Adding validation regex timeout.
This commit is contained in:
parent
f0098b6e1e
commit
eaa7ca9e81
|
|
@ -1,22 +1,55 @@
|
||||||
// Copyright (c) .NET Foundation. All rights reserved.
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
using System.Text.RegularExpressions;
|
using System;
|
||||||
|
|
||||||
namespace Microsoft.AspNet.Identity
|
namespace Microsoft.AspNet.Identity
|
||||||
{
|
{
|
||||||
|
/// <summary>
|
||||||
|
/// Options for user validation.
|
||||||
|
/// </summary>
|
||||||
public class UserOptions
|
public class UserOptions
|
||||||
{
|
{
|
||||||
|
/// <summary>
|
||||||
|
/// Initializes a new instance of the <see cref="UserOptions"/> class.
|
||||||
|
/// </summary>
|
||||||
public UserOptions()
|
public UserOptions()
|
||||||
{
|
{
|
||||||
//User.RequireUniqueEmail = true; // TODO: app decision?
|
//User.RequireUniqueEmail = true; // TODO: app decision?
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Gets or sets the regular expression used to validate user names.
|
||||||
|
/// </summary>
|
||||||
|
/// <value>
|
||||||
|
/// The regular expression used to validate user names.
|
||||||
|
/// </value>
|
||||||
|
/// <remarks>
|
||||||
|
/// As regular expressions can be subject to Denial of Service attacks, depending on their complexity and user input,
|
||||||
|
/// validation via regular expressions will timeout and fail after the value set in the <see cref="UserNameValidationRegexTimeout"/>
|
||||||
|
/// property.
|
||||||
|
/// </remarks>
|
||||||
public string UserNameValidationRegex { get; set; } = "^[a-zA-Z0-9@_\\.]+$";
|
public string UserNameValidationRegex { get; set; } = "^[a-zA-Z0-9@_\\.]+$";
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// If set, enforces that emails are non empty, valid, and unique
|
/// Gets or sets the timeout value used after which user name validation via the <see cref="UserNameValidationRegex"/> will fail if it has
|
||||||
|
/// not completed.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
|
/// <value>
|
||||||
|
/// The timeout value used after which user name validation via the <see cref="UserNameValidationRegex"/> will fail if it has not completed.
|
||||||
|
/// </value>
|
||||||
|
/// <remarks>
|
||||||
|
/// The default value is 20 milliseconds.
|
||||||
|
/// </remarks>
|
||||||
|
public TimeSpan UserNameValidationRegexTimeout { get; set; } = new TimeSpan(0,0,0,0,20);
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Gets or sets a flag indicating whether the application requires unique emails for its users.
|
||||||
|
/// </summary>
|
||||||
|
/// <value>
|
||||||
|
/// A flag indicating whether the application requires unique emails for its users.
|
||||||
|
/// This will be true if the application requires each user to have their own, unique email, otherwise false.
|
||||||
|
/// </value>
|
||||||
public bool RequireUniqueEmail { get; set; }
|
public bool RequireUniqueEmail { get; set; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -13,7 +13,7 @@ using System.Threading.Tasks;
|
||||||
namespace Microsoft.AspNet.Identity
|
namespace Microsoft.AspNet.Identity
|
||||||
{
|
{
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Validates users before they are saved
|
/// Provides validation services for user classes.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <typeparam name="TUser"></typeparam>
|
/// <typeparam name="TUser"></typeparam>
|
||||||
public class UserValidator<TUser> : IUserValidator<TUser> where TUser : class
|
public class UserValidator<TUser> : IUserValidator<TUser> where TUser : class
|
||||||
|
|
@ -58,7 +58,8 @@ namespace Microsoft.AspNet.Identity
|
||||||
{
|
{
|
||||||
errors.Add(Describer.InvalidUserName(userName));
|
errors.Add(Describer.InvalidUserName(userName));
|
||||||
}
|
}
|
||||||
else if (manager.Options.User.UserNameValidationRegex != null && !Regex.IsMatch(userName, manager.Options.User.UserNameValidationRegex))
|
else if (manager.Options.User.UserNameValidationRegex != null &&
|
||||||
|
!Regex.IsMatch(userName, manager.Options.User.UserNameValidationRegex, RegexOptions.CultureInvariant, manager.Options.User.UserNameValidationRegexTimeout))
|
||||||
{
|
{
|
||||||
errors.Add(Describer.InvalidUserName(userName));
|
errors.Add(Describer.InvalidUserName(userName));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue