fix: name field validations (#33429)

2023-10-11 10:03:41 +05:00
parent d6e21a1c29
commit b0f5d1e8cd
4 changed files with 62 additions and 4 deletions
--- a/openedx/core/djangoapps/user_api/accounts/api.py
+++ b/openedx/core/djangoapps/user_api/accounts/api.py
@@ -404,9 +404,23 @@ def get_name_validation_error(name):
    :return: Validation error message.

    """
+
+    def contains_html(value):
+        """
+        Validator method to check whether name contains html tags
+        """
+        regex = re.compile('(<|>)', re.UNICODE)
+        return bool(regex.search(value))
+
+    def contains_url(value):
+        """
+        Validator method to check whether full name contains url
+        """
+        regex = re.findall(r'https?://(?:[-\w.]|(?:%[\da-fA-F]{2}))*', value)
+        return bool(regex)
+
    if name:
-        regex = re.findall(r'https|http?://(?:[-\w.]|(?:%[\da-fA-F]{2}))+', name)
-        return _('Enter a valid name') if bool(regex) else ''
+        return _('Enter a valid name') if (contains_html(name) or contains_url(name)) else ''
    else:
        return accounts.REQUIRED_FIELD_NAME_MSG

--- a/openedx/core/djangoapps/user_api/accounts/tests/testutils.py
+++ b/openedx/core/djangoapps/user_api/accounts/tests/testutils.py
@@ -9,7 +9,12 @@ from common.djangoapps.util.password_policy_validators import DEFAULT_MAX_PASSWO
 INVALID_NAMES = [
    None,
    '',
-    ''
+    'http://',
+    'https://',
+    '<html_name>',
+    'https://www.example.com',
+    'Valid name http://www.example.com',
+    'Valid name <tag>',
 ]

 INVALID_USERNAMES_ASCII = [
--- a/openedx/core/djangoapps/user_authn/views/registration_form.py
+++ b/openedx/core/djangoapps/user_authn/views/registration_form.py
@@ -93,7 +93,7 @@ def contains_url(value):
    """
    Validator method to check whether full name contains url
    """
-    regex = re.findall(r'https|http?://(?:[-\w.]|(?:%[\da-fA-F]{2}))+', value)
+    regex = re.findall(r'https?://(?:[-\w.]|(?:%[\da-fA-F]{2}))*', value)
    return bool(regex)


--- a/openedx/core/djangoapps/user_authn/views/tests/test_register.py
+++ b/openedx/core/djangoapps/user_authn/views/tests/test_register.py
@@ -294,6 +294,45 @@ class RegistrationViewValidationErrorTest(
            }
        )

+        # testing for http/https
+        response = self.client.post(self.url, {
+            "email": "bob@example.com",
+            "name": "http://",
+            "username": "bob",
+            "password": "password",
+            "honor_code": "true",
+        })
+        assert response.status_code == 400
+        response_json = json.loads(response.content.decode('utf-8'))
+        self.assertDictEqual(
+            response_json,
+            {
+                "name": [{"user_message": 'Enter a valid name'}],
+                "error_code": "validation-error"
+            }
+        )
+
+    def test_register_fullname_html_validation_error(self):
+        """
+        Test for catching invalid full name errors
+        """
+        response = self.client.post(self.url, {
+            "email": "bob@example.com",
+            "name": "<Bob Smith>",
+            "username": "bob",
+            "password": "password",
+            "honor_code": "true",
+        })
+        assert response.status_code == 400
+        response_json = json.loads(response.content.decode('utf-8'))
+        self.assertDictEqual(
+            response_json,
+            {
+                'name': [{'user_message': 'Full Name cannot contain the following characters: < >'}],
+                "error_code": "validation-error"
+            }
+        )
+
    def test_register_duplicate_username_account_validation_error(self):
        # Register the first user
        response = self.client.post(self.url, {