From 207239c570229ae1a6bfdb40b33ef0123909550d Mon Sep 17 00:00:00 2001 From: MCJ Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sat, 30 Sep 2023 00:39:25 +0200 Subject: [PATCH] Check if username confirms to Entity regex Explicit not done for the TSV to keep the old behaviour. We should check if this regex can be shared globally and used in the assertions on the Entity and through the different API endpoints for constraints. --- webapp/src/Service/ImportExportService.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/webapp/src/Service/ImportExportService.php b/webapp/src/Service/ImportExportService.php index 4ee8bc1a607..32ac2cc8f7e 100644 --- a/webapp/src/Service/ImportExportService.php +++ b/webapp/src/Service/ImportExportService.php @@ -877,6 +877,14 @@ public function importAccountsJson(array $data, ?string &$message = null, ?array $juryTeam = null; $roles = []; $type = $account['type']; + $username = $account['username']; + + $icpcRegex = "/^[a-zA-Z0-9@._-]+$/"; + if (!preg_match($icpcRegex, $username)) { + $message = sprintf('Username "%s" should follow regex pattern: %s', $username, $icpcRegex); + return -1; + } + // Special case for the World Finals, if the username is CDS we limit the access. // The user can see what every admin can see, but can not log in via the UI. if (isset($account['username']) && $account['username'] === 'cds') { @@ -909,7 +917,7 @@ public function importAccountsJson(array $data, ?string &$message = null, ?array 'user' => [ 'name' => $account['name'] ?? null, 'externalid' => $account['id'] ?? $account['username'], - 'username' => $account['username'], + 'username' => $username, 'plain_password' => $account['password'] ?? null, 'teamid' => $account['team_id'] ?? null, 'user_roles' => $roles,