username must be at least 3 characters long #29198
Conversation
|
@Peter-Prochaska did you test this? jenkins is red - please have a look |
|
This will "fix" the user named "0" issue, by banning any 1 (or 2) char string as a username: #28406 |
|
I guess this only applies to "local" ownCloud-created usernames. Short ones could still come from LDAP? |
Yes |
|
|
peterprochaska
force-pushed
the
username-must-at-least-3-characters-long
branch
from
5c806a6 to
94ee206
Compare
.htaccess
Outdated
| @@ -84,4 +84,3 @@ Options -Indexes | |||
| <IfModule pagespeed_module> | |||
| ModPagespeed Off | |||
| </IfModule> | |||
|
|
|||
peterprochaska
force-pushed
the
username-must-at-least-3-characters-long
branch
from
eb80f56 to
e723c18
Compare
lib/private/User/Manager.php
Outdated
| @@ -289,6 +289,12 @@ public function searchDisplayName($pattern, $limit = null, $offset = null) { | |||
| */ | |||
| public function createUser($uid, $password) { | |||
| $l = \OC::$server->getL10N('lib'); | |||
|
|
|||
| // Username must at least 3 characters long | |||
| if(strlen($uid) <= 3) { | |||
There was a problem hiding this comment.
Additionally I would place it after the whitespace check...
There was a problem hiding this comment.
No and no, <=3 ist min 3. And after the whitespace check we have the problem with the "."
There was a problem hiding this comment.
The message says The username must be at least 3 characters long which means it can be 3, 4, 5... characters long. But if I put in a 3-character username "abc" it will not let me do it.
So the "if" test here and the message have different things. One of them needs to be changed, depending on what is the requirement.
.htaccess
Outdated
| @@ -83,5 +83,4 @@ AddDefaultCharset utf-8 | |||
| Options -Indexes | |||
| <IfModule pagespeed_module> | |||
| ModPagespeed Off | |||
| </IfModule> | |||
|
|
|||
| </IfModule> | |||
There was a problem hiding this comment.
I guess this will break the .htaccess again? AFAIK the newline is expected.
There was a problem hiding this comment.
What now? Expected or not?
There was a problem hiding this comment.
In the first place a change to .htaccess should never have been added to the commit. Sometimes git is seeing that it was modified during a local dev install, and then "just adds it" to the commit (it depends what git tool you are using and what is in the .gitignore file etc.)
So you need to press "Enter" at the end of the last line, commit and squash. Hopefully .htaccess will then become identical to the current version in master, and so it will disappear from this PR.
There was a problem hiding this comment.
git checkout master .htaccess to revert the changes.
htaccess is not relevant to this PR / commit, so if we want something different there, needs to be fixed separately
peterprochaska
force-pushed
the
username-must-at-least-3-characters-long
branch
from
e4bccad to
23e7eb0
Compare
lib/private/User/Manager.php
Outdated
| @@ -289,6 +289,12 @@ public function searchDisplayName($pattern, $limit = null, $offset = null) { | |||
| */ | |||
| public function createUser($uid, $password) { | |||
| $l = \OC::$server->getL10N('lib'); | |||
|
|
|||
| // Username must at least 3 characters long | |||
There was a problem hiding this comment.
Username must be at least...
lib/private/User/Manager.php
Outdated
| @@ -289,6 +289,12 @@ public function searchDisplayName($pattern, $limit = null, $offset = null) { | |||
| */ | |||
| public function createUser($uid, $password) { | |||
| $l = \OC::$server->getL10N('lib'); | |||
|
|
|||
| // Username must at least 3 characters long | |||
| if(strlen($uid) < 3) { | |||
There was a problem hiding this comment.
I like to have space between keywords an the next bracket, like in the next ``if (` below.
It is part of some coding standards - don't know if it is the rule in oC.
There was a problem hiding this comment.
Is there a reason why you put that quey at the start - just before all other checks like whitespace and valid characters?
Should´nt the result be minimum three valid characters ?
There was a problem hiding this comment.
Quite valid question - otherwise we end up with ' .' as user name
There was a problem hiding this comment.
the answer is likely: need more ☕️ 😉
fixed error reverted .htaccess reverted .htaccess reverted .htaccess to master version and adjust if statement moved len check after other checks
peterprochaska
force-pushed
the
username-must-at-least-3-characters-long
branch
from
3484c4e to
e682412
Compare
|
restarted jenkins |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Description
Username must be at least 3 characters long
Related Issue
HackerOne and https://github.com/owncloud/security-tracker/issues/227
Motivation and Context
How Has This Been Tested?
You can't add a user with 'a' or 'ab'
Screenshots (if appropriate):
Types of changes
Checklist: