Adding validation regex timeout.
This commit is contained in:
Barry Dorrans
parent
f0098b6e1e
commit
eaa7ca9e81
|
|
@ -1,22 +1,55 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System.Text.RegularExpressions;
|
||||
using System;
|
||||
|
||||
namespace Microsoft.AspNet.Identity
|
||||
{
|
||||
/// <summary>
|
||||
/// Options for user validation.
|
||||
/// </summary>
|
||||
public class UserOptions
|
||||
{
|
||||
/// <summary>
|
||||
/// Initializes a new instance of the <see cref="UserOptions"/> class.
|
||||
/// </summary>
|
||||
public UserOptions()
|
||||
{
|
||||
//User.RequireUniqueEmail = true; // TODO: app decision?
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the regular expression used to validate user names.
|
||||
/// </summary>
|
||||
/// <value>
|
||||
/// The regular expression used to validate user names.
|
||||
/// </value>
|
||||
/// <remarks>
|
||||
/// As regular expressions can be subject to Denial of Service attacks, depending on their complexity and user input,
|
||||
/// validation via regular expressions will timeout and fail after the value set in the <see cref="UserNameValidationRegexTimeout"/>
|
||||
/// property.
|
||||
/// </remarks>
|
||||
public string UserNameValidationRegex { get; set; } = "^[a-zA-Z0-9@_\\.]+$";
|
||||
|
||||
/// <summary>
|
||||
/// If set, enforces that emails are non empty, valid, and unique
|
||||
/// Gets or sets the timeout value used after which user name validation via the <see cref="UserNameValidationRegex"/> will fail if it has
|
||||
/// not completed.
|
||||
/// </summary>
|
||||
/// <value>
|
||||
/// The timeout value used after which user name validation via the <see cref="UserNameValidationRegex"/> will fail if it has not completed.
|
||||
/// </value>
|
||||
/// <remarks>
|
||||
/// The default value is 20 milliseconds.
|
||||
/// </remarks>
|
||||
public TimeSpan UserNameValidationRegexTimeout { get; set; } = new TimeSpan(0,0,0,0,20);
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets a flag indicating whether the application requires unique emails for its users.
|
||||
/// </summary>
|
||||
/// <value>
|
||||
/// A flag indicating whether the application requires unique emails for its users.
|
||||
/// This will be true if the application requires each user to have their own, unique email, otherwise false.
|
||||
/// </value>
|
||||
public bool RequireUniqueEmail { get; set; }
|
||||
}
|
||||
}
|
||||
|
|
@ -13,7 +13,7 @@ using System.Threading.Tasks;
|
|||
namespace Microsoft.AspNet.Identity
|
||||
{
|
||||
/// <summary>
|
||||
/// Validates users before they are saved
|
||||
/// Provides validation services for user classes.
|
||||
/// </summary>
|
||||
/// <typeparam name="TUser"></typeparam>
|
||||
public class UserValidator<TUser> : IUserValidator<TUser> where TUser : class
|
||||
|
|
@ -58,7 +58,8 @@ namespace Microsoft.AspNet.Identity
|
|||
{
|
||||
errors.Add(Describer.InvalidUserName(userName));
|
||||
}
|
||||
else if (manager.Options.User.UserNameValidationRegex != null && !Regex.IsMatch(userName, manager.Options.User.UserNameValidationRegex))
|
||||
else if (manager.Options.User.UserNameValidationRegex != null &&
|
||||
!Regex.IsMatch(userName, manager.Options.User.UserNameValidationRegex, RegexOptions.CultureInvariant, manager.Options.User.UserNameValidationRegexTimeout))
|
||||
{
|
||||
errors.Add(Describer.InvalidUserName(userName));
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue