Fix crash on invalid username in forums import

This commit is contained in:
rubenwardy 2022-01-21 21:20:04 +00:00
parent fe2d08c395
commit 80d534a53f
4 changed files with 18 additions and 10 deletions

@ -26,7 +26,8 @@ from wtforms.validators import *
from app.models import * from app.models import *
from app.tasks.emails import send_verify_email, send_anon_email, send_unsubscribe_verify, send_user_email from app.tasks.emails import send_verify_email, send_anon_email, send_unsubscribe_verify, send_user_email
from app.utils import randomString, make_flask_login_password, is_safe_url, check_password_hash, addAuditLog, nonEmptyOrNone, post_login from app.utils import randomString, make_flask_login_password, is_safe_url, check_password_hash, addAuditLog, \
nonEmptyOrNone, post_login, is_username_valid
from passlib.pwd import genphrase from passlib.pwd import genphrase
from . import bp from . import bp
@ -114,6 +115,10 @@ def handle_register(form):
flash(gettext("Incorrect captcha answer"), "danger") flash(gettext("Incorrect captcha answer"), "danger")
return return
if not is_username_valid(form.username.data):
flash(gettext("Username is invalid"))
return
user_by_name = User.query.filter(or_( user_by_name = User.query.filter(or_(
User.username == form.username.data, User.username == form.username.data,
User.username == form.display_name.data, User.username == form.display_name.data,

@ -18,15 +18,9 @@ from flask_babel import gettext
from . import bp from . import bp
from flask import redirect, render_template, session, request, flash, url_for from flask import redirect, render_template, session, request, flash, url_for
from app.models import db, User, UserRank from app.models import db, User, UserRank
from app.utils import randomString, login_user_set_active from app.utils import randomString, login_user_set_active, is_username_valid
from app.tasks.forumtasks import checkForumAccount from app.tasks.forumtasks import checkForumAccount
from app.utils.phpbbparser import getProfile from app.utils.phpbbparser import getProfile
import re
def check_username(username):
return username is not None and len(username) >= 2 and re.match("^[A-Za-z0-9._-]*$", username)
@bp.route("/user/claim/", methods=["GET", "POST"]) @bp.route("/user/claim/", methods=["GET", "POST"])
@ -42,7 +36,7 @@ def claim_forums():
else: else:
method = request.args.get("method") method = request.args.get("method")
if not check_username(username): if not is_username_valid(username):
flash(gettext("Invalid username - must only contain A-Za-z0-9._. Consider contacting an admin"), "danger") flash(gettext("Invalid username - must only contain A-Za-z0-9._. Consider contacting an admin"), "danger")
return redirect(url_for("users.claim_forums")) return redirect(url_for("users.claim_forums"))
@ -67,7 +61,7 @@ def claim_forums():
ctype = request.form.get("claim_type") ctype = request.form.get("claim_type")
username = request.form.get("username") username = request.form.get("username")
if not check_username(username): if not is_username_valid(username):
flash(gettext("Invalid username - must only contain A-Za-z0-9._. Consider contacting an admin"), "danger") flash(gettext("Invalid username - must only contain A-Za-z0-9._. Consider contacting an admin"), "danger")
elif ctype == "github": elif ctype == "github":
task = checkForumAccount.delay(username) task = checkForumAccount.delay(username)

@ -18,6 +18,7 @@
import json, re, sys import json, re, sys
from app.models import * from app.models import *
from app.tasks import celery from app.tasks import celery
from app.utils import is_username_valid
from app.utils.phpbbparser import getProfile, getTopicsFromForum from app.utils.phpbbparser import getProfile, getTopicsFromForum
import urllib.request import urllib.request
@ -137,6 +138,9 @@ def importTopicList():
if user: if user:
return user return user
if not is_username_valid(username):
return None
user = User.query.filter_by(forums_username=username).first() user = User.query.filter_by(forums_username=username).first()
if user is None: if user is None:
user = User.query.filter_by(username=username).first() user = User.query.filter_by(username=username).first()

@ -19,11 +19,16 @@ import secrets
from .flask import * from .flask import *
from .models import * from .models import *
from .user import * from .user import *
import re
YESES = ["yes", "true", "1", "on"] YESES = ["yes", "true", "1", "on"]
def is_username_valid(username):
return username is not None and len(username) >= 2 and re.match(r"^[A-Za-z0-9._-]*$", username)
def isYes(val): def isYes(val):
return val and val.lower() in YESES return val and val.lower() in YESES