From ba055250a0cfcc4327de395e08696b0aa306c3d6 Mon Sep 17 00:00:00 2001 From: Sofia Baltzi <> Date: Wed, 4 Apr 2018 15:13:29 +0000 Subject: [PATCH] Add check for username - Allow only numbers, letters, periods, underscores and hyphens --- .../usermanagement/RegisterServlet.java | 13 +++++++---- src/main/webapp/js/validation.js | 22 +++++++++++++++++++ src/main/webapp/register.jsp | 12 +++++++++- 3 files changed, 42 insertions(+), 5 deletions(-) diff --git a/src/main/java/eu/dnetlib/openaire/usermanagement/RegisterServlet.java b/src/main/java/eu/dnetlib/openaire/usermanagement/RegisterServlet.java index c9c858c..5185f11 100644 --- a/src/main/java/eu/dnetlib/openaire/usermanagement/RegisterServlet.java +++ b/src/main/java/eu/dnetlib/openaire/usermanagement/RegisterServlet.java @@ -63,7 +63,7 @@ public class RegisterServlet extends HttpServlet { try { - if (username.matches("^[a-zA-Z0-9][a-zA-Z0-9_-]{4,150}") && !ldapActions.usernameExists(username) && !ldapActions.emailExists(email) + if (username.matches("^[a-zA-Z0-9._-]{4,150}") && !ldapActions.usernameExists(username) && !ldapActions.emailExists(email) && !ldapActions.isZombieUsersEmail(email) && !ldapActions.isZombieUsersUsername(username)) { ldapActions.createZombieUser(username, email, firstName, lastName, organization, password); @@ -102,7 +102,7 @@ public class RegisterServlet extends HttpServlet { } else { - if(!username.matches("^[a-zA-Z0-9][a-zA-Z0-9_-]{4,150}")){ + if(!username.matches("^[a-zA-Z0-9._-]{4,150}")) { if (username.length() < 5) { request.getSession().setAttribute("username_message", "Minimum username length 5 characters."); @@ -110,8 +110,13 @@ public class RegisterServlet extends HttpServlet { } if (username.length() > 150) { - request.getSession().setAttribute("username_message", "Maximum username lenght 150 characters."); - logger.info("Maximum username lenght 150 characters."); + request.getSession().setAttribute("username_message", "Maximum username length 150 characters."); + logger.info("Maximum username length 150 characters."); + } + + if (!username.matches("^[a-zA-Z0-9\\.\\_\\-]")) { + request.getSession().setAttribute("username_allowed_message", "You can use only letters, numbers, underscores, hyphens and periods."); + logger.info("Only letters, numbers, underscores, hyphens and periods."); } } diff --git a/src/main/webapp/js/validation.js b/src/main/webapp/js/validation.js index b54b77d..748dade 100644 --- a/src/main/webapp/js/validation.js +++ b/src/main/webapp/js/validation.js @@ -1,13 +1,16 @@ function validateForm() { + var username = $("#username").val(); var email = $("#email").val(); var email_conf = $("#email_conf").val(); var password = $("#password").val(); var password_conf = $("#password_conf").val(); + var isValidUsername = validateUsername(username); var isValidEmail = validateEmail(email); var isValidPassword = validatePassword(password); var hasError = false; + var isUsernameFilled = false; var isEmailFilled = false; var isPasswordFilled = false; @@ -52,11 +55,25 @@ function validateForm() { $(".msg_username_error").show(); hasError = true; } else { + isUsernameFilled = true; $(".msg_username_error").hide(); $("#username").removeClass('aai-form-danger'); } } + // If username is filled + if (isUsernameFilled) { + // Check if username is valid + if (!isValidUsername) { + $("#username").addClass('uk-input aai-form-danger'); + $(".msg_username_allowed_characters").show(); + hasError = true; + } else { + $(".msg_username_allowed_characters").hide(); + $("#username").removeClass('aai-form-danger'); + } + } + if($("#verification_code").val() != undefined) { if($.trim($("#verification_code").val()).length <= 0) { $("#verification_code").addClass('uk-input aai-form-danger'); @@ -156,6 +173,11 @@ function validateForm() { return !hasError; } +function validateUsername(username) { + var re = /^[a-zA-Z0-9._-]{4,150}$/; + return re.test(username); +} + function validateEmail(email) { var re = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/; return re.test(email); diff --git a/src/main/webapp/register.jsp b/src/main/webapp/register.jsp index aed53e0..f1338ad 100644 --- a/src/main/webapp/register.jsp +++ b/src/main/webapp/register.jsp @@ -74,9 +74,11 @@
- + + ${username_message} + ${username_allowed_message}
@@ -178,6 +180,12 @@ } else { $(".msg_username_max_lenght").fadeIn(); } + var allowedChars = /^[a-zA-Z0-9._-]{4,150}$/; + if (usernameInput.value.match(allowedChars)) { + $(".msg_username_allowed_characters").fadeOut(); + } else { + $(".msg_username_allowed_characters").fadeIn(); + } } // myEmailInput.onfocusOut = function() { // @@ -197,6 +205,8 @@ $(this).removeClass('aai-form-danger'); $(".msg_username_error").fadeOut(); $("#username_server_error").fadeOut(); + $("#username_allowed_server_error").fadeOut(); + }); $("#email").focusin(function () {