From b0f5d1e8cd09b01a09ff6cb51a3ae87a5bcbd692 Mon Sep 17 00:00:00 2001 From: Syed Sajjad Hussain Shah <52817156+syedsajjadkazmii@users.noreply.github.com> Date: Wed, 11 Oct 2023 10:03:41 +0500 Subject: [PATCH] fix: name field validations (#33429) --- .../core/djangoapps/user_api/accounts/api.py | 18 ++++++++- .../user_api/accounts/tests/testutils.py | 7 +++- .../user_authn/views/registration_form.py | 2 +- .../user_authn/views/tests/test_register.py | 39 +++++++++++++++++++ 4 files changed, 62 insertions(+), 4 deletions(-) diff --git a/openedx/core/djangoapps/user_api/accounts/api.py b/openedx/core/djangoapps/user_api/accounts/api.py index 4e1c6b426d..bc4fd1d1a7 100644 --- a/openedx/core/djangoapps/user_api/accounts/api.py +++ b/openedx/core/djangoapps/user_api/accounts/api.py @@ -404,9 +404,23 @@ def get_name_validation_error(name): :return: Validation error message. """ + + def contains_html(value): + """ + Validator method to check whether name contains html tags + """ + regex = re.compile('(<|>)', re.UNICODE) + return bool(regex.search(value)) + + def contains_url(value): + """ + Validator method to check whether full name contains url + """ + regex = re.findall(r'https?://(?:[-\w.]|(?:%[\da-fA-F]{2}))*', value) + return bool(regex) + if name: - regex = re.findall(r'https|http?://(?:[-\w.]|(?:%[\da-fA-F]{2}))+', name) - return _('Enter a valid name') if bool(regex) else '' + return _('Enter a valid name') if (contains_html(name) or contains_url(name)) else '' else: return accounts.REQUIRED_FIELD_NAME_MSG diff --git a/openedx/core/djangoapps/user_api/accounts/tests/testutils.py b/openedx/core/djangoapps/user_api/accounts/tests/testutils.py index 8befbbdc90..24f7c16f24 100644 --- a/openedx/core/djangoapps/user_api/accounts/tests/testutils.py +++ b/openedx/core/djangoapps/user_api/accounts/tests/testutils.py @@ -9,7 +9,12 @@ from common.djangoapps.util.password_policy_validators import DEFAULT_MAX_PASSWO INVALID_NAMES = [ None, '', - '' + 'http://', + 'https://', + '', + 'https://www.example.com', + 'Valid name http://www.example.com', + 'Valid name ', ] INVALID_USERNAMES_ASCII = [ diff --git a/openedx/core/djangoapps/user_authn/views/registration_form.py b/openedx/core/djangoapps/user_authn/views/registration_form.py index e503265d1e..d49e4c439e 100644 --- a/openedx/core/djangoapps/user_authn/views/registration_form.py +++ b/openedx/core/djangoapps/user_authn/views/registration_form.py @@ -93,7 +93,7 @@ def contains_url(value): """ Validator method to check whether full name contains url """ - regex = re.findall(r'https|http?://(?:[-\w.]|(?:%[\da-fA-F]{2}))+', value) + regex = re.findall(r'https?://(?:[-\w.]|(?:%[\da-fA-F]{2}))*', value) return bool(regex) diff --git a/openedx/core/djangoapps/user_authn/views/tests/test_register.py b/openedx/core/djangoapps/user_authn/views/tests/test_register.py index 0bc05545f7..59ae98bb15 100644 --- a/openedx/core/djangoapps/user_authn/views/tests/test_register.py +++ b/openedx/core/djangoapps/user_authn/views/tests/test_register.py @@ -294,6 +294,45 @@ class RegistrationViewValidationErrorTest( } ) + # testing for http/https + response = self.client.post(self.url, { + "email": "bob@example.com", + "name": "http://", + "username": "bob", + "password": "password", + "honor_code": "true", + }) + assert response.status_code == 400 + response_json = json.loads(response.content.decode('utf-8')) + self.assertDictEqual( + response_json, + { + "name": [{"user_message": 'Enter a valid name'}], + "error_code": "validation-error" + } + ) + + def test_register_fullname_html_validation_error(self): + """ + Test for catching invalid full name errors + """ + response = self.client.post(self.url, { + "email": "bob@example.com", + "name": "", + "username": "bob", + "password": "password", + "honor_code": "true", + }) + assert response.status_code == 400 + response_json = json.loads(response.content.decode('utf-8')) + self.assertDictEqual( + response_json, + { + 'name': [{'user_message': 'Full Name cannot contain the following characters: < >'}], + "error_code": "validation-error" + } + ) + def test_register_duplicate_username_account_validation_error(self): # Register the first user response = self.client.post(self.url, {