From 02c486d08b55018f4dccf4bc8d360bb655ffac6d Mon Sep 17 00:00:00 2001 From: Leo Date: Sat, 30 Nov 2019 12:07:23 +0800 Subject: [PATCH] update username, email check in users api (#4324) --- seahub/api2/endpoints/admin/users.py | 23 ++++------------------- seahub/utils/__init__.py | 5 +++++ 2 files changed, 9 insertions(+), 19 deletions(-) diff --git a/seahub/api2/endpoints/admin/users.py b/seahub/api2/endpoints/admin/users.py index 31e674a858..0f9a704ebd 100644 --- a/seahub/api2/endpoints/admin/users.py +++ b/seahub/api2/endpoints/admin/users.py @@ -30,7 +30,7 @@ from seahub.two_factor.models import default_device from seahub.profile.models import Profile from seahub.profile.settings import CONTACT_CACHE_TIMEOUT, CONTACT_CACHE_PREFIX, \ NICKNAME_CACHE_PREFIX, NICKNAME_CACHE_TIMEOUT -from seahub.utils import is_valid_username, is_org_context, \ +from seahub.utils import is_valid_username2, is_org_context, \ is_pro_version, normalize_cache_key, is_valid_email, \ IS_EMAIL_CONFIGURED, send_html_email, get_site_name, \ gen_shared_link, gen_shared_upload_link @@ -395,7 +395,7 @@ class AdminUsers(APIView): return api_error(status.HTTP_400_BAD_REQUEST, error_msg) email = request.data.get('email', None) - if not email or not is_valid_username(email): + if not email or not is_valid_email(email): error_msg = 'email invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) @@ -435,7 +435,7 @@ class AdminUsers(APIView): return api_error(status.HTTP_400_BAD_REQUEST, error_msg) contact_email = request.data.get('contact_email', None) - if contact_email and not is_valid_username(contact_email): + if contact_email and not is_valid_email(contact_email): error_msg = 'contact_email invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) @@ -849,7 +849,7 @@ class AdminUserResetPassword(APIView): 1. only admin can perform this action. """ - if not is_valid_username(email): + if not is_valid_username2(email): error_msg = 'email invalid' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) @@ -906,10 +906,6 @@ class AdminUserGroups(APIView): 1. Admin user; """ - if not is_valid_username(email): - error_msg = 'email invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - try: User.objects.get(email=email) except User.DoesNotExist as e: @@ -971,9 +967,6 @@ class AdminUserShareLinks(APIView): Permission checking: 1. only admin can perform this action. """ - if not is_valid_username(email): - error_msg = 'email invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) try: User.objects.get(email=email) @@ -1004,10 +997,6 @@ class AdminUserUploadLinks(APIView): 1. only admin can perform this action. """ - if not is_valid_username(email): - error_msg = 'email invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - try: User.objects.get(email=email) except User.DoesNotExist as e: @@ -1038,10 +1027,6 @@ class AdminUserBeSharedRepos(APIView): 1. only admin can perform this action. """ - if not is_valid_username(email): - error_msg = 'email invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - try: User.objects.get(email=email) except User.DoesNotExist as e: diff --git a/seahub/utils/__init__.py b/seahub/utils/__init__.py index 253088b0c6..fc28707891 100644 --- a/seahub/utils/__init__.py +++ b/seahub/utils/__init__.py @@ -285,6 +285,11 @@ def is_valid_username(username): """ return is_valid_email(username) +def is_valid_username2(username): + """ New username check function, old version is used by many others, stay put + """ + return (not username.startswith(' ')) and (not username.endswith(' ')) + def is_valid_dirent_name(name): """Check whether repo/dir/file name is valid. """