Replace regex with string of legal username chars
This commit is contained in:
parent
9be27a82b7
commit
b2eb5feb8c
|
|
@ -11,37 +11,12 @@ namespace Microsoft.AspNet.Identity
|
||||||
public class UserOptions
|
public class UserOptions
|
||||||
{
|
{
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Initializes a new instance of the <see cref="UserOptions"/> class.
|
/// Gets or sets the list of allowed characters in the username used to validate user names.
|
||||||
/// </summary>
|
|
||||||
public UserOptions()
|
|
||||||
{
|
|
||||||
//User.RequireUniqueEmail = true; // TODO: app decision?
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Gets or sets the regular expression used to validate user names.
|
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <value>
|
/// <value>
|
||||||
/// The regular expression used to validate user names.
|
/// The list of allowed characters in the username used to validate user names.
|
||||||
/// </value>
|
/// </value>
|
||||||
/// <remarks>
|
public string AllowedUserNameCharacters { get; set; } = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@";
|
||||||
/// As regular expressions can be subject to Denial of Service attacks, depending on their complexity and user input,
|
|
||||||
/// validation via regular expressions will timeout and fail after the value set in the <see cref="UserNameValidationRegexTimeout"/>
|
|
||||||
/// property.
|
|
||||||
/// </remarks>
|
|
||||||
public string UserNameValidationRegex { get; set; } = "^[a-zA-Z0-9@_\\.]+$";
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Gets or sets the timeout value used after which user name validation via the <see cref="UserNameValidationRegex"/> will fail if it has
|
|
||||||
/// not completed.
|
|
||||||
/// </summary>
|
|
||||||
/// <value>
|
|
||||||
/// The timeout value used after which user name validation via the <see cref="UserNameValidationRegex"/> will fail if it has not completed.
|
|
||||||
/// </value>
|
|
||||||
/// <remarks>
|
|
||||||
/// The default value is 20 milliseconds.
|
|
||||||
/// </remarks>
|
|
||||||
public TimeSpan UserNameValidationRegexTimeout { get; set; } = new TimeSpan(0,0,0,0,20);
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Gets or sets a flag indicating whether the application requires unique emails for its users.
|
/// Gets or sets a flag indicating whether the application requires unique emails for its users.
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
using System.Linq;
|
||||||
#if DNX451
|
#if DNX451
|
||||||
using System.Net.Mail;
|
using System.Net.Mail;
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -65,8 +66,8 @@ namespace Microsoft.AspNet.Identity
|
||||||
{
|
{
|
||||||
errors.Add(Describer.InvalidUserName(userName));
|
errors.Add(Describer.InvalidUserName(userName));
|
||||||
}
|
}
|
||||||
else if (manager.Options.User.UserNameValidationRegex != null &&
|
else if (!string.IsNullOrEmpty(manager.Options.User.AllowedUserNameCharacters) &&
|
||||||
!Regex.IsMatch(userName, manager.Options.User.UserNameValidationRegex, RegexOptions.CultureInvariant, manager.Options.User.UserNameValidationRegexTimeout))
|
userName.Any(c => !manager.Options.User.AllowedUserNameCharacters.Contains(c)))
|
||||||
{
|
{
|
||||||
errors.Add(Describer.InvalidUserName(userName));
|
errors.Add(Describer.InvalidUserName(userName));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ namespace Microsoft.AspNet.Identity.Test
|
||||||
Assert.True(options.Password.RequireUppercase);
|
Assert.True(options.Password.RequireUppercase);
|
||||||
Assert.Equal(6, options.Password.RequiredLength);
|
Assert.Equal(6, options.Password.RequiredLength);
|
||||||
|
|
||||||
Assert.Equal("^[a-zA-Z0-9@_\\.]+$", options.User.UserNameValidationRegex);
|
Assert.Equal("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@", options.User.AllowedUserNameCharacters);
|
||||||
Assert.False(options.User.RequireUniqueEmail);
|
Assert.False(options.User.RequireUniqueEmail);
|
||||||
|
|
||||||
Assert.Equal(ClaimTypes.Role, options.ClaimsIdentity.RoleClaimType);
|
Assert.Equal(ClaimTypes.Role, options.ClaimsIdentity.RoleClaimType);
|
||||||
|
|
@ -75,7 +75,7 @@ namespace Microsoft.AspNet.Identity.Test
|
||||||
Assert.Equal(usernameClaimType, options.ClaimsIdentity.UserNameClaimType);
|
Assert.Equal(usernameClaimType, options.ClaimsIdentity.UserNameClaimType);
|
||||||
Assert.Equal(securityStampClaimType, options.ClaimsIdentity.SecurityStampClaimType);
|
Assert.Equal(securityStampClaimType, options.ClaimsIdentity.SecurityStampClaimType);
|
||||||
Assert.True(options.User.RequireUniqueEmail);
|
Assert.True(options.User.RequireUniqueEmail);
|
||||||
Assert.Equal("^[a-zA-Z0-9@_\\.]+$", options.User.UserNameValidationRegex);
|
Assert.Equal("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@", options.User.AllowedUserNameCharacters);
|
||||||
Assert.False(options.Password.RequireDigit);
|
Assert.False(options.Password.RequireDigit);
|
||||||
Assert.False(options.Password.RequireLowercase);
|
Assert.False(options.Password.RequireLowercase);
|
||||||
Assert.False(options.Password.RequireNonLetterOrDigit);
|
Assert.False(options.Password.RequireNonLetterOrDigit);
|
||||||
|
|
|
||||||
|
|
@ -43,6 +43,7 @@ namespace Microsoft.AspNet.Identity.Test
|
||||||
[InlineData("test_email@foo.com", true)]
|
[InlineData("test_email@foo.com", true)]
|
||||||
[InlineData("hao", true)]
|
[InlineData("hao", true)]
|
||||||
[InlineData("test123", true)]
|
[InlineData("test123", true)]
|
||||||
|
[InlineData("hyphen-yes@foo-bar.com", true)]
|
||||||
[InlineData("!noway", false)]
|
[InlineData("!noway", false)]
|
||||||
[InlineData("foo@boz#.com", false)]
|
[InlineData("foo@boz#.com", false)]
|
||||||
public async Task DefaultAlphaNumericOnlyUserNameValidation(string userName, bool expectSuccess)
|
public async Task DefaultAlphaNumericOnlyUserNameValidation(string userName, bool expectSuccess)
|
||||||
|
|
@ -76,7 +77,7 @@ namespace Microsoft.AspNet.Identity.Test
|
||||||
{
|
{
|
||||||
// Setup
|
// Setup
|
||||||
var manager = MockHelpers.TestUserManager(new NoopUserStore());
|
var manager = MockHelpers.TestUserManager(new NoopUserStore());
|
||||||
manager.Options.User.UserNameValidationRegex = null;
|
manager.Options.User.AllowedUserNameCharacters = null;
|
||||||
var validator = new UserValidator<TestUser>();
|
var validator = new UserValidator<TestUser>();
|
||||||
var user = new TestUser {UserName = userName};
|
var user = new TestUser {UserName = userName};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -43,7 +43,7 @@ namespace Microsoft.AspNet.Identity.Test
|
||||||
options.Password.RequireLowercase = false;
|
options.Password.RequireLowercase = false;
|
||||||
options.Password.RequireNonLetterOrDigit = false;
|
options.Password.RequireNonLetterOrDigit = false;
|
||||||
options.Password.RequireUppercase = false;
|
options.Password.RequireUppercase = false;
|
||||||
options.User.UserNameValidationRegex = null;
|
options.User.AllowedUserNameCharacters = null;
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue