mirror of
https://gitlab.linphone.org/BC/public/flexisip-account-manager.git
synced 2026-01-17 10:08:05 +00:00
Fix #77 Add proper SIP username validation
This commit is contained in:
Timothée Jaussoin
parent
8803ae1077
commit
86f4a67c1e
18 changed files with 68 additions and 25 deletions
|
|
@ -36,6 +36,7 @@ use App\Libraries\OvhSMS;
|
|||
use App\Mail\RegisterConfirmation;
|
||||
use App\Mail\NewsletterRegistration;
|
||||
use App\Rules\BlacklistedUsername;
|
||||
use App\Rules\SIPUsername;
|
||||
|
||||
class RegisterController extends Controller
|
||||
{
|
||||
|
|
@ -81,7 +82,8 @@ class RegisterController extends Controller
|
|||
'filled',
|
||||
new WithoutSpaces,
|
||||
new IsNotPhoneNumber,
|
||||
new BlacklistedUsername
|
||||
new BlacklistedUsername,
|
||||
new SIPUsername
|
||||
],
|
||||
'g-recaptcha-response' => 'required|captcha',
|
||||
'email' => config('app.account_email_unique')
|
||||
|
|
@ -129,7 +131,8 @@ class RegisterController extends Controller
|
|||
'nullable',
|
||||
new WithoutSpaces,
|
||||
new IsNotPhoneNumber,
|
||||
new BlacklistedUsername
|
||||
new BlacklistedUsername,
|
||||
new SIPUsername
|
||||
],
|
||||
'phone' => [
|
||||
'required', 'unique:aliases,alias',
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ use App\Http\Controllers\Account\AuthenticateController as WebAuthenticateContro
|
|||
use App\Rules\BlacklistedUsername;
|
||||
use App\Rules\IsNotPhoneNumber;
|
||||
use App\Rules\NoUppercase;
|
||||
use App\Rules\SIPUsername;
|
||||
use App\Rules\WithoutSpaces;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
|
|
@ -78,6 +79,7 @@ class AccountController extends Controller
|
|||
new NoUppercase,
|
||||
new IsNotPhoneNumber,
|
||||
new BlacklistedUsername,
|
||||
new SIPUsername,
|
||||
Rule::unique('accounts', 'username')->where(function ($query) use ($request) {
|
||||
$query->where('domain', $this->resolveDomain($request));
|
||||
}),
|
||||
|
|
@ -132,6 +134,7 @@ class AccountController extends Controller
|
|||
new NoUppercase,
|
||||
new IsNotPhoneNumber,
|
||||
new BlacklistedUsername,
|
||||
new SIPUsername,
|
||||
Rule::unique('accounts', 'username')->where(function ($query) use ($request) {
|
||||
$query->where('domain', $this->resolveDomain($request));
|
||||
})->ignore($id),
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ use App\Mail\RegisterConfirmation;
|
|||
use App\Rules\BlacklistedUsername;
|
||||
use App\Rules\IsNotPhoneNumber;
|
||||
use App\Rules\NoUppercase;
|
||||
use App\Rules\SIPUsername;
|
||||
use App\Rules\WithoutSpaces;
|
||||
|
||||
class AccountController extends Controller
|
||||
|
|
@ -91,6 +92,7 @@ class AccountController extends Controller
|
|||
new NoUppercase,
|
||||
new IsNotPhoneNumber,
|
||||
new BlacklistedUsername,
|
||||
new SIPUsername,
|
||||
Rule::unique('accounts', 'username')->where(function ($query) use ($request) {
|
||||
$query->where('domain', $request->has('domain') ? $request->get('domain') : config('app.sip_domain'));
|
||||
}),
|
||||
|
|
@ -225,6 +227,7 @@ class AccountController extends Controller
|
|||
new NoUppercase,
|
||||
new IsNotPhoneNumber,
|
||||
new BlacklistedUsername,
|
||||
new SIPUsername,
|
||||
Rule::unique('accounts', 'username')->where(function ($query) use ($request) {
|
||||
$query->where('domain', config('app.sip_domain'));
|
||||
}),
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ use App\Http\Controllers\Account\AuthenticateController as WebAuthenticateContro
|
|||
use App\Rules\BlacklistedUsername;
|
||||
use App\Rules\IsNotPhoneNumber;
|
||||
use App\Rules\NoUppercase;
|
||||
use App\Rules\SIPUsername;
|
||||
use App\Rules\WithoutSpaces;
|
||||
|
||||
class AccountController extends Controller
|
||||
|
|
@ -112,6 +113,7 @@ class AccountController extends Controller
|
|||
new NoUppercase,
|
||||
new IsNotPhoneNumber,
|
||||
new BlacklistedUsername,
|
||||
new SIPUsername,
|
||||
Rule::unique('accounts', 'username')->where(function ($query) use ($request) {
|
||||
$query->where('domain', $this->resolveDomain($request));
|
||||
}),
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ use App\Account;
|
|||
use App\Rules\BlacklistedUsername;
|
||||
use App\Rules\IsNotPhoneNumber;
|
||||
use App\Rules\NoUppercase;
|
||||
use App\Rules\SIPUsername;
|
||||
use App\Rules\WithoutSpaces;
|
||||
|
||||
class CreateAccountRequest extends FormRequest
|
||||
|
|
@ -26,6 +27,7 @@ class CreateAccountRequest extends FormRequest
|
|||
new NoUppercase,
|
||||
new IsNotPhoneNumber,
|
||||
new BlacklistedUsername,
|
||||
new SIPUsername,
|
||||
Rule::unique('accounts', 'username')->where(function ($query) {
|
||||
$query->where('domain', config('app.sip_domain'));
|
||||
}),
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ use App\Account;
|
|||
use App\Rules\BlacklistedUsername;
|
||||
use App\Rules\IsNotPhoneNumber;
|
||||
use App\Rules\NoUppercase;
|
||||
use App\Rules\SIPUsername;
|
||||
use App\Rules\WithoutSpaces;
|
||||
|
||||
class UpdateAccountRequest extends FormRequest
|
||||
|
|
@ -26,6 +27,7 @@ class UpdateAccountRequest extends FormRequest
|
|||
new NoUppercase,
|
||||
new IsNotPhoneNumber,
|
||||
new BlacklistedUsername,
|
||||
new SIPUsername,
|
||||
Rule::unique('accounts', 'username')->where(function ($query) {
|
||||
$query->where('domain', config('app.sip_domain'));
|
||||
})->ignore($this->route('id'), 'id'),
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
/*
|
||||
Flexisip Account Manager is a set of tools to manage SIP accounts.
|
||||
Copyright (C) 2020 Belledonne Communications SARL, All rights reserved.
|
||||
Copyright (C) 2023 Belledonne Communications SARL, All rights reserved.
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as
|
||||
|
|
@ -20,23 +20,17 @@
|
|||
namespace App\Rules;
|
||||
|
||||
use Illuminate\Contracts\Validation\Rule;
|
||||
use Illuminate\Support\Str;
|
||||
use Respect\Validation\Validator;
|
||||
|
||||
class SIP implements Rule
|
||||
class SIPUsername implements Rule
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
public function passes($attribute, $value)
|
||||
{
|
||||
// TODO complete me
|
||||
return Str::contains($value, '@');
|
||||
return Validator::regex('/^[a-z0-9+_.-]*$/')->validate($value);
|
||||
}
|
||||
|
||||
public function message()
|
||||
{
|
||||
return 'The :attribute must be a SIP address.';
|
||||
return 'The :attribute should be a valid SIP username';
|
||||
}
|
||||
}
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
<testsuite name="Feature">
|
||||
<directory suffix="Test.php">./tests/Feature</directory>
|
||||
<!-- Exclude the Message test suite as it relies on the linphone-daemon that can't be mocked for the moment -->
|
||||
<exclude>./tests/Feature/AccountMessageTest.php</exclude>
|
||||
<exclude>./tests/Feature/ApiAccountMessageTest.php</exclude>
|
||||
</testsuite>
|
||||
</testsuites>
|
||||
<php>
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ use App\Admin;
|
|||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Tests\TestCase;
|
||||
|
||||
class AccountActionTest extends TestCase
|
||||
class ApiAccountActionTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
|
|
@ -24,7 +24,7 @@ use Tests\TestCase;
|
|||
|
||||
use App\Password;
|
||||
|
||||
class AccountApiKeyTest extends TestCase
|
||||
class ApiAccountApiKeyTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
|
|
@ -27,7 +27,7 @@ use Illuminate\Foundation\Testing\RefreshDatabase;
|
|||
use Illuminate\Support\Facades\DB;
|
||||
use Tests\TestCase;
|
||||
|
||||
class AccountContactTest extends TestCase
|
||||
class ApiAccountContactTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
|
|
@ -24,7 +24,7 @@ use Tests\TestCase;
|
|||
|
||||
use App\AccountCreationToken;
|
||||
|
||||
class AccountCreationTokenTest extends TestCase
|
||||
class ApiAccountCreationTokenTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
|
|
@ -25,7 +25,7 @@ use Illuminate\Foundation\Testing\RefreshDatabase;
|
|||
use Illuminate\Testing\Fluent\AssertableJson;
|
||||
use Tests\TestCase;
|
||||
|
||||
class AccountMessageTest extends TestCase
|
||||
class ApiAccountMessageTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
|
|
@ -25,7 +25,7 @@ use App\PhoneChangeCode;
|
|||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Tests\TestCase;
|
||||
|
||||
class AccountPhoneChangeTest extends TestCase
|
||||
class ApiAccountPhoneChangeTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
|
|
@ -30,7 +30,7 @@ use Illuminate\Foundation\Testing\RefreshDatabase;
|
|||
|
||||
use Tests\TestCase;
|
||||
|
||||
class AccountApiTest extends TestCase
|
||||
class ApiAccountTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
|
|
@ -97,7 +97,41 @@ class AccountApiTest extends TestCase
|
|||
'password' => '123456',
|
||||
]);
|
||||
|
||||
$response->assertStatus(422);
|
||||
$response->assertJsonValidationErrors(['username']);
|
||||
}
|
||||
|
||||
public function testUsernameNotSIP()
|
||||
{
|
||||
$admin = Admin::factory()->create();
|
||||
$password = $admin->account->passwords()->first();
|
||||
$password->account->generateApiKey();
|
||||
$password->account->save();
|
||||
|
||||
$username = 'blabla🔥';
|
||||
$domain = 'example.com';
|
||||
|
||||
$response = $this->keyAuthenticated($password->account)
|
||||
->json($this->method, $this->route, [
|
||||
'username' => $username,
|
||||
'domain' => $domain,
|
||||
'algorithm' => 'SHA-256',
|
||||
'password' => '123456',
|
||||
]);
|
||||
|
||||
$response->assertJsonValidationErrors(['username']);
|
||||
|
||||
$username = 'blabla hop';
|
||||
$domain = 'example.com';
|
||||
|
||||
$response = $this->keyAuthenticated($password->account)
|
||||
->json($this->method, $this->route, [
|
||||
'username' => $username,
|
||||
'domain' => $domain,
|
||||
'algorithm' => 'SHA-256',
|
||||
'password' => '123456',
|
||||
]);
|
||||
|
||||
$response->assertJsonValidationErrors(['username']);
|
||||
}
|
||||
|
||||
public function testDomain()
|
||||
|
|
@ -27,7 +27,7 @@ use Illuminate\Foundation\Testing\RefreshDatabase;
|
|||
use Illuminate\Support\Facades\DB;
|
||||
use Tests\TestCase;
|
||||
|
||||
class AccountTypeTest extends TestCase
|
||||
class ApiAccountTypeTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
|
|
@ -24,7 +24,7 @@ use App\Password;
|
|||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Tests\TestCase;
|
||||
|
||||
class AuthenticateDigestAndKeyTest extends TestCase
|
||||
class ApiAuthenticationTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
|
|
@ -25,7 +25,7 @@ use App\ExternalAccount;
|
|||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Tests\TestCase;
|
||||
|
||||
class ExternalAccountTest extends TestCase
|
||||
class ApiExternalAccountTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
Loading…
Add table
Reference in a new issue