Replace regex with string of legal username chars

This commit is contained in:
Hao Kung 2015-08-06 14:24:12 -07:00
parent 9be27a82b7
commit b2eb5feb8c
5 changed files with 11 additions and 34 deletions

View File

@ -11,37 +11,12 @@ namespace Microsoft.AspNet.Identity
public class UserOptions public class UserOptions
{ {
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="UserOptions"/> class. /// Gets or sets the list of allowed characters in the username used to validate user names.
/// </summary>
public UserOptions()
{
//User.RequireUniqueEmail = true; // TODO: app decision?
}
/// <summary>
/// Gets or sets the regular expression used to validate user names.
/// </summary> /// </summary>
/// <value> /// <value>
/// The regular expression used to validate user names. /// The list of allowed characters in the username used to validate user names.
/// </value> /// </value>
/// <remarks> public string AllowedUserNameCharacters { get; set; } = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@";
/// As regular expressions can be subject to Denial of Service attacks, depending on their complexity and user input,
/// validation via regular expressions will timeout and fail after the value set in the <see cref="UserNameValidationRegexTimeout"/>
/// property.
/// </remarks>
public string UserNameValidationRegex { get; set; } = "^[a-zA-Z0-9@_\\.]+$";
/// <summary>
/// Gets or sets the timeout value used after which user name validation via the <see cref="UserNameValidationRegex"/> will fail if it has
/// not completed.
/// </summary>
/// <value>
/// The timeout value used after which user name validation via the <see cref="UserNameValidationRegex"/> will fail if it has not completed.
/// </value>
/// <remarks>
/// The default value is 20 milliseconds.
/// </remarks>
public TimeSpan UserNameValidationRegexTimeout { get; set; } = new TimeSpan(0,0,0,0,20);
/// <summary> /// <summary>
/// Gets or sets a flag indicating whether the application requires unique emails for its users. /// Gets or sets a flag indicating whether the application requires unique emails for its users.

View File

@ -3,6 +3,7 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq;
#if DNX451 #if DNX451
using System.Net.Mail; using System.Net.Mail;
#endif #endif
@ -65,8 +66,8 @@ namespace Microsoft.AspNet.Identity
{ {
errors.Add(Describer.InvalidUserName(userName)); errors.Add(Describer.InvalidUserName(userName));
} }
else if (manager.Options.User.UserNameValidationRegex != null && else if (!string.IsNullOrEmpty(manager.Options.User.AllowedUserNameCharacters) &&
!Regex.IsMatch(userName, manager.Options.User.UserNameValidationRegex, RegexOptions.CultureInvariant, manager.Options.User.UserNameValidationRegexTimeout)) userName.Any(c => !manager.Options.User.AllowedUserNameCharacters.Contains(c)))
{ {
errors.Add(Describer.InvalidUserName(userName)); errors.Add(Describer.InvalidUserName(userName));
} }

View File

@ -28,7 +28,7 @@ namespace Microsoft.AspNet.Identity.Test
Assert.True(options.Password.RequireUppercase); Assert.True(options.Password.RequireUppercase);
Assert.Equal(6, options.Password.RequiredLength); Assert.Equal(6, options.Password.RequiredLength);
Assert.Equal("^[a-zA-Z0-9@_\\.]+$", options.User.UserNameValidationRegex); Assert.Equal("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@", options.User.AllowedUserNameCharacters);
Assert.False(options.User.RequireUniqueEmail); Assert.False(options.User.RequireUniqueEmail);
Assert.Equal(ClaimTypes.Role, options.ClaimsIdentity.RoleClaimType); Assert.Equal(ClaimTypes.Role, options.ClaimsIdentity.RoleClaimType);
@ -75,7 +75,7 @@ namespace Microsoft.AspNet.Identity.Test
Assert.Equal(usernameClaimType, options.ClaimsIdentity.UserNameClaimType); Assert.Equal(usernameClaimType, options.ClaimsIdentity.UserNameClaimType);
Assert.Equal(securityStampClaimType, options.ClaimsIdentity.SecurityStampClaimType); Assert.Equal(securityStampClaimType, options.ClaimsIdentity.SecurityStampClaimType);
Assert.True(options.User.RequireUniqueEmail); Assert.True(options.User.RequireUniqueEmail);
Assert.Equal("^[a-zA-Z0-9@_\\.]+$", options.User.UserNameValidationRegex); Assert.Equal("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@", options.User.AllowedUserNameCharacters);
Assert.False(options.Password.RequireDigit); Assert.False(options.Password.RequireDigit);
Assert.False(options.Password.RequireLowercase); Assert.False(options.Password.RequireLowercase);
Assert.False(options.Password.RequireNonLetterOrDigit); Assert.False(options.Password.RequireNonLetterOrDigit);

View File

@ -43,6 +43,7 @@ namespace Microsoft.AspNet.Identity.Test
[InlineData("test_email@foo.com", true)] [InlineData("test_email@foo.com", true)]
[InlineData("hao", true)] [InlineData("hao", true)]
[InlineData("test123", true)] [InlineData("test123", true)]
[InlineData("hyphen-yes@foo-bar.com", true)]
[InlineData("!noway", false)] [InlineData("!noway", false)]
[InlineData("foo@boz#.com", false)] [InlineData("foo@boz#.com", false)]
public async Task DefaultAlphaNumericOnlyUserNameValidation(string userName, bool expectSuccess) public async Task DefaultAlphaNumericOnlyUserNameValidation(string userName, bool expectSuccess)
@ -76,7 +77,7 @@ namespace Microsoft.AspNet.Identity.Test
{ {
// Setup // Setup
var manager = MockHelpers.TestUserManager(new NoopUserStore()); var manager = MockHelpers.TestUserManager(new NoopUserStore());
manager.Options.User.UserNameValidationRegex = null; manager.Options.User.AllowedUserNameCharacters = null;
var validator = new UserValidator<TestUser>(); var validator = new UserValidator<TestUser>();
var user = new TestUser {UserName = userName}; var user = new TestUser {UserName = userName};

View File

@ -43,7 +43,7 @@ namespace Microsoft.AspNet.Identity.Test
options.Password.RequireLowercase = false; options.Password.RequireLowercase = false;
options.Password.RequireNonLetterOrDigit = false; options.Password.RequireNonLetterOrDigit = false;
options.Password.RequireUppercase = false; options.Password.RequireUppercase = false;
options.User.UserNameValidationRegex = null; options.User.AllowedUserNameCharacters = null;
}); });
} }