vim: filetype=python sts=4 sw=4 et si
Roundup Issue Tracker: http://roundup-tracker.org/