Fix cases where alias and username can both be phone numbers but different

Update the views and add a test for FlexiAPI Update the dependencies
2026-01-17 01:58:07 +00:00 · 2022-03-07 14:11:09 +01:00 · 2022-03-07 14:11:09 +01:00 · 88e2e049c4
commit 88e2e049c4
parent dfd1afcb81
13 changed files with 520 additions and 300 deletions
--- a/flexiapi/app/Http/Controllers/Account/RegisterController.php
+++ b/flexiapi/app/Http/Controllers/Account/RegisterController.php
@ -30,11 +30,12 @@ use Carbon\Carbon;
 use App\Account;
 use App\Alias;
 use App\Rules\WithoutSpaces;
+use App\Rules\IsNotPhoneNumber;
+use App\Rules\NoUppercase;
 use App\Helpers\Utils;
 use App\Libraries\OvhSMS;
 use App\Mail\RegisterConfirmation;
 use App\Mail\NewsletterRegistration;
-use App\Rules\NoUppercase;

 class RegisterController extends Controller
 {
@ -78,7 +79,8 @@ class RegisterController extends Controller
                    $query->where('domain', config('app.sip_domain'));
                }),
                'filled',
-                new WithoutSpaces
+                new WithoutSpaces,
+                new IsNotPhoneNumber,
            ],
            'g-recaptcha-response'  => 'required|captcha',
            'email' => 'required|email|confirmed'
@ -123,7 +125,8 @@ class RegisterController extends Controller
                    $query->where('domain', config('app.sip_domain'));
                }),
                'nullable',
-                new WithoutSpaces
+                new WithoutSpaces,
+                new IsNotPhoneNumber,
            ],
            'phone' => [
                'required', 'unique:aliases,alias',
--- a/flexiapi/app/Http/Controllers/Api/AccountController.php
+++ b/flexiapi/app/Http/Controllers/Api/AccountController.php
@ -31,6 +31,7 @@ use App\Account;
 use App\AccountTombstone;
 use App\Token;
 use App\Http\Controllers\Account\AuthenticateController as WebAuthenticateController;
+use App\Rules\IsNotPhoneNumber;
 use App\Rules\NoUppercase;

 class AccountController extends Controller
@ -54,6 +55,7 @@ class AccountController extends Controller
            'username' => [
                'required',
                new NoUppercase,
+                new IsNotPhoneNumber,
                Rule::unique('accounts', 'username')->where(function ($query) use ($request) {
                    $query->where('domain', $request->has('domain') && config('app.everyone_is_admin') && config('app.admins_manage_multi_domains')
                                                ? $request->get('domain')
--- a/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php
+++ b/flexiapi/app/Http/Controllers/Api/Admin/AccountController.php
@ -33,6 +33,8 @@ use App\ActivationExpiration;
 use App\Admin;
 use App\Alias;
 use App\Http\Controllers\Account\AuthenticateController as WebAuthenticateController;
+use App\Rules\IsNotPhoneNumber;
+use App\Rules\NoUppercase;
 use App\Rules\WithoutSpaces;

 class AccountController extends Controller
@ -95,6 +97,8 @@ class AccountController extends Controller
        $request->validate([
            'username' => [
                'required',
+                new NoUppercase,
+                new IsNotPhoneNumber,
                Rule::unique('accounts', 'username')->where(function ($query) use ($request) {
                    $query->where('domain', $request->has('domain') && config('app.admins_manage_multi_domains')
                                                ? $request->get('domain')
--- a/flexiapi/app/Rules/IsNotPhoneNumber.php
+++ b/flexiapi/app/Rules/IsNotPhoneNumber.php
@ -0,0 +1,19 @@
+<?php
+
+namespace App\Rules;
+
+use Illuminate\Contracts\Validation\Rule;
+use Respect\Validation\Validator;
+
+class IsNotPhoneNumber implements Rule
+{
+    public function passes($attribute, $value): bool
+    {
+        return (Validator::not(Validator::phone())->not(Validator::startsWith('+'))->noWhitespace()->validate($value));
+    }
+
+    public function message()
+    {
+        return 'The :attribute should not be a phone number';
+    }
+}
--- a/flexiapi/composer.json
+++ b/flexiapi/composer.json
@ -18,7 +18,8 @@
        "laravelcollective/html": "^6.2",
        "ovh/ovh": "^2.0",
        "parsedown/laravel": "^1.2",
-        "react/socket": "^1.10"
+        "react/socket": "^1.10",
+        "respect/validation": "^2.2"
    },
    "require-dev": {
        "barryvdh/laravel-debugbar": "^3.6",
--- a/flexiapi/composer.lock
+++ b/flexiapi/composer.lock
--- a/flexiapi/public/css/bootstrap.min.css
+++ b/flexiapi/public/css/bootstrap.min.css
--- a/flexiapi/resources/views/account/register/email.blade.php
+++ b/flexiapi/resources/views/account/register/email.blade.php
@ -16,7 +16,7 @@
            <span class="input-group-text" id="basic-addon2">{{ $domain }}</span>
        </div>
    </div>
-    <small class="form-text text-muted mb-3">Capital letters are not allowed</small>
+    <small class="form-text text-muted mb-3">Shoudn't be a phone number. Capital letters are not allowed.</small>
 </div>

 <hr />
--- a/flexiapi/resources/views/account/register/phone.blade.php
+++ b/flexiapi/resources/views/account/register/phone.blade.php
@ -21,7 +21,7 @@
            <span class="input-group-text" id="basic-addon2">{{ $domain }}</span>
        </div>
    </div>
-    <small class="form-text text-muted mb-3">Capital letters are not allowed</small>
+    <small class="form-text text-muted mb-3">Shoudn't be a phone number. Capital letters are not allowed.</small>
 </div>

@include('parts.terms')
--- a/flexiapi/resources/views/layouts/base.blade.php
+++ b/flexiapi/resources/views/layouts/base.blade.php
@ -6,7 +6,7 @@
        <meta name="viewport" content="width=device-width, initial-scale=1">

        <title>{{ config('app.name') }}</title>
-        <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
+        <link rel="stylesheet" href="{{ asset('css/bootstrap.min.css') }}" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
        @if (config('instance.custom_theme'))
            @if (file_exists(public_path('css/'.config('app.env').'.style.css')))
                <link rel="stylesheet" type="text/css" href="{{ asset('css/'.config('app.env').'.style.css') }}" >
--- a/flexiapi/tests/Feature/AccountApiTest.php
+++ b/flexiapi/tests/Feature/AccountApiTest.php
@ -88,6 +88,27 @@ class AccountApiTest extends TestCase
            ]);
    }

+    public function testUsernameNotPhone()
+    {
+        $admin = Admin::factory()->create();
+        $password = $admin->account->passwords()->first();
+        $password->account->generateApiKey();
+        $password->account->save();
+
+        $username = '+33612121212';
+        $domain = 'example.com';
+
+        $response = $this->keyAuthenticated($password->account)
+        ->json($this->method, $this->route, [
+            'username' => $username,
+            'domain' => $domain,
+            'algorithm' => 'SHA-256',
+            'password' => '123456',
+        ]);
+
+        $response->assertStatus(422);
+    }
+
    public function testDomain()
    {
        $configDomain = 'sip.domain.com';
--- a/flexisip-account-manager.spec
+++ b/flexisip-account-manager.spec
@ -8,7 +8,7 @@
 #%define _datadir           %{_datarootdir}
 #%define _docdir            %{_datadir}/doc

-%define build_number 131
+%define build_number 132
 %define var_dir /var/opt/belledonne-communications
 %define opt_dir /opt/belledonne-communications/share/flexisip-account-manager

--- a/src/xmlrpc/accounts_phone.php
+++ b/src/xmlrpc/accounts_phone.php
@ -53,6 +53,10 @@ function xmlrpc_create_phone_account($method, $args)
        return ALGO_NOT_SUPPORTED;
    }

+    if (startswith($user, "+") && $user != $phone) {
+        return ALIAS_DOESNT_MATCH;
+    }
+
    if (!check_parameter($user)) {
        $user = $phone;
    }