From d86d3c1e5b06a266dae8c048bc58a27520ad6991 Mon Sep 17 00:00:00 2001 From: MCJ Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sat, 30 Sep 2023 00:39:25 +0200 Subject: [PATCH] Check if username confirms to Entity regex Explicit not done for the TSV to keep the old behaviour. We should check if this regex can be shared globally and used in the assertions on the Entity and through the different API endpoints for constraints. --- webapp/src/Service/ImportExportService.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/webapp/src/Service/ImportExportService.php b/webapp/src/Service/ImportExportService.php index 4ee8bc1a60..464141a9fb 100644 --- a/webapp/src/Service/ImportExportService.php +++ b/webapp/src/Service/ImportExportService.php @@ -877,6 +877,15 @@ public function importAccountsJson(array $data, ?string &$message = null, ?array $juryTeam = null; $roles = []; $type = $account['type']; + $username = $account['username']; + + $icpcRegexChars = "[a-zA-Z0-9@._-]"; + $icpcRegex = "/^" . $icpcRegexChars . "+$/"; + if (!preg_match($icpcRegex, $username)) { + $message = sprintf('Username "%s" should be non empty and only contain: %s', $username, $icpcRegexChars); + return -1; + } + // Special case for the World Finals, if the username is CDS we limit the access. // The user can see what every admin can see, but can not log in via the UI. if (isset($account['username']) && $account['username'] === 'cds') { @@ -909,7 +918,7 @@ public function importAccountsJson(array $data, ?string &$message = null, ?array 'user' => [ 'name' => $account['name'] ?? null, 'externalid' => $account['id'] ?? $account['username'], - 'username' => $account['username'], + 'username' => $username, 'plain_password' => $account['password'] ?? null, 'teamid' => $account['team_id'] ?? null, 'user_roles' => $roles,